-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#5799 Use custom idp token for enterprise server authentication if special jwt is stored in local store #5802
Conversation
…ecial jwt is stored in local store
@sosnovsky Custom IDP id_token is now also used in EKM. |
By the way, are fes/ekm apis ready to accept custom idp id_tokens instead of google id_token? |
It's possible to configure custom IdP in Enterprise Service, but our documentation mentions that only Google is supported for end-users (https://flowcrypt.com/docs/technical/enterprise/configuration/authentication.html). Need to check if it works with custom IdP or some changes are needed for Enterprise Server too |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works great! I was able to test setup with local FES and Auth0 IdP 🚀
…re-it-should-be-used-for-enterprise-server-authentication-instead-of-google-jwt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well done 👍
@sosnovsky Have you checked FES side if it's ready to accept custom IDP id_tokens? |
How do you plan to support it? |
I configured custom IdP (Auth0) in local Enterprise Server and tested EKM requests (for saving and retrieving private key) - they work well.
Custom IdP id tokens will be used only by new customers who will have IdP configuration, our existing customers will continue to use Google id tokens, this change shouldn't affect them. In ES configuration we set properties for user IdP (by default it's Google IdP) (https://flowcrypt.com/docs/technical/enterprise/configuration/authentication.html#end-user-properties-for-fes-and-ekm), so depending on this configuration properties ES will know which IdP should be used for verifying received tokens. |
Aha, I see |
This PR implemented functionality to use custom idp token for enterprise server authentication if special jwt is stored in local store
close #5799 // if this PR closes an issue
Tests (delete all except exactly one):
To be filled by reviewers
I have reviewed that this PR... (tick whichever items you personally focused on during this review):