Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] Documentaccess_token.token_handler.oidc_user_info#17463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
javiereguiluz merged 1 commit intosymfony:6.3fromvincentchalamon:feat/security/access-token-handler-factory
May 10, 2023
Merged

[Security] Documentaccess_token.token_handler.oidc_user_info#17463

javiereguiluz merged 1 commit intosymfony:6.3fromvincentchalamon:feat/security/access-token-handler-factory
May 10, 2023

Conversation

vincentchalamon
Copy link
Contributor

@vincentchalamonvincentchalamon commentedNov 25, 2022
edited
Loading

Refssymfony/symfony#48272

  • documentoidc_user_info token handler
  • documentoidc token handler

@carsonbotcarsonbot added this to the6.2 milestoneNov 25, 2022
@vincentchalamonvincentchalamon changed the base branch from6.2 to6.3November 25, 2022 13:40
@wouterjwouterj modified the milestones:6.2,nextNov 26, 2022
@OskarStarkOskarStark changed the title[Security] Document access_token.token_handler.oidc_user_info[Security] Documentaccess_token.token_handler.oidc_user_infoNov 28, 2022
@OskarStarkOskarStark added the Waiting Code MergeDocs for features pending to be merged labelNov 28, 2022
@vincentchalamonvincentchalamon marked this pull request as draftFebruary 15, 2023 07:56
@vincentchalamonvincentchalamon marked this pull request as ready for reviewFebruary 15, 2023 08:48
@carsonbotcarsonbot modified the milestones:next,6.3Feb 15, 2023
@xabbuhxabbuh modified the milestones:6.3,nextFeb 16, 2023
Copy link
Contributor

@OskarStarkOskarStark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Versionadded directive is missing

vincentchalamon reacted with thumbs up emoji
fabpot added a commit to symfony/symfony that referenced this pull requestApr 14, 2023
…vincentchalamon)This PR was squashed before being merged into the 6.3 branch.Discussion----------[Security] Add OidcUserInfoTokenHandler and OidcUser| Q             | A| ------------- | ---| Branch?       | 6.3| Bug fix?      | no| New feature?  | yes| Deprecations? | no| Tickets       | N/A| License       | MIT| Doc PR        |symfony/symfony-docs#17463Hi,This PR aims to complete [the previous one](#46428) from `@Spomky` with an AccessTokenHandler ready-to-use with an OIDC server (Keycloak, Auth0).## TODO- [x] Rebase from 6.3- [x] Rebase from#48285- [x] Rebase from#48594- [x] Write doc (symfony/symfony-docs#17463)- [x] Add TokenHandlerFactory- [x] Add ServiceTokenHandlerFactory for BC layer- [x] Add OidcUserInfoTokenHandlerFactory- [x] Add OidcTokenHandlerFactory (using web-token/jwt-*)- [x] Implement OidcUser to keep user claims from OIDC server- [x] Update doc PR about claims usage in a custom UserProvider- [x] ~Update doc PR about OidcUserProvider usage~ (abandonned)## Usage```yaml# usage with a custom clientsecurity:    firewalls:        main:            pattern: ^/            access_token:                token_handler:                    oidc_user_info:                        client: oidc.client``````yaml# usage with generic HttpClientsecurity:    firewalls:        main:            pattern: ^/            access_token:                token_handler:                    oidc_user_info:                        claim: email                        client:                            base_uri:https://www.example.com/realms/demo/protocol/openid-connect/userinfo``````yaml# usage with token decode (no call to OIDC server)security:    firewalls:        main:            pattern: ^/            access_token:                token_handler:                    oidc:                        signature:                            # Algorithm used to sign the JWS                            algorithm: 'HS256'                            # A JSON-encoded JWK                            key: '{"kty":"...","k":"..."}'``````php# usage with a custom UserProviderclass CustomUserProvider implements UserProviderInterface{    public function loadUserByIdentifier(string $identifier, array $claims = []): UserInterface    {        // do some magic    }}```Commits-------99a35f0 [Security] Add OidcUserInfoTokenHandler and OidcUser
symfony-splitter pushed a commit to symfony/security-bundle that referenced this pull requestApr 14, 2023
…vincentchalamon)This PR was squashed before being merged into the 6.3 branch.Discussion----------[Security] Add OidcUserInfoTokenHandler and OidcUser| Q             | A| ------------- | ---| Branch?       | 6.3| Bug fix?      | no| New feature?  | yes| Deprecations? | no| Tickets       | N/A| License       | MIT| Doc PR        |symfony/symfony-docs#17463Hi,This PR aims to complete [the previous one](symfony/symfony#46428) from `@Spomky` with an AccessTokenHandler ready-to-use with an OIDC server (Keycloak, Auth0).## TODO- [x] Rebase from 6.3- [x] Rebase from #48285- [x] Rebase from #48594- [x] Write doc (symfony/symfony-docs#17463)- [x] Add TokenHandlerFactory- [x] Add ServiceTokenHandlerFactory for BC layer- [x] Add OidcUserInfoTokenHandlerFactory- [x] Add OidcTokenHandlerFactory (using web-token/jwt-*)- [x] Implement OidcUser to keep user claims from OIDC server- [x] Update doc PR about claims usage in a custom UserProvider- [x] ~Update doc PR about OidcUserProvider usage~ (abandonned)## Usage```yaml# usage with a custom clientsecurity:    firewalls:        main:            pattern: ^/            access_token:                token_handler:                    oidc_user_info:                        client: oidc.client``````yaml# usage with generic HttpClientsecurity:    firewalls:        main:            pattern: ^/            access_token:                token_handler:                    oidc_user_info:                        claim: email                        client:                            base_uri:https://www.example.com/realms/demo/protocol/openid-connect/userinfo``````yaml# usage with token decode (no call to OIDC server)security:    firewalls:        main:            pattern: ^/            access_token:                token_handler:                    oidc:                        signature:                            # Algorithm used to sign the JWS                            algorithm: 'HS256'                            # A JSON-encoded JWK                            key: '{"kty":"...","k":"..."}'``````php# usage with a custom UserProviderclass CustomUserProvider implements UserProviderInterface{    public function loadUserByIdentifier(string $identifier, array $claims = []): UserInterface    {        // do some magic    }}```Commits-------99a35f0fc3 [Security] Add OidcUserInfoTokenHandler and OidcUser
@OskarStarkOskarStark removed the Waiting Code MergeDocs for features pending to be merged labelApr 14, 2023
@OskarStarkOskarStark removed this from thenext milestoneApr 14, 2023
@OskarStarkOskarStark added this to the6.3 milestoneApr 14, 2023
@chalasr
Copy link
Member

