Single Sign-On via OIDC #888
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add `host` configuration option for specifying the application's web address in configuration.md and app_config.rs. - Update docker-compose.yaml to include SQLPAGE_HOST and SQLPAGE_OIDC_ISSUER_URL environment variables. - Enhance OIDC middleware to utilize the new `host` setting for redirect URLs and improve cookie handling in oidc.rs.
…e it by providing a host setting
- Extracted logic for handling unauthenticated requests into a separate method `handle_unauthenticated_request`. - Updated the main request handling flow to utilize the new method for improved readability and maintainability.
- Introduced `handle_oidc_callback` method to manage OIDC callback requests. - Added `process_oidc_callback` and `exchange_code_for_token` methods for token exchange logic. - Updated `handle_unauthenticated_request` to check for callback URL and redirect accordingly. - Refactored `build_redirect_response` to improve clarity in response handling.
- Updated `get_sqlpage_auth_cookie` to return a result for better error handling and validation of the SQLPage auth cookie. - Improved logging throughout the OIDC service for better traceability of requests and responses. - Adjusted the handling of OIDC callback parameters to include context in error messages.
- Added state cookie handling to maintain the initial URL during OIDC authentication. - Refactored `build_auth_url` to accept the initial URL as a parameter. - Enhanced `process_oidc_callback` to retrieve the state from the cookie and redirect accordingly.
- Improved error logging for invalid auth cookies and ID token verification. - Introduced nonce verification logic to ensure security during OIDC authentication. - Adjusted parameters for nonce hashing to optimize for short-lived tokens.
- Updated logging statements for better clarity and context. - Refactored code for nonce verification and error handling. - Enhanced documentation in `app_config.rs` for clarity on `https_domain` usage.
- Added context to OIDC client creation error handling. - Updated HTTP request and response types for better integration with the openidconnect library. - Introduced AwcWrapperError for improved error management in HTTP calls.
- Changed http_client from Arc to Rc in OidcService for improved memory efficiency. - Updated related code to reflect the new ownership model for the HTTP client.
- Added OidcState struct to encapsulate OIDC configuration and client. - Refactored OidcMiddleware to utilize OidcState for improved state management. - Updated HTTP client handling in OIDC service methods for better integration with app data. - Enhanced logging for OIDC middleware initialization and request processing.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WIP.
Add support for single signon through oidc