Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add PKCE support to the openid-connect plugin #7370

Merged
merged 8 commits into from
Jul 6, 2022
Merged

feat: add PKCE support to the openid-connect plugin #7370

merged 8 commits into from
Jul 6, 2022

Conversation

qihaiyan
Copy link
Contributor

@qihaiyan qihaiyan commented Jul 2, 2022
edited
Loading

Description

As a User, I want to be able to use oAuth2 with PKCE

Fixes #7052

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@qihaiyan qihaiyan changed the title Fix 7052 feat: add PKCE support to the openid-connect plugin Jul 3, 2022
spacewander
spacewander reviewed Jul 3, 2022
View reviewed changes
Copy link
Member

@spacewander spacewander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's refer to:
https://github.com/apache/apisix/blob/master/docs/en/latest/internal/testing-framework.md
https://github.com/zmartzone/lua-resty-openidc/blob/b07330120ffe54dd3fbeac247726b76d0f9dc793/tests/spec/pkce_spec.lua#L21
and write the test for this feature.

docs/en/latest/plugins/openid-connect.md Outdated Show resolved Hide resolved
@soulbird
Copy link
Contributor

soulbird commented Jul 4, 2022

Need more test cases to show the effect of use_pkce set to true and false.

@qihaiyan
Copy link
Contributor Author

qihaiyan commented Jul 5, 2022
edited
Loading

# Failed test 't/plugin/openid-connect.t TEST 9: Access route w/o bearer token and go through the full OIDC Relying Party authentication process. - pattern "[error]" should not match any line in error.log but matches line "2022/07/04 20:45:31 [error] 2009\#2009: *32 [lua] openid-connect.lua:315: phase_func(): OIDC authentication failed: accessing discovery url (http://127.0.0.1:8090/auth/realms/University/.well-known/openid-configuration) failed: connection refused, client: 127.0.0.1, server: localhost, request: \"GET /uri HTTP/1.1\", host: \"127.0.0.1:1984\"" (req 0)

why this error occurs when i run the openid-connect.t unit test, how to resolve it? @spacewander

@tzssangglass
Copy link
Member

hi @qihaiyan ,pls merge master branch to your develop branch and fix resolve conflics.

@spacewander
Copy link
Member

# Failed test 't/plugin/openid-connect.t TEST 9: Access route w/o bearer token and go through the full OIDC Relying Party authentication process. - pattern "[error]" should not match any line in error.log but matches line "2022/07/04 20:45:31 [error] 2009\#2009: *32 [lua] openid-connect.lua:315: phase_func(): OIDC authentication failed: accessing discovery url (http://127.0.0.1:8090/auth/realms/University/.well-known/openid-configuration) failed: connection refused, client: 127.0.0.1, server: localhost, request: \"GET /uri HTTP/1.1\", host: \"127.0.0.1:1984\"" (req 0)

why this error occurs when i run the openid-connect.t unit test, how to resolve it? @spacewander

I am glad to see your question has been answered in #7052.

@qihaiyan
Copy link
Contributor Author

qihaiyan commented Jul 5, 2022

Let's refer to: https://github.com/apache/apisix/blob/master/docs/en/latest/internal/testing-framework.md https://github.com/zmartzone/lua-resty-openidc/blob/b07330120ffe54dd3fbeac247726b76d0f9dc793/tests/spec/pkce_spec.lua#L21 and write the test for this feature.

TEST 30 and TEST 31 are added to ut. @spacewander @soulbird

@qihaiyan qihaiyan closed this Jul 6, 2022
@qihaiyan qihaiyan reopened this Jul 6, 2022
@spacewander spacewander merged commit 6157037 into apache:master Jul 6, 2022
@qihaiyan qihaiyan deleted the fix-7052 branch July 7, 2022 08:01
Liu-Junlin pushed a commit to Liu-Junlin/apisix that referenced this pull request Nov 4, 2022
@qihaiyan @Liu-Junlin
feat: add PKCE support to the openid-connect plugin (apache#7370)
cf96c13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tzssangglass tzssangglass tzssangglass approved these changes

@soulbird soulbird soulbird approved these changes

@spacewander spacewander spacewander approved these changes

@tao12345666333 tao12345666333 tao12345666333 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: As a User, I want to be able to use oAuth2 with PKCE
5 participants
@qihaiyan @soulbird @tzssangglass @spacewander @tao12345666333