README: Point out some subtleties around client auth methods (!78) · Merge requests · infrastructure / authz-mediator · GitLab

Snippets Groups Projects

Merged Emanuele Aina requested to merge wip/em/client-auth-basic-docs into main 8 months ago

With commit ad28b94f "Validate client_id and client_secret values" the mediator started paying attention to client authentication.

Since our integration test cargo-culted some configuration parameter straight from the GitLab configuration examples the mediator ended up implementing what the OpenID-Connect spec calls the client_secret_post authentication method, see https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

Unfortunately, the spec also says that the actual default is client_secret_basic, so any real world usage is bound to fail unless some specific configuration is applied.

To minimize confusion, let's drop the cargo-culted option from the example and add a note pointing to the spec and to the upstream GitLab documentation, while still keeping the client_secret_post usage in the GitLab integration test to exercise the codepath.

Task: https://phabricator.apertis.org/T10554

Activity

Emanuele Aina added 1 commit 8 months ago
added 1 commit

3a4db137 - README: Point out some subtleties around client auth methods

Compare with previous version
Pablo Vigo Mas added 3 commits 8 months ago
added 3 commits

3a4db137...78bbce17 - 2 commits from branch main

f572b8af - README: Point out some subtleties around client auth methods

Compare with previous version
Pablo Vigo Mas enabled an automatic merge when the pipeline for f572b8af succeeds 8 months ago

enabled an automatic merge when the pipeline for f572b8af succeeds
Pablo Vigo Mas merged 8 months ago

merged

Please register or sign in to reply

Apertis Website Terms of Use Privacy Policy