Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TT-12740 support for jwe tokens in OIDC #420

Merged
merged 32 commits into from
Oct 28, 2024
Merged

TT-12740 support for jwe tokens in OIDC #420

merged 32 commits into from
Oct 28, 2024

Conversation

sredxny
Copy link
Contributor

@sredxny sredxny commented Sep 27, 2024
edited
Loading

Description

Added support for JWE in OIDC, just need to enable it at profile level and specify where is the cert file located (the cert contains the private key to decrypt the token)

Related Issue

TT-12740

Motivation and Context

How This Has Been Tested

  • Running an instance of Keycloak that supports JWE
  • Run tyk dashboard and tyk identity broker
  • Created an OIDC client in keycloak, load the key and enabled Encrypting of token
  • Created a TIB profile like:
  "ID": "keycloak",
  "OrgID": "my-org-id",
  "ActionType": "GenerateOrLoginUserProfile",
  "Type": "redirect",
  "ProviderName": "SocialProvider",
  "ProviderConfig": {
    "CallbackBaseURL": "http://localhost:3010",
    "FailureRedirect": "http://tyk-dashboard:3000/?fail=true",
    "UseProviders": [
      {
        "DiscoverURL": "http://localhost:8080/realms/tyk/.well-known/openid-configuration",
        "Key": "client-id-key",
        "Name": "openid-connect",
        "Scopes": [
          "openid",
          "email"
        ],
        "Secret": "s3cr3t"
      }
    ],
    "JWE": {
      "Enabled": true,
      "Private_key_location": "/location/of/my/combined_cert_and_key.pem",
    }
  },
  "IdentityHandlerConfig": {
    "DashboardCredential": "my-s3cr3t"
  },
  "ReturnURL": "http://tyk-dashboard:3000/tap",
}

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

  • Make sure you are requesting to pull a topic/feature/bugfix branch (right side). If pulling from your own
    fork, don't request your master!
  • Make sure you are making a pull request against the master branch (left side). Also, you should start
    your branch off our latest master.
  • My change requires a change to the documentation.
    • If you've changed APIs, describe what needs to be updated in the documentation.
    • If new config option added, ensure that it can be set via ENV variable
  • I have updated the documentation accordingly.
  • Modules and vendor dependencies have been updated; run go mod tidy && go mod vendor
  • When updating library version must provide reason/explanation for this update.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • Check your code additions will not fail linting checks:
    • go fmt -s
    • go vet

@sredxny sredxny changed the title TT-12740 support for jwe tokens in openid TT-12740 support for jwe tokens in OIDC Oct 27, 2024
@sredxny sredxny requested a review from mativm02 October 27, 2024 19:17
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 28, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
73.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud

@sredxny sredxny merged commit 4ac45b8 into master Oct 28, 2024
9 of 10 checks passed
@sredxny sredxny deleted the TT-12740/feature-support-jwe branch October 28, 2024 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mativm02 mativm02 mativm02 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sredxny @mativm02