•  
      request #14807 Verify signature of ID tokens
    Infos
    #14807
    Thomas Gerbet (tgerbet)
    2020-04-23 18:06
    2020-04-21 09:44
    15976
    Details
    Verify signature of ID tokens
    When the OIDC client plugin was created we had technical constraints preventing us to do verify the signatures so we did the next best thing allowed by the specification: we made sure the token was sent directly from the provider over TLS and that the certificate was verifiable.

    However those constraints do not exist anymore, Tuleap should properly verify the signature of the ID tokens.
    Authentication & LDAP
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-04-23
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Joris MASSON (jmasson)2020-04-23 18:06
    I thought a patch was missing, but it's ok. I'm closing it again :)

    • Status changed from Reopen to Closed
    • Close date set to 2020-04-23
    User avatar
    Joris MASSON (jmasson)2020-04-23 16:42
    Reopening to handle generic providers

    gerrit #18823 integrated into Tuleap 11.13.99.219

    • Status changed from Closed to Reopen
    • Close date cleared