Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor improvements to OIDC docs #558

Merged
merged 3 commits into from
May 12, 2023
Merged

Minor improvements to OIDC docs #558

merged 3 commits into from
May 12, 2023

Conversation

michaeljmarshall
Copy link
Member

Documentation

  • doc

The OpenID Connect docs need some additional clarifications.

@michaeljmarshall michaeljmarshall requested a review from momo-jun May 5, 2023 19:58
@michaeljmarshall michaeljmarshall self-assigned this May 5, 2023
@github-actions github-actions bot added the doc Improvements or additions to documentation label May 5, 2023
@michaeljmarshall michaeljmarshall mentioned this pull request May 5, 2023
Merged
1 task
momo-jun
momo-jun approved these changes May 8, 2023
View reviewed changes
Copy link
Contributor

@momo-jun momo-jun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Anonymitaet
Anonymitaet reviewed May 8, 2023
View reviewed changes
Copy link
Member

@Anonymitaet Anonymitaet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution!

Have you previewed your changes and ensured everything goes as expected?

If not, please preview your changes locally and attach the screenshots to this PR. In this way, you can get your PR merged more quickly.

docs/security-openid-connect.md Outdated Show resolved Hide resolved
docs/security-openid-connect.md Outdated Show resolved Hide resolved
michaeljmarshall added a commit to apache/pulsar that referenced this pull request May 8, 2023
@michaeljmarshall
[feat][ws] Use async auth method to support OIDC (#20238)
03dc3db 
Fixes #20236 
PIP: #19409 

### Motivation

In the `AuthenticationService`, we are currently using the deprecated `authenticate` methods. As a result, we hit the `Not Implemented` exception when using the `AuthenticationProviderOpenID`. This PR updates the implementation so that we're able 

This solution isn't ideal for two reasons.

1. We are not using the `authenticationHttpRequest` method, which seems like the right method for the WebSocket proxy. However, this is not a viable option, as I documented in #20237.
2. We are calling `.get()` on a future. However, it is expected that the `AuthenticationProvider` not block forever, so I think this is acceptable for now. Please let me know if you disagree.

### Modifications

* Replace `authenticate` with `authenticateAsync`.

### Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

### Documentation

- [x] `doc-not-needed`

Note that I do have documentation showing that 3.0.x does not support OIDC in the WebSocket Proxy. The `next` docs don't need that limitation since this PR fixes that and targets 3.1.0. apache/pulsar-site#558

### Matching PR in forked repository

PR in forked repository: skipping for this trivial PR
michaeljmarshall added a commit to datastax/pulsar that referenced this pull request May 8, 2023
@michaeljmarshall
[feat][ws] Use async auth method to support OIDC (apache#20238)
02d6c16 
Fixes apache#20236
PIP: apache#19409

### Motivation

In the `AuthenticationService`, we are currently using the deprecated `authenticate` methods. As a result, we hit the `Not Implemented` exception when using the `AuthenticationProviderOpenID`. This PR updates the implementation so that we're able

This solution isn't ideal for two reasons.

1. We are not using the `authenticationHttpRequest` method, which seems like the right method for the WebSocket proxy. However, this is not a viable option, as I documented in apache#20237.
2. We are calling `.get()` on a future. However, it is expected that the `AuthenticationProvider` not block forever, so I think this is acceptable for now. Please let me know if you disagree.

### Modifications

* Replace `authenticate` with `authenticateAsync`.

### Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

### Documentation

- [x] `doc-not-needed`

Note that I do have documentation showing that 3.0.x does not support OIDC in the WebSocket Proxy. The `next` docs don't need that limitation since this PR fixes that and targets 3.1.0. apache/pulsar-site#558

### Matching PR in forked repository

PR in forked repository: skipping for this trivial PR

(cherry picked from commit 03dc3db)
@michaeljmarshall @Anonymitaet
Apply suggestions from code review
298a6a0 
Co-authored-by: Anonymitaet <50226895+Anonymitaet@users.noreply.github.com>
@michaeljmarshall michaeljmarshall merged commit a50a822 into apache:main May 12, 2023
@michaeljmarshall michaeljmarshall deleted the oidc-exception branch May 12, 2023 22:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Anonymitaet Anonymitaet Anonymitaet left review comments

@momo-jun momo-jun momo-jun approved these changes

Assignees

@michaeljmarshall michaeljmarshall

Labels
doc Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michaeljmarshall @Anonymitaet @momo-jun