-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add custom parameters to authorize and logout endpoints #480
base: master
Are you sure you want to change the base?
Add custom parameters to authorize and logout endpoints #480
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #480 +/- ##
============================================
+ Coverage 71.73% 73.70% +1.97%
- Complexity 222 252 +30
============================================
Files 17 18 +1
Lines 1033 1084 +51
Branches 148 155 +7
============================================
+ Hits 741 799 +58
+ Misses 201 195 -6
+ Partials 91 90 -1 ☔ View full report in Codecov by Sentry. |
58e2662
to
36fe900
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @eva-mueller-coremedia thanks for this.
I have had a quick look and have a few comments around the UX side.
The extra parameters would IIUC not be needed in the majority of conformant IDPs, as such do you thing they should be hidden behind an advanced section?
the use of a single string for multiple keyvalue pairs (and the encoding /splitting shenaningans) would seem to be error prone (and it lacks good warnings on invalid input). (a value may need to encode &
and then you need to escape it)
Would making the KeyValue a Describable and using a repeatable option using repeatableProperty
or the like (which can then perform individual valuation of the key and the value). NB not sur how this would look in CasC.
@jtnord Thanks for the feedback, will try to follow a key value pair pattern. If you don't mind, I would like to remove the UI at all - only provide it to be set via CasC resp. Java/Groovy code. Any objections? |
it's generally considered bad to have something exposed in the UI and not CasC and vice versa. Not exposing in the UI can lead to it getting overridden if someone saves the Jenkins form in the UI (which I say you should never do as if you manage by code you should have a read only system UI, but it is useful on test systems where you want to make changes in the UI and then export the config for applying to a different server). |
Understood. 👍 I will have a look to implement it the way you described initially. Thanks for the explanation! |
…eld instanceof String'
f77f277
to
418804d
Compare
418804d
to
dce7676
Compare
This PR
Additionally, some housekeeping (fixing typos, simplify statements) has been done.
The main change has been done in eb0d2ba:
maybeOpenIdLogoutEndpoint
has been refactored when it comes to combining all parametersorg.pac4j.oidc.config.OidcConfiguration
maybeOpenIdLogoutEndpoint
likeid_token_hint
,state
,post_logout_redirect_uri
Testing done
This change has been tested by unit tests as well as local testing agains AWS Cognito.
Submitter checklist