feat: add pkce-openid-backend #255
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@omar-nelc could you take a look 😬 |
johanseto
force-pushed
the
jlc/add-pkce-openid-backend
branch
from
e29b8ba
to
33c6ee0
Compare
This add a generic backend based in ConfigurableOpenIdConnectAuth but with PKCE. This backend is inspired in the social-core way to implement PKCE. There is a current PR in working, but for the moment, that class is not merged and accesible. So after that is finished this has it code for `code_challenge` and `code_challenge_method`implementation. PR: python-social-auth/social-core#856
johanseto
force-pushed
the
jlc/add-pkce-openid-backend
branch
from
33c6ee0
to
1584426
Compare
omar-nelc
approved these changes
Nov 21, 2023
Co-authored-by: Omar Al-Ithawi @ NELC <[email protected]> chore: suggestions from code review Co-authored-by: Omar Al-Ithawi @ NELC <[email protected]>
johanseto
force-pushed
the
jlc/add-pkce-openid-backend
branch
from
d0a7b2c
to
6664e76
Compare
omar-nelc
reviewed
Nov 21, 2023
eox_core/social_tpa_backends.py
Outdated
Comment on lines
284
to
286
| PKCE_DEFAULT_CODE_CHALLENGE_METHOD = "s256" | ||
| PKCE_DEFAULT_CODE_VERIFIER_LENGTH = 32 | ||
| USE_PKCE = True |
There was a problem hiding this comment.
Thanks @johanv26!! Looks much better now!
Those aren't needed, because they're inherited from the mixin.
Comment on lines
+231
to
+232
| code_verifier = self.strategy.session_get(name) | ||
| return code_verifier |
There was a problem hiding this comment.
Suggested change
| code_verifier = self.strategy.session_get(name) | |
| return code_verifier | |
| code_verifier = self.strategy.session_get(name) | |
| return code_verifier |
eox_core/social_tpa_backends.py
Outdated
Comment on lines
240
to
241
| return code_challenge | ||
| elif method == "plain": |
There was a problem hiding this comment.
Suggested change
| return code_challenge | |
| elif method == "plain": | |
| return code_challenge | |
| if method == "plain": |
eox_core/social_tpa_backends.py
Outdated
|
|
||
| PKCE_DEFAULT_CODE_CHALLENGE_METHOD = "s256" | ||
| PKCE_DEFAULT_CODE_VERIFIER_LENGTH = 32 | ||
| USE_PKCE = True |
There was a problem hiding this comment.
I don't understand why is this necessary, I mean the obvious answer is because you can disable that behavior on sub-classes, but if I don't want that behavior on sub-classes I could inherit from BaseOAuth2 instead of this one
|
@andrey-canon I updated to the version is approved in social_core. But taking advantage of that PR is not merged yet, I added some of your review to that PR. |
johanseto
force-pushed
the
jlc/add-pkce-openid-backend
branch
from
0f5ecbc
to
837a4ae
Compare
Co-authored-by: Andrey Cañon <[email protected]>
johanseto
force-pushed
the
jlc/add-pkce-openid-backend
branch
from
837a4ae
to
5a4fc33
Compare
andrey-canon
added a commit
that referenced
this pull request
Mar 5, 2024
* feat: add pkce-openid-backend This adds a generic backend based on ConfigurableOpenIdConnectAuth but with PKCE. This backend is inspired in the social-core way to implement PKCE. There is a current PR in work, but for the moment, that class is not merged and accessible. So after that is finished this has it code for `code_challenge` and `code_challenge_method`implementation. PR: python-social-auth/social-core#856 * refactor: avoid repeated pkce conf definition * feat: update with small changes social_core * refactor: suggestions from code review Co-authored-by: Omar Al-Ithawi @ NELC <[email protected]> Co-authored-by: Andrey Cañon <[email protected]>
4 tasks
andrey-canon
added a commit
that referenced
this pull request
Mar 5, 2024
feat: add pkce-openid-backend (#255)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This adds a generic backend based on ConfigurableOpenIdConnectAuth but
with PKCE.
This backend is inspired by the social-core way to implement PKCE.
There is a current PR in work, but for the moment, that class is not merged and accessible.
So after that is finished this has its code for
code_challengeandcode_challenge_methodimplementation.PR: python-social-auth/social-core#856
Testing instructions
Please provide detailed step-by-step instructions for testing this change.
Additional information
Jira story
https://edunext.atlassian.net/browse/FUTUREX-606
Checklist for Merge