Add possibility to encode the state param as UrlEncodedBase64 #2312
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
tuunit
approved these changes
Nov 20, 2023
JoelSpeed
previously approved these changes
Nov 25, 2023
There was a problem hiding this comment.
I'm ok with this. I think though when we go through the alpha config migration to GA, I would probably suggest changing up the bool to an enum.
Something like stateEncoding: Plain | Base64 would be more flexible and allow us to add additional options in the future should we choose to do so.
|
Looks like there's a conflict that will need to be resolved before we merge |
Resolved |
I'll take this over. |
JoelSpeed
previously approved these changes
Dec 3, 2023
|
Can we fix the linter issue please? |
|
Hi @brezinajn, Hope you are doing well. We would like to get this merged. The following linting issue is holding us back: Error: oauthproxy.go:1205:9: indent-error-flow: if block ends with a return statement, so drop this else and outdent its block (revive)
} else {
return rawString
} |
tuunit
requested changes
Dec 17, 2023
Co-authored-by: Jan Larwig <jan@larwig.com>
Hi, sorry I'm on my vacation, so I'm not at my PC currently. Committed your suggestion. Hope it resolves the issue. Should there be another issue, please let me know. Thanks |
|
Hi guys! Any updates on this? |
kvanzuijlen
approved these changes
Jan 18, 2024
This should be picked up during the next round of merging hopefully. |
JoelSpeed
approved these changes
Jan 20, 2024
tuunit
added a commit
to tuunit/oauth2-proxy
that referenced
this pull request
Jan 21, 2024
* enhancement: Change base image from alpine to distroless (oauth2-proxy#2295) * Changed base image from alpine to distroless * chore: updated Makefile * fix: removed arm/v6 and ppc64le for distroless variant * Update Dockerfile * Update Makefile * docs: Add README-section, CHANGELOG-entry and --pull to prevent caching --------- Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Add possibility to encode the state param as UrlEncodedBase64 (oauth2-proxy#2312) * Add possibility to encode the state param as UrlEncodedBase64 * Update CHANGELOG.md * Update oauthproxy.go Co-authored-by: Jan Larwig <jan@larwig.com> --------- Co-authored-by: Jan Larwig <jan@larwig.com> * NGINX return 403 for sign_in (oauth2-proxy#2322) (oauth2-proxy#2323) Co-authored-by: Sven Ertel <sven.ertel@bayernwerk.de> * chore: Create sha256sum for tar instead of binary (oauth2-proxy#2343) * Create sha256sum for tar instead of binary * chore: Add checksum for binary * chore: Updated changelog --------- Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Log error details when failed loading CSRF cookie (oauth2-proxy#2345) * Log error details when failed loading CSRF cookie * Add a record about this PR to CHANGELOG.md --------- Co-authored-by: Ondrej Charvat <ondrej.charvat@yunextraffic.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Feature - Add env variable support for alpha struct (oauth2-proxy#2375) * added envsubstring package and added simple test cases.imple tests. * added documentation * added changelog entry * added documentation to wrong file . * changed tests to ginkgo format * update project to use better maintained library * use defer to clear test variable after tests finished * updated docs for the new package documentation and fixed bad english * refactored function to "reduce" complexity. * updated changelog for new version updated readme * minor formatting --------- Co-authored-by: Haydn Evans <h.evans@douglas.de> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * remove nsswitch workaround (oauth2-proxy#2371) Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * feat: Added renovate configuration (oauth2-proxy#2377) * Feature/add option to skip loading claims from profile url (oauth2-proxy#2329) * add new flag skip-claims-from-profile-url * skip passing profile URL if SkipClaimsFromProfileURL * docs for --skip-claims-from-profile-url flag * update flag comment * update docs * update CHANGELOG.md * Update providers/provider_data.go Co-authored-by: Jan Larwig <jan@larwig.com> * Add tests for SkipClaimsFromProfileURL * simplify tests for SkipClaimsFromProfileURL * generate alpha_config.md --------- Co-authored-by: Jan Larwig <jan@larwig.com> * Add ability to configure username for Redis cluster connections (oauth2-proxy#2381) * Initial attempt. * Add CHANGELOG entry. * Drop commented-out Sentinel test. --------- Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * chore(deps): update module golang.org/x/crypto to v0.17.0 [security] (oauth2-proxy#2400) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update github.com/ghodss/yaml digest to d8423dc (oauth2-proxy#2401) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Improved dev environment (oauth2-proxy#2211) * Improved dev env setup * Cleanup duplicate checks * Applied PR feedback * Updated go.mod/go.sum * go mod tidy * Update .devcontainer/devcontainer.json * Update pkg/http/server_test.go Co-authored-by: Jan Larwig <jan@larwig.com> * Create launch.json * Update .devcontainer/Dockerfile * Apply suggestions from code review --------- Co-authored-by: Jan Larwig <jan@larwig.com> * feature: add release automation workflows (oauth2-proxy#2224) * feature: add release automation workflows * deactivate provenancee because of behaviour change with buildx v0.10.0 * add changelog section extraction for github release notes * fix registry path; fix EOF * use correct version of golangci-lint; add additional workflow step for fetching all dependencies * chore(deps): update module github.com/bsm/redislock to v0.9.4 (oauth2-proxy#2406) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * initial commit for docusaurus 3 upgrade * fix mdx errors * fix mdx issues * fix routing issues * update docs generation workflow * fix version * fix permissions * move slack to header * remove background color and minify * Update docs/docs/configuration/providers/openid_connect.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/openid_connect.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/openid_connect.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/gitlab.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/gitlab.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/github.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/github.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/github.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * Update docs/docs/configuration/providers/github.md Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> --------- Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Jan Brezina <brezinajn@users.noreply.github.com> Co-authored-by: WhiteRabbit-Code <sven@ertel-net.de> Co-authored-by: Sven Ertel <sven.ertel@bayernwerk.de> Co-authored-by: charvadzo <120425386+charvadzo@users.noreply.github.com> Co-authored-by: Ondrej Charvat <ondrej.charvat@yunextraffic.com> Co-authored-by: Haydn Evans <h.evans@douglas.de> Co-authored-by: Nils Gustav Stråbø <65334626+nilsgstrabo@users.noreply.github.com> Co-authored-by: Ross Golder <ross@golder.org> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This is continuation of #2239
Added a feature to optionally Base64Url encode the state param.
The feature is behind a configuration flag, so the default behavior remains unchanged.
Motivation and Context
We're facing an issue where the state parameter gets truncated by the provider, leading to an incorrect application state after login. It's probably this issue but in our case with an oidc provider.
How Has This Been Tested?
We used a build from this commit as a drop-in replacement for 7.5.0 on our testing environment. Works as expected.
Checklist: