Development #70749: moyen d'authentification OIDC : ne pas pré-remplir les client_id et client_secret - Authentic 2 - Redmine Entr'ouvert

Development #70749

moyen d'authentification OIDC : ne pas pré-remplir les client_id et client_secret

Added by Thomas Noël 3 months ago. Updated about 1 month ago.

Status:

Solution déployée

Priority:

Normal

Assignee:

Paul Marillonnet

Category:

Target version:

Start date:

27 October 2022

Due date:

% Done:

Estimated time:

Patch proposed:

Yes

Planning:

Description

D'un client qui a fait une configuration en autonomie de son «SSO Agent» :

le pré-remplissage du client-id et client-secret par Publik a été un peu déroutante car c'est plutôt de la responsabilité de IDP dans ce cas de les fournir

Ca me semble pertinent.

Files

0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch (5.29 KB) 0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch		Paul Marillonnet, 27 October 2022 09:20 AM
0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch (10.5 KB) 0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch		Paul Marillonnet, 27 October 2022 09:40 AM

Associated revisions

Revision 6eea42ff (diff)
Added by Paul Marillonnet 3 months ago

auth_oidc: do not attempt to generate one's own client credentials (#70749)

these credentials must be issued to authentic by the OIDC provider,
    see for instance https://datatracker.ietf.org/doc/html/rfc6749#section-2.2

History

Updated by Paul Marillonnet 3 months ago

Status changed from Nouveau to En cours
Assignee set to Paul Marillonnet

Oui complètement, c’est pas au client de décider de son propre identifiant.

Updated by Paul Marillonnet 3 months ago

File 0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch 0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch added
Status changed from En cours to Solution proposée
Patch proposed changed from No to Yes

Updated by Paul Marillonnet 3 months ago

Status changed from Solution proposée to En cours

Et j’avais oublié la commande d’enregistrement d’un fournisseur, je regarde.

Updated by Paul Marillonnet 3 months ago

File 0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch 0001-auth_oidc-do-not-attempt-to-generate-one-s-own-clien.patch added
Status changed from En cours to Solution proposée

Paul Marillonnet a écrit :

Et j’avais oublié la commande d’enregistrement d’un fournisseur, je regarde.

Voilà.

Updated by Valentin Deniaud 3 months ago

Status changed from Solution proposée to Solution validée

Updated by Paul Marillonnet 3 months ago

Status changed from Solution validée to Résolu (à déployer)

commit 6eea42ff675b23189f98ef00297b6c7e07bd9064
Author: Paul Marillonnet <pmarillonnet@entrouvert.com>
Date:   Thu Oct 27 09:12:50 2022 +0200

    auth_oidc: do not attempt to generate one's own client credentials (#70749)

        these credentials must be issued to authentic by the OIDC provider,
        see for instance https://datatracker.ietf.org/doc/html/rfc6749#section-2.2

Updated by Transition automatique about 1 month ago

Status changed from Résolu (à déployer) to Solution déployée

Also available in: Atom PDF

Project

General

Profile

Produits Entr'ouvert » Authentic 2

Issues

Custom queries