You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "ro4i7 (via GitHub)" <gi...@apache.org> on 2023/03/14 21:20:02 UTC

[GitHub] [apisix] ro4i7 opened a new pull request, #9068: oidc auth

ro4i7 opened a new pull request, #9068:
URL: https://github.com/apache/apisix/pull/9068

   ### Description
   fixes #8772 
   These changes will ensure that some claim custom claim in the OIDC token matches either foo or bar. If it does not match any of these values, the plugin will return a 401 unauthorized response 
   
   fixes 
   
   <!-- Please include a summary of the change and which issue is fixed. -->
   <!-- Please also include relevant motivation and context. -->
   
   Fixes #8772 
   
   ### Checklist
   
   - [ ] I have explained the need for this PR and the problem it solves
   - [ ] I have explained the changes or the new features added to this PR
   - [ ] I have added tests corresponding to this change
   - [ ] I have updated the documentation to reflect this change
   - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
   
   <!--
   
   Note
   
   1. Mark the PR as draft until it's ready to be reviewed.
   2. Always add/update tests for any changes unless you have a good reason.
   3. Always update the documentation to reflect the changes made in the PR.
   4. Make a new commit to resolve conversations instead of `push -f`.
   5. To resolve merge conflicts, merge master instead of rebasing.
   6. Use "request review" to notify the reviewer after making changes.
   7. Only a reviewer can mark a conversation as resolved.
   
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] navendu-pottekkat commented on pull request #9068: feat: oidc auth

Posted by "navendu-pottekkat (via GitHub)" <gi...@apache.org>.
navendu-pottekkat commented on PR #9068:
URL: https://github.com/apache/apisix/pull/9068#issuecomment-1477224143

   @ro4i7 There are unresolved comments here. The changes proposed even has references to the db schema of an entirely different software. Please explain these before requesting a review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] ro4i7 commented on pull request #9068: feat: oidc auth

Posted by "ro4i7 (via GitHub)" <gi...@apache.org>.
ro4i7 commented on PR #9068:
URL: https://github.com/apache/apisix/pull/9068#issuecomment-1476063414

   @spacewander @navendu-pottekkat @starsz please check it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Neilblaze commented on a diff in pull request #9068: feat: oidc auth

Posted by "Neilblaze (via GitHub)" <gi...@apache.org>.
Neilblaze commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1140954965


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   @ro4i7 No need to be sorry. People often rant when they get caught 🤣
   Talk is cheap, show me the code.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on a diff in pull request #9068: feat: oidc auth

Posted by "spacewander (via GitHub)" <gi...@apache.org>.
spacewander commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1138007148


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   Why this PR contains Kong's schema?



##########
t/spec/test_oidc.lua:
##########
@@ -0,0 +1,36 @@
+describe("OIDC auth plugin", function()

Review Comment:
   We use a different way to test. You can check it out in https://github.com/apache/apisix/blob/master/docs/en/latest/internal/testing-framework.md
   
   The test code needs to be added in https://github.com/apache/apisix/blob/master/t/plugin/openid-connect2.t
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on pull request #9068: feat: oidc auth

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9068:
URL: https://github.com/apache/apisix/pull/9068#issuecomment-1488222145

   I will close this PR, this PR is ridiculous that it even uses Kong's library and test frame


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Neilblaze commented on a diff in pull request #9068: feat: oidc auth

Posted by "Neilblaze (via GitHub)" <gi...@apache.org>.
Neilblaze commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1140943262


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   Cause this was generated by ChatGPT



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] ro4i7 commented on a diff in pull request #9068: feat: oidc auth

Posted by "ro4i7 (via GitHub)" <gi...@apache.org>.
ro4i7 commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1140953387


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   @Neilblaze Sorry buddy, but it seems like you're just jealous. But don't worry, I'll continue to thrive and you can continue to wallow in your own insecurities. 😎 and Thanks for reminding me of this PR.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] ro4i7 commented on a diff in pull request #9068: feat: oidc auth

Posted by "ro4i7 (via GitHub)" <gi...@apache.org>.
ro4i7 commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1140953387


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   @Neilblaze Sorry buddy, but it seems like you're just jealous. But don't worry, I'll continue to thrive and you can continue to wallow in your own insecurities. 😎 and Thanks for reminding me of this PR.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] ro4i7 commented on a diff in pull request #9068: feat: oidc auth

Posted by "ro4i7 (via GitHub)" <gi...@apache.org>.
ro4i7 commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1140953697


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   > Why this PR contains Kong's schema?
   
   @spacewander By using Kong's schema, the OIDC plugin is able to ensure that the claim_validators field is properly formatted and validated before it is used.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Neilblaze commented on a diff in pull request #9068: feat: oidc auth

Posted by "Neilblaze (via GitHub)" <gi...@apache.org>.
Neilblaze commented on code in PR #9068:
URL: https://github.com/apache/apisix/pull/9068#discussion_r1140954965


##########
apisix/plugins/schema.lua:
##########
@@ -0,0 +1,18 @@
+local typedefs = require "kong.db.schema.typedefs"

Review Comment:
   @ro4i7 No need to be sorry. People often rant when they get caught 🤣
   Talk is cheap, show me the code.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 closed pull request #9068: feat: oidc auth

Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 closed pull request #9068: feat: oidc auth 
URL: https://github.com/apache/apisix/pull/9068


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] ro4i7 commented on pull request #9068: feat: oidc auth

Posted by "ro4i7 (via GitHub)" <gi...@apache.org>.
ro4i7 commented on PR #9068:
URL: https://github.com/apache/apisix/pull/9068#issuecomment-1468863193

   @spacewander please check the PR for issue #8772 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org