stable
Clone or download
When a ID token is generated, it is now signed with RSA SHA-256. Only this type of signature will be supported as it is the only one that is mandatory to support for providers [0]. To test you need to get an access token with the 'Sign scope' (if the usage of PKCE is forced, add the mandatory parameters): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=openid&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token and an ID token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. The ID token will be signed. If you want to verify the token signature you can get the public key from the DB. Part of story #14714: be an OpenID Connect provider [0] https://openid.net/specs/openid-connect-core-1_0.html#ServerMTI Change-Id: I7926f61c583290cd31c00424e6dbc5c570b935d9
Modified Files
Name | ||||
---|---|---|---|---|
M | plugins/oauth2_server/db/install.sql | +6 | −0 | Go to diff View file |
A | plugins/oauth2_server/db/mysql/2020/202004071345_create_oidc_signing_key_table.php | +46 | −0 | Go to diff View file |
M | plugins/oauth2_server/db/uninstall.sql | +1 | −0 | Go to diff View file |
M | plugins/oauth2_server/include/OpenIDConnect/IDToken/OpenIDConnectIDTokenCreator.php | +15 | −2 | Go to diff View file |
A | plugins/oauth2_server/include/OpenIDConnect/IDToken/OpenIDConnectSigningKeyDAO.php | +48 | −0 | Go to diff View file |
A | plugins/oauth2_server/include/OpenIDConnect/IDToken/OpenIDConnectSigningKeyFactory.php | +72 | −0 | Go to diff View file |
M | plugins/oauth2_server/include/oauth2_serverPlugin.php | +6 | −1 | Go to diff View file |
M | plugins/oauth2_server/phpunit/OpenIDConnect/IDToken/OpenIDConnectIDTokenCreatorTest.php | +54 | −1 | Go to diff View file |
A | plugins/oauth2_server/phpunit/OpenIDConnect/IDToken/OpenIDConnectSigningKeyFactoryTest.php | +109 | −0 | Go to diff View file |
A | plugins/oauth2_server/tests/integration/OpenIDConnect/IDToken/OpenIDConnectSigningKeyDAOTest.php | +58 | −0 | Go to diff View file |