Add the requested vectors of trust to ServiceProviderRequest#9991
Merged
Add the requested vectors of trust to ServiceProviderRequest#9991
ServiceProviderRequest#9991Conversation
We are working on imlementing a feature for partners to request identity proofing and authentication features using vectors of trust. This will involve sending param describing the vector of trust in the original SAML or OIDC request. Within the context of OIDC this param is named `vtr`. This commit adds a `vtr` property to `ServiceProviderRequest`. This property is unused and unset in the persisted service provider request. This will allow us to write to it in the future and initialize `ServiceProviderRequest`s with the value without resulting in an `ArgumentError` (thus avoiding a dreaded 50/50 state bug) [skip changelog]
zachmargolis
approved these changes
Jan 29, 2024
| requested_attributes: [], | ||
| biometric_comparison_required: false | ||
| biometric_comparison_required: false, | ||
| vtr: nil # rubocop:disable Lint/UnusedMethodArgument |
Contributor
There was a problem hiding this comment.
should we add acr too? so we dont have to persisnt ial//aal separately?
Suggested change
| vtr: nil # rubocop:disable Lint/UnusedMethodArgument | |
| vtr: nil, # rubocop:disable Lint/UnusedMethodArgument | |
| acr: nil # rubocop:disable Lint/UnusedMethodArgument |
Contributor
Author
There was a problem hiding this comment.
I have wavered on whether we should add ACR separately. They get split out and parsed separately by both the OIDC controller and the SAML request.
I was imagining something like this (at least for now):
class ServiceProviderRequest
def acr_values
[ial, aal].join(' ')
end
endEventually we may get to a place where we can pass in a raw ACR value. I'm not sure whether that is better to go for now or hold off on. I haven't spent enough time hacking on either the SAML or OIDC portion to know which is better.
Contributor
Author
There was a problem hiding this comment.
Okay, I did some poking around and decided to go ahead and throw the raw "acr_values" prop on there
zachmargolis
approved these changes
Jan 29, 2024
jmhooper
added a commit
that referenced
this pull request
Jan 30, 2024
In #9991 the `vtr` property is added to the `ServiceProviderRequest`. Since the `vtr` property is introduced there it is unsafe to create a `ServiceProviderRequest` record with `vtr` during a deploy since some instances may have code that is unaware of the `vtr` property and will result in an `ArgumentError` when creating a `ServiceProviderRequest` Once the changes in #9991 are deployed it should be safe to create records with the `vtr` property. This commit does that in the `ServiceProviderRequestProxy`. [skip changelog]
jmhooper
added a commit
that referenced
this pull request
Feb 5, 2024
In #9991 the `vtr` property is added to the `ServiceProviderRequest`. Since the `vtr` property is introduced there it is unsafe to create a `ServiceProviderRequest` record with `vtr` during a deploy since some instances may have code that is unaware of the `vtr` property and will result in an `ArgumentError` when creating a `ServiceProviderRequest` Once the changes in #9991 are deployed it should be safe to create records with the `vtr` property. This commit does that in the `ServiceProviderRequestProxy`. [skip changelog]
jmhooper
added a commit
that referenced
this pull request
Feb 5, 2024
#9993) In #9991 the `vtr` property is added to the `ServiceProviderRequest`. Since the `vtr` property is introduced there it is unsafe to create a `ServiceProviderRequest` record with `vtr` during a deploy since some instances may have code that is unaware of the `vtr` property and will result in an `ArgumentError` when creating a `ServiceProviderRequest` Once the changes in #9991 are deployed it should be safe to create records with the `vtr` property. This commit does that in the `ServiceProviderRequestProxy`. [skip changelog]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We are working on imlementing a feature for partners to request identity proofing and authentication features using vectors of trust. This will involve sending param describing the vector of trust in the original SAML or OIDC request. Within the context of OIDC this param is named
vtr.This commit adds a
vtrproperty toServiceProviderRequest. This property is unused and unset in the persisted service provider request. This will allow us to write to it in the future and initializeServiceProviderRequests with the value without resulting in anArgumentError(thus avoiding a dreaded 50/50 state bug)