Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove access_token hiding hack from helusername backend #161

Merged
merged 3 commits into from
Mar 29, 2021
Merged

Remove access_token hiding hack from helusername backend #161

merged 3 commits into from
Mar 29, 2021

Conversation

vikoivun
Copy link
Member

@vikoivun vikoivun commented Mar 9, 2021
edited
Loading

Remove a hack to work around a bug in python-jose and upgrade to a fixed version of python-jose.

Keycloak 9.x issued ID-tokens without at_hash claim during authorization code flow. This caused the buggy library to reject the token. See mpdavis/python-jose#75

Newer versions of Keycloak started to include the claim even during authorization code flow, which masked the bug.

@vikoivun
Remove access_token hiding hack from helusername backend
4656827 
This hack worked around a weirdness with Keycloak access token. It is
not needed anymore and is broken anyway with newer pysocial(?).
@codecov
Copy link

codecov bot commented Mar 9, 2021
edited
Loading

Codecov Report

Merging #161 (4b2dbb8) into develop (bd2ceaa) will increase coverage by 0.01%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #161      +/-   ##
===========================================
+ Coverage    86.10%   86.11%   +0.01%     
===========================================
  Files          150      150              
  Lines         5576     5574       -2     
===========================================
- Hits          4801     4800       -1     
+ Misses         775      774       -1
Impacted Files Coverage Δ
auth_backends/helsinki_username.py 100.00% <ø> (+12.50%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bd2ceaa...4b2dbb8. Read the comment docs.

mikkokeskinen
mikkokeskinen suggested changes Mar 10, 2021
View reviewed changes
Copy link
Contributor

@mikkokeskinen mikkokeskinen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could the python-jose version be set in the requirements.in and running pip-compile?

Like so:
python-jose>=3.2.0

@vikoivun
Copy link
Member Author

Could the python-jose version be set in the requirements.in and running pip-compile?

Like so:
python-jose>=3.2.0

Well, it is a transitive dependency. I'm hoping social-core will get back into business and update their dependencies. At least the project recently got a new maintainer.

@mikkokeskinen
Copy link
Contributor

Yes I know. But if it's our need that the version should be newer, we should maybe set it in our requirements?

@mikkokeskinen
Copy link
Contributor

Btw. python-jose 3.2.0 brings other updates that are not now in the requirements.txt.

@vikoivun
Copy link
Member Author

Btw. python-jose 3.2.0 brings other updates that are not now in the requirements.txt.

Fair enough. I'll push the changes to requirements.in

@vikoivun vikoivun force-pushed the fix/helusername_access_token_hack branch from fa3fe97 to 4b2dbb8 Compare March 10, 2021 10:40
mikkokeskinen
mikkokeskinen approved these changes Mar 10, 2021
View reviewed changes
Copy link
Contributor

@mikkokeskinen mikkokeskinen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@tituomin tituomin merged commit b1989aa into develop Mar 29, 2021
@charn charn deleted the fix/helusername_access_token_hack branch August 15, 2024 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikkokeskinen mikkokeskinen mikkokeskinen approved these changes

@tituomin tituomin Awaiting requested review from tituomin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vikoivun @mikkokeskinen @tituomin