Add support for a list of groups represented as maps in OAuth.#23
Add support for a list of groups represented as maps in OAuth.#23xtremerui merged 2 commits intoconcourse:masterfrom
Conversation
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
concourse#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
vladsf
force-pushed
the
fix_oauth_groups
branch
from
f9399ce to
57037a4
Compare
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
|
Hi @clarafu, would you please review the contribution? |
|
@vladsf Sorry for the delay, it looks good to me but I'm just going to quickly have @xtremerui confirm that this is okay for me since he has a lot more context on dex than myself! |
xtremerui
left a comment
xtremerui
left a comment
There was a problem hiding this comment.
LGTM!
Just for user survey, what oauth provider are you using this connector with? We are thinking about switching back to upstream dex that doesn't support oauth connector yet. Would you be able to use OIDC connector instead? Thx!
Thank you @clarafu. I am using Oracle Identity Cloud Service as oauth provider. I see. I have not tested OIDC yet, but I hope to try it in a few days. Did you consider submitting this OAuth connector to the upstream? |
Already did it a long time ago, however it is still pending there for some reason. dexidp#1630 |
@clarafu I tried and failed. skipIssuerValidation and InsecureIssuerURLContext are not supported in the mainstream OIDC connector. So it fails with |
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
concourse#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
concourse#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.
concourse#23
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
3 participants
Hi,
Overview
I read about DCO, etc. I am not familiar with Golang yet, so I have created a draft PR to discuss
the problem which the fix outlines and possibly? solves before investing more time.
What this PR does / why we need it
OAuth supports providing user groups in userinfo token. Yet there are cases when groups are represented
as a list of maps, not strings e.g. "groups":[{"id":"1", "name":"gr1"},{"id": "2", "name":"gr2"}]. Current code
does not support that and ignores groups information.
Does this PR introduce a user-facing change?