Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

two bugs with request param #299

Merged
merged 2 commits into from
Dec 7, 2023
Merged

two bugs with request param #299

merged 2 commits into from
Dec 7, 2023

Conversation

paulswartz
Copy link
Collaborator

More notes in the individual commits, but the tl;dr;

  • correct the sorting of signing/encryption algorithms
  • put url_extension parameters in the URL even when using a request param

@paulswartz
fix: correct deprioritize_none_alg/1
50b60e8 
Previously, it would return only two items: the first non-`none`
algorithm, and `none`. This doesn't appear to be what we want: instead,
we want the full list in their regular order, but with `none` at the
end.

Related to erlef#297, as the root cause of
the crash I was seeing was the the first algorithm in the authorizer's
list wasn't supported by JOSE, so we went immediately to `none`.
@paulswartz
fix: ensure url_extension parameters go in the URL, not the request…
70eb95e 
… claim
@coveralls
Copy link

Pull Request Test Coverage Report for Build 93

  • 6 of 6 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.3%) to 92.876%
Totals Coverage Status
Change from base Build 128: 0.3%
Covered Lines: 717
Relevant Lines: 772
💛 - Coveralls

@maennchen maennchen merged commit 06f5263 into erlef:main Dec 7, 2023
25 checks passed
@maennchen maennchen added this to the v3.1.2 milestone Dec 7, 2023
@paulswartz paulswartz deleted the deprioritize-none branch January 13, 2024 01:02
paulswartz added a commit to paulswartz/oidcc that referenced this pull request Jun 7, 2024
@paulswartz
fix: url_extension params also go in the request object
88427b3 
Originally done in erlef#299, this doesn't seem correct in practice. In
particular, a team ran into this issue with Keycloak, where passing the
`kc_action` parameter only works when it's included in the request
object.

I also tried this with the conformance suite, and all the tests continue
to pass with this change.
paulswartz added a commit to paulswartz/oidcc that referenced this pull request Jun 7, 2024
@paulswartz
fix: url_extension params also go in the request object
d27004e 
Originally done in erlef#299, this doesn't seem correct in practice. In
particular, a team ran into this issue with Keycloak, where passing the
`kc_action` parameter only works when it's included in the request
object.

I also tried this with the conformance suite, and all the tests continue
to pass with this change.
@paulswartz paulswartz mentioned this pull request Jun 7, 2024
Merged
maennchen pushed a commit to paulswartz/oidcc that referenced this pull request Jun 12, 2024
@paulswartz @maennchen
fix: url_extension params also go in the request object
ae0255e 
Originally done in erlef#299, this doesn't seem correct in practice. In
particular, a team ran into this issue with Keycloak, where passing the
`kc_action` parameter only works when it's included in the request
object.

I also tried this with the conformance suite, and all the tests continue
to pass with this change.
maennchen pushed a commit to paulswartz/oidcc that referenced this pull request Jun 12, 2024
@paulswartz @maennchen
fix: url_extension params also go in the request object
580dd67 
Originally done in erlef#299, this doesn't seem correct in practice. In
particular, a team ran into this issue with Keycloak, where passing the
`kc_action` parameter only works when it's included in the request
object.

I also tried this with the conformance suite, and all the tests continue
to pass with this change.
paulswartz added a commit to paulswartz/oidcc that referenced this pull request Jun 17, 2024
@paulswartz
fix: url_extension params also go in the request object
ed07fbc 
Originally done in erlef#299, this doesn't seem correct in practice. In
particular, a team ran into this issue with Keycloak, where passing the
`kc_action` parameter only works when it's included in the request
object.

I also tried this with the conformance suite, and all the tests continue
to pass with this change.
maennchen pushed a commit that referenced this pull request Jun 18, 2024
@paulswartz
fix: url_extension params also go in the request object (#354)
493b0d0 
Originally done in #299, this doesn't seem correct in practice. In
particular, a team ran into this issue with Keycloak, where passing the
`kc_action` parameter only works when it's included in the request
object.

I also tried this with the conformance suite, and all the tests continue
to pass with this change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@paulswartz @coveralls @maennchen