Adds support for custom OIDC prompts #3409
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds support for custom OIDC prompt values. Read about possible prompt values here: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest Three cases are possible: * Prompt value is not set, this defaults to OIDC prompt value to select_account value to preserve backwards compatibility. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: 'login consent' ``` * Prompt value is set to empty string, it will be omitted from the auth request. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: '' ``` * Prompt value is set to non empty string, it will be included in the auth request as is. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: 'login consent' ``` Tested with Auth0 OIDC connector on teleport 4.2 enterprise.
klizhentas
requested review from
benarent,
russjones,
fspmarshall and
stevenGravy
benarent
approved these changes
Mar 5, 2020
There was a problem hiding this comment.
👍 Looks good. Yesterday I was considering naming this redirect_prompt when chatting with @stevenGravy, but after re-reading the OIDC Docs prompt is a better name as it's not directly related to the specifics of the redirect.
russjones
approved these changes
Mar 5, 2020
webvictim
approved these changes
Mar 5, 2020
|
@russjones let me know when it's ok to merge, as I'm holding this until you folks release 4.2.4 |
fspmarshall
approved these changes
Mar 5, 2020
stevenGravy
approved these changes
Mar 6, 2020
klizhentas
added a commit
that referenced
this pull request
Mar 8, 2020
This commit adds support for custom OIDC prompt values. Read about possible prompt values here: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest Three cases are possible: * Prompt value is not set, this defaults to OIDC prompt value to select_account value to preserve backwards compatibility. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: 'login consent' ``` * Prompt value is set to empty string, it will be omitted from the auth request. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: '' ``` * Prompt value is set to non empty string, it will be included in the auth request as is. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: 'login consent' ``` Tested with Auth0 OIDC connector on teleport 4.2 enterprise.
russjones
pushed a commit
that referenced
this pull request
Mar 21, 2020
This commit adds support for custom OIDC prompt values. Read about possible prompt values here: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest Three cases are possible: * Prompt value is not set, this defaults to OIDC prompt value to select_account value to preserve backwards compatibility. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: 'login consent' ``` * Prompt value is set to empty string, it will be omitted from the auth request. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: '' ``` * Prompt value is set to non empty string, it will be included in the auth request as is. ```yaml kind: oidc version: v2 metadata: name: connector spec: prompt: 'login consent' ``` Tested with Auth0 OIDC connector on teleport 4.2 enterprise.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds support for custom OIDC prompt values.
Read about possible prompt values here:
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Three cases are possible:
OIDC prompt value to select_account value to preserve backwards
compatibility.
from the auth request.
in the auth request as is.
Tested with Auth0 OIDC connector on teleport 4.2 enterprise.