-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: pkce for UI #9890 #11325
feature: pkce for UI #9890 #11325
Conversation
Signed-off-by: mmerrill3 <jjpaacks@gmail.com>
@crenshaw-dev, I'll be adding tests, but wanted to get feedback on the approach. |
Codecov ReportBase: 45.65% // Head: 45.69% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #11325 +/- ##
==========================================
+ Coverage 45.65% 45.69% +0.03%
==========================================
Files 239 239
Lines 28996 29014 +18
==========================================
+ Hits 13238 13257 +19
+ Misses 13939 13937 -2
- Partials 1819 1820 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
parts := strings.Split(iterator.Val(), "|") | ||
if len(parts) < 2 { | ||
log.Warnf("Unexpected redis key prefixed with '%s'. Must have nonce and code verifier, tilde separated, after the prefix but got: '%s'.", | ||
pkceEntryPrefix+nonce, |
Check failure
Code scanning / CodeQL
Log entries created from user input
} | ||
|
||
if iterator.Err() != nil { | ||
log.Warnf("Unexpected redis error when optimistically looking in redis for nonce '%s' : %v", nonce, iterator.Err()) |
Check failure
Code scanning / CodeQL
Log entries created from user input
log.Warnf("Unexpected redis error when optimistically looking in redis for nonce '%s' : %v", nonce, iterator.Err()) | ||
} | ||
} | ||
log.Warnf("Did not find code verifier for nonce '%s'", nonce) |
Check failure
Code scanning / CodeQL
Log entries created from user input
In the past, we used an encrypted cookie to avoid making Redis a firm requirement for UI functionality. Would that be viable here as well? cc @alexmt |
@crenshaw-dev , yes, I believe the verification code could be embedded in the cookie. Thanks, I can try that out. |
Fixes [ISSUE #9890] . Implementation for PXCE using redis storage for the UI. Use the "state" nonce as the key for looking up the code verifier.
Signed-off-by: mmerrill3 jjpaacks@gmail.com
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: