-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add pkce-openid-backend #255
Conversation
@omar-nelc could you take a look 😬 |
e29b8ba
to
33c6ee0
Compare
This add a generic backend based in ConfigurableOpenIdConnectAuth but with PKCE. This backend is inspired in the social-core way to implement PKCE. There is a current PR in working, but for the moment, that class is not merged and accesible. So after that is finished this has it code for `code_challenge` and `code_challenge_method`implementation. PR: python-social-auth/social-core#856
33c6ee0
to
1584426
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @johanv26. I have added a suggestion to refactor the BaseOAuth2PKCEMixin
and use it so we can refactor later and use the BaseOAuth2PKCE
base class once it lands on upstream.
This usually helps with the release upgrade.
Co-authored-by: Omar Al-Ithawi @ NELC <[email protected]> chore: suggestions from code review Co-authored-by: Omar Al-Ithawi @ NELC <[email protected]>
d0a7b2c
to
6664e76
Compare
eox_core/social_tpa_backends.py
Outdated
PKCE_DEFAULT_CODE_CHALLENGE_METHOD = "s256" | ||
PKCE_DEFAULT_CODE_VERIFIER_LENGTH = 32 | ||
USE_PKCE = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @johanv26!! Looks much better now!
Those aren't needed, because they're inherited from the mixin.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, I just left some comments related with the code's style that I would have implemented , however I know this is a copy of the social-core pr so feel free to ignore these I just wanted to point them out
code_verifier = self.strategy.session_get(name) | ||
return code_verifier |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code_verifier = self.strategy.session_get(name) | |
return code_verifier | |
code_verifier = self.strategy.session_get(name) | |
return code_verifier |
eox_core/social_tpa_backends.py
Outdated
return code_challenge | ||
elif method == "plain": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return code_challenge | |
elif method == "plain": | |
return code_challenge | |
if method == "plain": |
eox_core/social_tpa_backends.py
Outdated
|
||
PKCE_DEFAULT_CODE_CHALLENGE_METHOD = "s256" | ||
PKCE_DEFAULT_CODE_VERIFIER_LENGTH = 32 | ||
USE_PKCE = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand why is this necessary, I mean the obvious answer is because you can disable that behavior on sub-classes, but if I don't want that behavior on sub-classes I could inherit from BaseOAuth2 instead of this one
@andrey-canon I updated to the version is approved in social_core. But taking advantage of that PR is not merged yet, I added some of your review to that PR. |
0f5ecbc
to
837a4ae
Compare
Co-authored-by: Andrey Cañon <[email protected]>
837a4ae
to
5a4fc33
Compare
* feat: add pkce-openid-backend This adds a generic backend based on ConfigurableOpenIdConnectAuth but with PKCE. This backend is inspired in the social-core way to implement PKCE. There is a current PR in work, but for the moment, that class is not merged and accessible. So after that is finished this has it code for `code_challenge` and `code_challenge_method`implementation. PR: python-social-auth/social-core#856 * refactor: avoid repeated pkce conf definition * feat: update with small changes social_core * refactor: suggestions from code review Co-authored-by: Omar Al-Ithawi @ NELC <[email protected]> Co-authored-by: Andrey Cañon <[email protected]>
feat: add pkce-openid-backend (#255)
Description
This adds a generic backend based on ConfigurableOpenIdConnectAuth but
with PKCE.
This backend is inspired by the social-core way to implement PKCE.
There is a current PR in work, but for the moment, that class is not merged and accessible.
So after that is finished this has its code for
code_challenge
andcode_challenge_method
implementation.PR: python-social-auth/social-core#856
Testing instructions
Please provide detailed step-by-step instructions for testing this change.
Additional information
Jira story
https://edunext.atlassian.net/browse/FUTUREX-606
Checklist for Merge