Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update OIDC DefaultTokenStateManager to support the token encryption #23557

Merged
merged 1 commit into from
Feb 10, 2022

Conversation

sberyozkin
Copy link
Member

Fix #23373

This PR does a simple update to DefaultTokenStateManager to optionally encrypt the tokens before storing as the session cookie values and decrypt them if the encryption was requested. Update the tests, one of them now decrypts them, and the endpoint code also does a basic check that they contain 5 parts (=> JWE-encrypted), while the id/access/rt token injection still works

CC @debu999

@sberyozkin sberyozkin force-pushed the oidc_encrypt_session_tokens branch from 7c296ee to 6a8ccb7 Compare February 10, 2022 19:51
@sberyozkin
Copy link
Member Author

Hey Pedro @pedroigor This encKey is also now precalculated and its length checked similarly to the pkce key, thanks

@sberyozkin sberyozkin merged commit 15b26c9 into quarkusio:main Feb 10, 2022
@quarkus-bot quarkus-bot bot added this to the 2.8 - main milestone Feb 10, 2022
@sberyozkin sberyozkin deleted the oidc_encrypt_session_tokens branch February 10, 2022 22:26
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Feb 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Quarkus OIDC session cookie encryption support
2 participants