request #14807 Verify signature of ID tokens

Artifact

Infos

Artifact ID#14807

Submitted byThomas Gerbet (tgerbet)

Last Modified On2020-04-23 18:06

Submitted on2020-04-21 09:44

Rank16076

Details

Summary *

Verify signature of ID tokens

Original Submission

When the OIDC client plugin was created we had technical constraints preventing us to do verify the signatures so we did the next best thing allowed by the specification: we made sure the token was sent directly from the provider over TLS and that the certificate was verifiable.

However those constraints do not exist anymore, Tuleap should properly verify the signature of the ID tokens.

CategoryAuthentication & LDAP

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2020-04-23

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #14681	Tuleap	Releases	11.14	Delivered	2020-03-05 19:57	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #14807

Git commit

tuleap/tuleap/stable

Verify signature of ID tokens issued by Azure AD a2a4134a31

Thomas Gerbet (tgerbet) , 2020-04-22 11:37

Verify signature of ID tokens issued by generic OIDC providers bd1877401c

Thomas Gerbet (tgerbet) , 2020-04-22 22:06

Show items referenced by request #14807

Referenced by request #14807

Artifact Tracker v5

rel #14681 11.14

Other

Follow-ups

Joris MASSON (jmasson)

2020-04-23 18:06

I thought a patch was missing, but it's ok. I'm closing it again :)

Status changed from Reopen to Closed
Close date set to 2020-04-23

Joris MASSON (jmasson)

2020-04-23 16:42

Reopening to handle generic providers

gerrit #18823 integrated into Tuleap 11.13.99.219

Status changed from Closed to Reopen
Close date cleared

Joris MASSON (jmasson)

2020-04-22 12:13

gerrit #18784 integrated into Tuleap 11.13.99.198

Status changed from Under implementation to Closed
Connected artifacts
- Added Fixed in: rel #14681
Close date set to 2020-04-22