a6bfff2
This commit was signed with the committer’s verified signature.
kirill-abblix
Kirill Kovalev
🚀 Features
- Added Resource Indicators support (RFC 8707) (PR#12)
🛠️ Fixes
- Fixed issuer parameter return from Authorization endpoint (PR#11)
- Fixed some suggestions from SonarQube
Detailed description
Added Resource Indicators support
- RFC 8707 Resource Indicators for OAuth 2.0: Introduces a mechanism allowing OAuth 2.0 clients to specify the target resource they wish to access by including a
resourceparameter in the authorization request. This enables the authorization server to determine the appropriate policies and scopes required for accessing the specified resource. By providing explicit resource indicators, this feature enhances security and granularity in access control, ensuring that tokens are scoped to specific resources and reducing the risk of unauthorized resource access.- The system supports multiple resources, allowing clients to request access to multiple resources in a single authorization request. This enables more complex and comprehensive access scenarios.
- Clients can define their own scopes with custom sets of claims, as well as their own resources with associated scope sets. This allows for more tailored and specific access controls suited to individual customer needs.
- The consent process for users has been extended. Users can now provide partial consent, granting access to some of the requested scopes and resources while denying others. This improves user control and privacy by allowing more granular consent decisions.
- Clients can request an access token for a subset of scopes and resources that were granted in a prior authorization request. This supports more efficient and focused access patterns, reducing the need to request full sets of scopes and resources repeatedly.
Fixed issuer parameter return from Authorization endpoint
- Corrected the implementation to ensure that the
iss(issuer) parameter is accurately returned from the Authorization endpoint. Theissparameter identifies the authorization server issuing the token, and ensuring its correct return is crucial for validating tokens and maintaining trust in the authentication process. This fix ensures interoperability with clients and services relying on the issuer information for security and validation purposes.
Fixed some suggestions from SonarQube
- Implemented several recommendations and fixes based on analysis from SonarQube, a tool for continuous inspection of code quality. This includes addressing code smells, potential bugs, and security vulnerabilities identified by SonarQube. Improvements involve refactoring code for better readability and maintainability, fixing bugs that could lead to runtime errors, and enhancing security by addressing identified vulnerabilities. These changes contribute to a more robust, secure and maintainable codebase.