Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor refactoring of OIDC DefaultTokenStateManager #45302

Merged
merged 1 commit into from
Dec 28, 2024
Merged

Minor refactoring of OIDC DefaultTokenStateManager #45302

merged 1 commit into from
Dec 28, 2024

Conversation

sberyozkin
Copy link
Member

@sberyozkin sberyozkin commented Dec 27, 2024
edited
Loading

This PR is the first preparation PR for addressing #32109 (and #45093).

Let me clarify. OIDC DefaultTokenStateManager, by default, stores 3 tokens, ID, access, and refresh tokens as an encrypted cookie value:

  1. Cookies are concatenated: ID token | access token | refresh token
  2. This combined string is encrypted and it becomes a session cookie value.

But there are variations: storing the access and refresh tokens is optional , and also if token values are huge, each of these tokens can be represented by an individual cookie.

As far as #32109 is concerned, storing an additional property becomes very hard.

So this PR starts with restructuring a bit the way OIDC DefaultTokenStateManager currently deals with storing tokens in cookies and getting them out of cookies, and adds quite a few comments to make it clearer what is going on. Not a single piece of logic has changed.

I did it so that it could be easier to follow the changes in the planned second preparation PR, where tokens will be stored in JSON, which will make it much easier to deal with multiple tokens and some extra properties.

Also, FYI, @pedroigor @michalvavrik

@sberyozkin sberyozkin requested a review from gastaldi December 27, 2024 19:00
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Dec 27, 2024
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit abed24b.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

gastaldi
gastaldi approved these changes Dec 27, 2024
View reviewed changes
Copy link
Contributor

@gastaldi gastaldi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sberyozkin sberyozkin merged commit 283659c into quarkusio:main Dec 28, 2024
23 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.18 - main milestone Dec 28, 2024
@sberyozkin sberyozkin deleted the optimize_default_token_state_manager branch December 28, 2024 11:44
This was referenced Jan 1, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gastaldi gastaldi gastaldi approved these changes

Assignees
No one assigned
Labels
area/oidc
Projects
None yet
Milestone
3.18.0.CR1
Development

Successfully merging this pull request may close these issues.
2 participants
@sberyozkin @gastaldi