Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
[Security] Add OidcUserInfoTokenHandler and OidcUser#48272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
fabpot merged 1 commit intosymfony:6.3fromvincentchalamon:feat/oidc-access-token-handlerApr 14, 2023
Merged
[Security] Add OidcUserInfoTokenHandler and OidcUser#48272
fabpot merged 1 commit intosymfony:6.3fromvincentchalamon:feat/oidc-access-token-handlerApr 14, 2023
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Feature freeze started 1.5 months ago, so this will be part of 6.3 :) |
Hi@wouterj, is there any 6.3, master or main branch for it? |
Member
wouterj commentedNov 21, 2022 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
No, for now the focus is on stabilizing Symfony 6.2 before the release. A 6.3 branch will be created once we're in RC phase for 6.2. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
👏 Bravo: Excellent idea!
🥜 Nitpick: It is a good start. I just have a couple of remarks.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
chalasr requested changesNov 22, 2022
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Core/Exception/InvalidOidcUserException.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/AccessToken/OidcAccessTokenHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
#48285 should make the overall design fit best here and avoid the need for an event. |
4 tasks
e7644e7 toe1caab1CompareThank you@vincentchalamon. |
d34f877 to99a35f0Comparejaviereguiluz added a commit to symfony/symfony-docs that referenced this pull requestMay 10, 2023
…r_info` (vincentchalamon)This PR was squashed before being merged into the 6.3 branch.Discussion----------[Security] Document `access_token.token_handler.oidc_user_info`Refssymfony/symfony#48272- [x] document `oidc_user_info` token handler- [x] document `oidc` token handlerCommits-------5b53159 [Security] Document `access_token.token_handler.oidc_user_info`
Closed
Spomky added a commit to Spomky/symfony that referenced this pull requestJul 13, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestJul 14, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 25, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestDec 26, 2024
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestJan 5, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestJan 5, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestJan 5, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestJan 18, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestFeb 7, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
Spomky added a commit to Spomky/symfony that referenced this pull requestFeb 13, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
fabpot pushed a commit to Spomky/symfony that referenced this pull requestFeb 26, 2025
In addition to the excellent work of@vincentchalamonsymfony#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.
fabpot added a commit that referenced this pull requestFeb 26, 2025
…omky)This PR was merged into the 7.3 branch.Discussion----------[Security] OAuth2 Introspection Endpoint (RFC7662)| Q | A| ------------- | ---| Branch? | 7.3| Bug fix? | no| New feature? | yes| Deprecations? | no| Tickets | none| License | MIT| Doc PR | symfony/symfony-docs#[**TODO**]In addition to the excellent work of `@vincentchalamon`#48272, this PR allows getting the data from the OAuth2 Introspection Endpoint. This endpoint is defined in the [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662). It returns the following information that is used to retrieve the user:* If the access token is active* A set of claims that are similar to the OIDC one, including the `sub` or the `username`.Example of configuration:```yamlframework: http_client: scoped_clients: oauth2.client: base_uri: 'https://authorization-server.example.com/introspection' scope: 'https://authorization-server\.example\.com' headers: Authorization: 'Basic Y2xpZW50OnBhc3N3b3Jk' # Introspection Endpoint usually requires client authenticationsecurity: firewalls: main: pattern: ^/ access_token: token_handler: oauth2: ~ token_extractors: 'header' realm: 'My API'```Commits-------e68726f [Security] OAuth2 Introspection Endpoint (RFC7662)
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Hi,
This PR aims to completethe previous one from@Spomky with an AccessTokenHandler ready-to-use with an OIDC server (Keycloak, Auth0).
TODO
access_token.token_handler.oidc_user_infosymfony-docs#17463)Update doc PR about OidcUserProvider usage(abandonned)Usage