Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIXES #2408] SSO - Supported OpenID services #372

Merged
merged 1 commit into from
Oct 9, 2024
Merged

[FIXES #2408] SSO - Supported OpenID services #372

merged 1 commit into from
Oct 9, 2024

Conversation

afabiani
Copy link
Member

@afabiani afabiani commented Oct 8, 2024

The current PR addresses few issues mainly related to the refreshToken endpoint:

  1. The main issue is due to the fact that if the current condition is met if ((expiresIn == null || fiveMinutesFromNow.after(expiresIn)) && refreshToken != null), i.e. the refreshToken is not expired yet, the sessionToken sent back will be NULL resulting in an 204: empty response causing the client to lose the current accessToken
  2. The cache bean of the OIDC has a wrong name causing a context exception when trying to retrieve it from a new thread
  3. Generally speaking the code checks only for accessToken nullability but consider it valid in the case it's empty, and this is an error and must be threated as an error.
  4. The doRefresh method does not send the client_id to the IDP Refresh Endpoint, and this is can cause issues for strict compliant providers like Microsoft Azure

@afabiani afabiani requested a review from offtherailz October 8, 2024 16:32
@afabiani afabiani self-assigned this Oct 8, 2024
offtherailz
offtherailz approved these changes Oct 9, 2024
edited
Loading
View reviewed changes
@offtherailz offtherailz merged commit 8132a81 into master Oct 9, 2024
2 checks passed
@afabiani afabiani deleted the oidc_refresh_token_issue_2408 branch October 9, 2024 07:53
afabiani added a commit that referenced this pull request Oct 10, 2024
@afabiani
[FIXES #2408] C206-DEUTSCHE_BAHN-2023-SUPPORT - SSO - Supported OpenI…
0be5e2d 
…D services (#372)

(cherry picked from commit 8132a81)
@afabiani afabiani mentioned this pull request Oct 10, 2024
Merged
offtherailz pushed a commit that referenced this pull request Oct 10, 2024
@afabiani
[FIXES #2408] C206-DEUTSCHE_BAHN-2023-SUPPORT - SSO - Supported OpenI…
64d9ae9 
…D services (#372) (#374)

(cherry picked from commit 8132a81)
@offtherailz offtherailz changed the title [FIXES #2408] C206-DEUTSCHE_BAHN-2023-SUPPORT - SSO - Supported OpenID services [FIXES #2408] SSO - Supported OpenID services Nov 13, 2024
offtherailz pushed a commit that referenced this pull request Nov 13, 2024
@afabiani @offtherailz
[FIXES #2408] SSO - Supported OpenID services (#372)
b9ab0f6
offtherailz pushed a commit that referenced this pull request Nov 13, 2024
@afabiani @offtherailz
[FIXES #2408] SSO - Supported OpenID services (#372) (#374)
4c219af 
(cherry picked from commit 8132a81)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offtherailz offtherailz offtherailz approved these changes

Assignees

@afabiani afabiani

Labels
C206-DEUTSCHE_BAHN-2023-SUPPORT
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@afabiani @offtherailz @tdipisa