This should probably mention the additional dependency that is needed to use the OIDCTokenHandler (applies to the blogpost too)

vincentchalamon reacted with thumbs up emoji

Copy link
Member

@chalasrchalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thanks for taking care of documenting the feature. Some suggestions

@javiereguiluzjaviereguiluz merged commit9193745 intosymfony:6.3May 10, 2023
@javiereguiluz
Copy link
Member

Vincent, this was a really great contribution. Thanks a lot ... and thanks to reviewers too!

vincentchalamon and chalasr reacted with heart emoji

@vincentchalamonvincentchalamon deleted the feat/security/access-token-handler-factory branchMay 10, 2023 16:06
@cifren
Copy link

cifren commentedJun 7, 2023
edited
Loading

Hi, I am not sure where I should put that, but it seems that the documentation is not up to date.

I will do the list here

  • The property 'signature' gives an error that it does not exist
  • The properties 'audience', 'claim' are required but the documentation says option, 'issuers' is not even mentionned but required.
  • The property 'algorithm' says it can't accept anything that is not 'ES', but the documentation does not say anything about it and even shows an example with 'HS256'

I haven't got on this because I am going to the change my code for a handler, so I might miss some other stuff.

Thank you for the improvement though.

Seehttps://github.com/symfony/symfony/blob/v6.3.0/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php

@vincentchalamon
Copy link
ContributorAuthor

@cifren see#18354

cifren reacted with thumbs up emoji

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@chalasrchalasrchalasr approved these changes

@wouterjwouterjAwaiting requested review from wouterj

@OskarStarkOskarStarkAwaiting requested review from OskarStark

Assignees
No one assigned
Projects
None yet
Milestone
6.3
Development

Successfully merging this pull request may close these issues.

8 participants
@vincentchalamon@chalasr@javiereguiluz@cifren@OskarStark@wouterj@xabbuh@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp