-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make OIDC end_session_endpoint optional #20753
Make OIDC end_session_endpoint optional #20753
Conversation
|
d38cbee
to
1a60b65
Compare
So should we update the docs .. I kinda feel like it would be better to merge this PR. |
Currently, there are 3 ways to config a OAuth2 property:
Not all properties support all 3 ways. This PR #20753 allows The issue (#20754) is about |
core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServerConfigProvider.java
Outdated
Show resolved
Hide resolved
This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua |
Does this look good now @Praveen2112 ? |
I'll take a look |
This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua |
Reminder @Praveen2112 and @oneonestar |
@oneonestar Can we rebase it out.
The spec mentions this mandatory and I'm not sure if we need to make it optional. I would rely on @dain / @lukasz-walkiewicz opinion here. |
ca75cba
to
5af1d8e
Compare
I'm trying to use dexidp on top of k8s to build automatically enhanced security authentication for projects using operator. When I was validating trino, I ran into the same problem. I would like to know how the current community views this issue, including how to deal with it in the future, and whether there is a roadmap? |
Would like to have @lukasz-walkiewicz review here. |
testStaticConfiguration(Optional.empty(), Optional.empty()); | ||
testStaticConfiguration(Optional.of("/access-token-issuer"), Optional.of("/userinfo")); | ||
testStaticConfiguration(Optional.empty(), Optional.empty(), Optional.empty()); | ||
testStaticConfiguration(Optional.of("/access-token-issuer"), Optional.of("/userinfo"), Optional.empty()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these mixed cases any useful? Aren't two tests cases enough as previously?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previously we weren't covering these cases right ? So aren't they good ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@oneonestar Can we address this comment - Then I guess we could merge this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR makes endSessionPath
optional.
This way ensures that the previous tests work with or without setting endSessionPath
.
core/trino-main/src/main/java/io/trino/server/security/oauth2/OidcDiscovery.java
Show resolved
Hide resolved
Thanks for fixing this issue |
Description
Make OIDC
end_session_endpoint
optional.Fix #19844
Although this field is mandatory in the spec OpenID Connect RP-Initiated Logout 1.0 , the spec itself is not mandatory.
Some providers do not implement it:
https://openid.net/developers/how-connect-works/
Release notes
(x) This is not user-visible or is docs only, and no release notes are required.