Page MenuHomePhabricator
Create Task
Maniphest T348931

Use ID token to get claims during authentication
Closed, ResolvedPublic
Actions

Description

The authentication now uses the ID token to retrieve user data. This is necessary because some identity providers do not return requested claims through the user info endpoint but incldue them in the ID token only. A cascading mechanism to retreive claims during authentication shall be implemented. First the claim shall be looked up in the ID token. If the claim is not found then the user info endpoint shall be contacted to get the claim. In most cases this also should save a couple of http requests.

Details

SubjectRepoBranchLines +/-
Use ID token to get claims during authenticationmediawiki/extensions/OpenIDConnectREL1_41+22 -6
Use ID token to get claims during authenticationmediawiki/extensions/OpenIDConnectREL1_40+22 -6
Use ID token to get claims during authenticationmediawiki/extensions/OpenIDConnectREL1_39+22 -6
Use ID token to get claims during authenticationmediawiki/extensions/OpenIDConnectmaster+22 -6
Customize query in gerrit

Event Timeline

Vajdaz created this task.Oct 15 2023, 5:38 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 15 2023, 5:38 PM
gerritbot added a comment.Oct 15 2023, 5:49 PM

Change 965852 had a related patch set uploaded (by Vajdaz; author: Vajdaz):

[mediawiki/extensions/OpenIDConnect@master] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965852

gerritbot added a project: Patch-For-Review.Oct 15 2023, 5:49 PM
gerritbot added a comment.Oct 15 2023, 5:57 PM

Change 965852 merged by jenkins-bot:

[mediawiki/extensions/OpenIDConnect@master] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965852

gerritbot added a comment.Oct 15 2023, 5:58 PM

Change 965896 had a related patch set uploaded (by Cicalese; author: Vajdaz):

[mediawiki/extensions/OpenIDConnect@REL1_39] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965896

gerritbot added a comment.Oct 15 2023, 5:58 PM

Change 965897 had a related patch set uploaded (by Cicalese; author: Vajdaz):

[mediawiki/extensions/OpenIDConnect@REL1_40] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965897

gerritbot added a comment.Oct 15 2023, 5:58 PM

Change 965898 had a related patch set uploaded (by Cicalese; author: Vajdaz):

[mediawiki/extensions/OpenIDConnect@REL1_41] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965898

gerritbot added a comment.Oct 15 2023, 6:02 PM

Change 965896 merged by jenkins-bot:

[mediawiki/extensions/OpenIDConnect@REL1_39] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965896

gerritbot added a comment.Oct 15 2023, 6:02 PM

Change 965897 merged by jenkins-bot:

[mediawiki/extensions/OpenIDConnect@REL1_40] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965897

gerritbot added a comment.Oct 15 2023, 6:04 PM

Change 965898 merged by jenkins-bot:

[mediawiki/extensions/OpenIDConnect@REL1_41] Use ID token to get claims during authentication

https://gerrit.wikimedia.org/r/965898

cicalese closed this task as Resolved.Oct 15 2023, 6:07 PM
cicalese moved this task from Backlog to Closed on the MediaWiki-extensions-OpenID-Connect board.
cicalese removed a project: Patch-For-Review.

See additional discussion at https://www.mediawiki.org/wiki/Topic:Xredg9711t0eje1m.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits