Skip to content

4.x: Make check for audience claim in access token optional in OIDC provider#6959

Merged
Tomas-Kraus merged 5 commits into
helidon-io:mainfrom
Tomas-Kraus:heli-5860
Aug 22, 2023
Merged

4.x: Make check for audience claim in access token optional in OIDC provider#6959
Tomas-Kraus merged 5 commits into
helidon-io:mainfrom
Tomas-Kraus:heli-5860

Conversation

@Tomas-Kraus

@Tomas-Kraus Tomas-Kraus commented Jun 7, 2023

Copy link
Copy Markdown

Added optional-audience config option to make audience claim optional.
Automatic audience claim generation is disabled when this option is set to true.

Resolves #5860

@Tomas-Kraus Tomas-Kraus requested a review from Verdent June 7, 2023 11:30
@oracle-contributor-agreement oracle-contributor-agreement Bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jun 7, 2023
@Tomas-Kraus Tomas-Kraus self-assigned this Jun 7, 2023
@Tomas-Kraus

Copy link
Copy Markdown
Author

Fixed conflict after rebase.
@Verdent This PR is here more than month, please review it.

@Tomas-Kraus Tomas-Kraus requested a review from tomas-langer July 27, 2023 14:09

@Verdent Verdent left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now you are mixing two approaches here. We have tenant and overall OIDC config. I think placing this switch to the BaseBuilder is correct (BaseBuilder is used for both), since audience can be set different for each tenant. But in that case we need to be able also to get it from config in BaseBuilder and not in overall OIDC config only.

@tomas-langer tomas-langer requested a review from Verdent August 14, 2023 20:52
Tomáš Kraus added 4 commits August 17, 2023 12:05
… optional in OIDC provider

Signed-off-by: Tomáš Kraus <tomas.kraus@oracle.com>
Signed-off-by: Tomáš Kraus <tomas.kraus@oracle.com>
Signed-off-by: Tomáš Kraus <tomas.kraus@oracle.com>
Signed-off-by: Tomáš Kraus <tomas.kraus@oracle.com>
@tomas-langer tomas-langer changed the title Make check for audience claim in access token optional in OIDC provider 4.x: Make check for audience claim in access token optional in OIDC provider Aug 17, 2023
Comment thread security/jwt/src/main/java/io/helidon/security/jwt/Jwt.java Outdated
Signed-off-by: Tomáš Kraus <tomas.kraus@oracle.com>
@Tomas-Kraus Tomas-Kraus requested a review from Verdent August 18, 2023 11:54
@Tomas-Kraus Tomas-Kraus merged commit cf32b78 into helidon-io:main Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Make check for audience claim in access token optional in OIDC provider

3 participants