Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip userinfo if provider doesn't support it. #915

Merged
merged 3 commits into from
Apr 11, 2017
Merged

Skip userinfo if provider doesn't support it. #915

merged 3 commits into from
Apr 11, 2017

Conversation

jplana
Copy link
Contributor

@jplana jplana commented Apr 10, 2017

While integrating the CoreOS Dex oidc (https://github.com/coreos/dex) with teleport we found a problem during the claim validation process:

Dex doesn't implement the UserInfo endpoint, which seems to be optional anyway according to the standard (see dexidp/dex#376).

Teleport auth service crashes when requesting this endpoint as in:

func claimsFromUserInfo(oidcClient *oidc.Client, issuerURL string, accessToken string) (jose.Claims, error) {
        err := isHTTPS(issuerURL)
        if err != nil {
                return nil, trace.Wrap(err)
        }

        oac, err := oidcClient.OAuthClient()
        if err != nil {
                return nil, trace.Wrap(err)
        }
        hc := oac.HttpClient()

        // go get the provider config so we can find out where the UserInfo endpoint is
        pc, err := oidc.FetchProviderConfig(oac.HttpClient(), issuerURL)
        if err != nil {
                return nil, trace.Wrap(err)
        }
        endpoint := pc.UserInfoEndpoint.String()

pc.UserInfoEndpoint is casted to String.

This PR tries to avoid this crash by checking for the UserInfoEndpoint presence in the provider configuration, using just the token claims in this case.

Do you think this would be a good approach?

@russjones
Copy link
Contributor

@jplana Good catch, I'll review your PR shortly.

@russjones russjones self-requested a review April 10, 2017 18:23
@russjones russjones added this to the 2.1 milestone Apr 10, 2017
@russjones russjones added the bug label Apr 10, 2017
@russjones russjones requested a review from klizhentas April 10, 2017 19:15
@russjones russjones merged commit d46f4d2 into gravitational:master Apr 11, 2017
@russjones
Copy link
Contributor

@jplana Merged, thanks for the fix!

@jplana
Copy link
Contributor Author

jplana commented Apr 11, 2017

Great! :-)

hatched pushed a commit that referenced this pull request Feb 1, 2023
@gzdunek
Remove username from the Identity selector (#903) (#915)
39c739d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klizhentas klizhentas klizhentas approved these changes

@russjones russjones russjones approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
2.2
Development

Successfully merging this pull request may close these issues.
3 participants
@jplana @russjones @klizhentas