Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implemented the DPoP token exchange #411

Merged
merged 12 commits into from
Oct 13, 2020
Merged

Implemented the DPoP token exchange #411

merged 12 commits into from
Oct 13, 2020

Conversation

NSeydoux
Copy link
Contributor

This implements the OAuth2 code exchange step: after an auth code has been returned by the IdP through redirection, the client can use the obtained auth code to get an access token. If the request has a DPoP header, the returned token is bound to the DPoP key.

  • All acceptance criteria are met.
  • New functions/types have been exported in index.ts, if applicable.
  • Commits in this PR are minimal and have descriptive commit messages.

@NSeydoux NSeydoux requested review from Vinnl and pmcb55 October 12, 2020 11:00
@codesandbox-ci
Copy link

codesandbox-ci bot commented Oct 12, 2020
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 77e1054:

Sandbox Source
solid-client-auth-browser-demo Configuration

Vinnl
Vinnl approved these changes Oct 12, 2020
View reviewed changes
Copy link
Contributor

@Vinnl Vinnl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very clear code, good job 👍

packages/oidc-dpop-client-browser/src/dpop/tokenExchange.spec.ts Outdated Show resolved Hide resolved
packages/oidc-dpop-client-browser/src/dpop/tokenExchange.spec.ts Show resolved Hide resolved
packages/oidc-dpop-client-browser/src/dpop/tokenExchange.spec.ts Outdated Show resolved Hide resolved
packages/oidc-dpop-client-browser/src/dpop/tokenExchange.spec.ts Show resolved Hide resolved
packages/oidc-dpop-client-browser/src/dpop/tokenExchange.spec.ts Outdated Show resolved Hide resolved
packages/oidc-dpop-client-browser/src/dpop/tokenExchange.ts Show resolved Hide resolved
Base automatically changed from feat/dpop/cleanup to 1.x October 12, 2020 12:27
@NSeydoux
Implemented the DPoP token exchange
204f15f 
This implements the OAuth2 code exchange step: after an auth code has been returned by the IdP through redirection, the client can use the obtained auth code to get an access token. If the request has a DPoP header, the returned token is bound to the DPoP key.
@NSeydoux NSeydoux force-pushed the feat/dpop/request-token branch from 9d03825 to 204f15f Compare October 12, 2020 12:35
@vercel vercel bot temporarily deployed to Preview October 12, 2020 12:35 Inactive
@vercel vercel bot temporarily deployed to Preview October 12, 2020 13:09 Inactive
@vercel vercel bot temporarily deployed to Preview October 12, 2020 13:13 Inactive
@NSeydoux
remove redundant JWK initialization
f3b0e84 
The mockJwk reference is unefined when setting up the mock, but the mockJwk() function is defined when *calling* the mock. Thanks @Vinnl !
@vercel vercel bot temporarily deployed to Preview October 12, 2020 13:54 Inactive
@vercel vercel bot temporarily deployed to Preview October 12, 2020 16:24 Inactive
@NSeydoux
Removed dependency to core module
bf8dd3e 
The oidc module is independant from solid, so it should not depend on the core module, which is meant to be solid-specific. this implies some redundancy in the types implemented in both places, but that means that these types may evolve independantly, while still getting errors in case of incompatibility, which is a good thing.
@NSeydoux
Added token_type verification
cb9ec0b 
The endpoint returns a token_type field, which can be used to verify that the token is of the requested type (Bearer or DPoP)
@NSeydoux
Temporarily revert jest import
32f7dfe 
Importing jest requires to change the jest config, so all the modules should be updated.
@vercel vercel bot temporarily deployed to Preview October 13, 2020 06:32 Inactive
pmcb55
pmcb55 approved these changes Oct 13, 2020
View reviewed changes
Copy link
Contributor

@pmcb55 pmcb55 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - just minor comments, and a question on the Basic Auth issue.

@vercel vercel bot temporarily deployed to Preview October 13, 2020 13:30 Inactive
@vercel vercel bot temporarily deployed to Preview October 13, 2020 13:54 Inactive
@NSeydoux NSeydoux merged commit 66b8839 into 1.x Oct 13, 2020
@NSeydoux NSeydoux deleted the feat/dpop/request-token branch October 13, 2020 14:09
NSeydoux added a commit that referenced this pull request Oct 13, 2020
@NSeydoux @Vinnl
Implemented the DPoP token exchange (#411)
34c6d48 
- This implements the OAuth2 code exchange step: after an auth code has been returned by the IdP through redirection, the client can use the obtained auth code to get an access token. If the request has a DPoP header, the returned token is bound to the DPoP key.
- The mockJwk reference is unefined when setting up the mock, but the mockJwk() function is defined when *calling* the mock. Thanks @Vinnl !
- The oidc module is independant from solid, so it should not depend on the core module, which is meant to be solid-specific. this implies some redundancy in the types implemented in both places, but that means that these types may evolve independantly, while still getting errors in case of incompatibility, which is a good thing.
- The endpoint returns a token_type field, which can be used to verify that the token is of the requested type (Bearer or DPoP)

Co-authored-by: Vincent <[email protected]>
NSeydoux added a commit that referenced this pull request Oct 21, 2020
@NSeydoux @Vinnl
Implemented the DPoP token exchange (#411)
4dd0ef5 
- This implements the OAuth2 code exchange step: after an auth code has been returned by the IdP through redirection, the client can use the obtained auth code to get an access token. If the request has a DPoP header, the returned token is bound to the DPoP key.
- The mockJwk reference is unefined when setting up the mock, but the mockJwk() function is defined when *calling* the mock. Thanks @Vinnl !
- The oidc module is independant from solid, so it should not depend on the core module, which is meant to be solid-specific. this implies some redundancy in the types implemented in both places, but that means that these types may evolve independantly, while still getting errors in case of incompatibility, which is a good thing.
- The endpoint returns a token_type field, which can be used to verify that the token is of the requested type (Bearer or DPoP)

Co-authored-by: Vincent <[email protected]>
NSeydoux added a commit that referenced this pull request Oct 21, 2020
@NSeydoux @Vinnl
Implemented the DPoP token exchange (#411)
f0af032 
- This implements the OAuth2 code exchange step: after an auth code has been returned by the IdP through redirection, the client can use the obtained auth code to get an access token. If the request has a DPoP header, the returned token is bound to the DPoP key.
- The mockJwk reference is unefined when setting up the mock, but the mockJwk() function is defined when *calling* the mock. Thanks @Vinnl !
- The oidc module is independant from solid, so it should not depend on the core module, which is meant to be solid-specific. this implies some redundancy in the types implemented in both places, but that means that these types may evolve independantly, while still getting errors in case of incompatibility, which is a good thing.
- The endpoint returns a token_type field, which can be used to verify that the token is of the requested type (Bearer or DPoP)

Co-authored-by: Vincent <[email protected]>
@nicolasmondada nicolasmondada mentioned this pull request Oct 29, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acoburn acoburn acoburn left review comments

@Vinnl Vinnl Vinnl approved these changes

@pmcb55 pmcb55 pmcb55 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@NSeydoux @Vinnl @pmcb55 @acoburn