Skip to content

Add IAL and AAL to token response#7782

Merged
Jeremy1026 merged 26 commits intomainfrom
jcurcio/lg-8704-add-ial-and-aal-to-userinfo-response
Feb 16, 2023
Merged

Add IAL and AAL to token response#7782
Jeremy1026 merged 26 commits intomainfrom
jcurcio/lg-8704-add-ial-and-aal-to-userinfo-response

Conversation

@Jeremy1026
Copy link
Contributor

@Jeremy1026 Jeremy1026 commented Feb 7, 2023

🎫 Ticket

LG-8704

🛠 Summary of changes

Change user info in the OIDC token response to include the URLs for the IAL and AAL instead of the integer value.

@Jeremy1026
[skip changelog]
832d0ff 
Adds ial and all to OIDC JWT response
@Jeremy1026
[skip changelog]
d3ff5d1 
Clean up debugging stuffs
@Jeremy1026
changelog: additional clean up
0abe32f 
additional cleanup
@Jeremy1026 Jeremy1026 changed the title Jcurcio/lg 8704 add ial and aal to userinfo response Add IAL and AAL to userinfo response Feb 7, 2023
mitchellhenke
mitchellhenke reviewed Feb 7, 2023
View reviewed changes
Copy link
Contributor

@mitchellhenke mitchellhenke left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we store the original AAL/IAL values from the request in the database instead of storing the integer and converting back?

I think this also may need a rebase on main.

@Jeremy1026
changelog: Improvements, OpenID Connect Add ial and aal to userinfo r…
c6913ad 
…esponse

Include IAL/AAL string value instead of integer value in Userinfo
@Jeremy1026 Jeremy1026 force-pushed the jcurcio/lg-8704-add-ial-and-aal-to-userinfo-response branch from 4301a51 to c6913ad Compare February 7, 2023 15:08
@orenyk orenyk changed the title Add IAL and AAL to userinfo response Add IAL and AAL to token response Feb 8, 2023
@Jeremy1026 Jeremy1026 force-pushed the jcurcio/lg-8704-add-ial-and-aal-to-userinfo-response branch from 828d7d3 to 0a51dbf Compare February 9, 2023 15:55
mmagsa
mmagsa requested changes Feb 13, 2023
View reviewed changes
@Jeremy1026 Jeremy1026 marked this pull request as draft February 13, 2023 15:38
@Jeremy1026 Jeremy1026 marked this pull request as ready for review February 13, 2023 19:56
@mmagsa mmagsa self-requested a review February 14, 2023 20:10
orenyk
orenyk reviewed Feb 14, 2023
View reviewed changes
Copy link
Contributor

@orenyk orenyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's drop the migration, I think this should be good otherwise!

@Jeremy1026
Remove migration
a206e15
@Jeremy1026
If nil, use default
a2cb484 
Lint is probably going to hate the line length
orenyk
orenyk reviewed Feb 15, 2023
View reviewed changes
orenyk
orenyk reviewed Feb 15, 2023
View reviewed changes
Copy link
Contributor

@orenyk orenyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One quick comment re: where the default behavior lives. I also just noticed that there are no unit tests for this functionality in the presenter (and the form if you move the default behavior there) - if you could add those and re-add the feature spec checking for the attributes in the userinfo response this should be good to go!

orenyk
orenyk approved these changes Feb 15, 2023
View reviewed changes
Copy link
Contributor

@orenyk orenyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two minor comments on the form spec but otherwise good to go from my perspective!

spec/forms/openid_connect_authorize_form_spec.rb
end

describe '#aal' do
context 'when AAL1 passed' do
Copy link
Contributor

@orenyk orenyk Feb 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: I don't think we need to test for this since we don't support it

Copy link
Contributor

@orenyk orenyk Feb 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, this should probably be replaced with a test for the default AAL specification instead of AAL1

Copy link
Contributor Author

@Jeremy1026 Jeremy1026 Feb 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any harm in keeping checking 1? A couple extra cycles, and an extra second per test run?

Copy link
Contributor

@orenyk orenyk Feb 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nah not really, other than the setup where you modify the allowed aal values feeling a bit weird to me. Either way is fine by me!

@Jeremy1026 Jeremy1026 merged commit b177a2e into main Feb 16, 2023
@Jeremy1026 Jeremy1026 deleted the jcurcio/lg-8704-add-ial-and-aal-to-userinfo-response branch February 16, 2023 14:42
@solipet solipet mentioned this pull request Feb 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitchellhenke mitchellhenke mitchellhenke left review comments

@mmagsa mmagsa mmagsa approved these changes

+2 more reviewers

@zachmargolis zachmargolis zachmargolis left review comments

@orenyk orenyk orenyk approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Jeremy1026 @zachmargolis @orenyk @mitchellhenke @mmagsa