Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handlePasswordGrant: insert connectorData into OfflineSession #2199

Merged
merged 3 commits into from
Jul 20, 2021
Merged

handlePasswordGrant: insert connectorData into OfflineSession #2199

merged 3 commits into from
Jul 20, 2021

Conversation

hensur
Copy link
Contributor

@hensur hensur commented Jun 30, 2021

Overview

Using dex with the kubernetes oidc client results in the creation
of an Offline Session with empty ConnectorData.
This results in a working login, however, the ldap connector will fail once the client attempts to refresh its token.

This change will insert the ConnectorData from the initial Login
into the OfflineSession, as already done in handlePasswordLogin.

What this PR does / why we need it

Not doing this results in failures to refresh a token.
I've observed this with the ldap connetor, other connectors might
be affected as well.

The ldap connector will fail with this error message:
failed to refresh identity: ldap: failed to unmarshal internal data: unexpected end of JSON input

The Refresh method of the ldap connector will first try to unmarshal
the ConnectorData, which was empty, as dex wouldn't
store it in storage after a successful login.

Special notes for your reviewer

While this seems to fix the issue, I'm not sure if it is desired to save the ConnectorData in handlePasswordGrant as done in handlePasswordLogin.

Does this PR introduce a user-facing change?

NONE

@hensur
handlePasswordGrant: insert connectorData into OfflineSession
32904f3 
Using dex with the kubernetes oidc client results in the creation
of an Offline Session with empty ConnectorData.

This change will insert the ConnectorData from the initial Login
into the OfflineSession, as already done in `handlePasswordLogin`.

Not doing this results in failures to refresh a token.
I've observed this with the ldap connetor, other connectors might
be affected as well.

The ldap connector will fail with this error message:
`failed to refresh identity: ldap: failed to unmarshal internal data: unexpected end of JSON input`

The `Refresh` method of the ldap connector will first try to unmarshal
the ConnectorData, which was empty, as dex wouldn't
store it in storage after a successful login.

Signed-off-by: Henning Surmeier <[email protected]>
@hensur hensur force-pushed the pass-connector-data branch from 8b06467 to 32904f3 Compare June 30, 2021 13:00
@nabokihms
Copy link
Member

Hello @hensur. Thanks, it looks good. I wonder if we can write a test for this?

@nabokihms nabokihms self-requested a review June 30, 2021 14:45
@hensur
Copy link
Contributor Author

hensur commented Jul 15, 2021

Hey @nabokihms!
I had some time to look into this and came up with a test for this. It won't pass without my changes.
I took a lot of inspiration from the refresh handler tests, as I'm not really familiar with the dex code base :)

@hensur hensur force-pushed the pass-connector-data branch from 36310a0 to 3b5e12b Compare July 15, 2021 14:59
nabokihms
nabokihms reviewed Jul 16, 2021
View reviewed changes
nabokihms
nabokihms approved these changes Jul 16, 2021
View reviewed changes
Copy link
Member

@nabokihms nabokihms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approve in advance. Besides the test function name, everything looks good to me.

@hensur
give test a more specifc name
f578ab6 
Signed-off-by: Henning Surmeier <[email protected]>
@nabokihms nabokihms added this to the v2.30.0 milestone Jul 16, 2021
@nabokihms
Copy link
Member

Thanks for your contribution @hensur !

@nabokihms nabokihms merged commit 138364c into dexidp:master Jul 20, 2021
nolem pushed a commit to macstab/dex-roles that referenced this pull request Aug 8, 2021
@hensur @nolem
handlePasswordGrant: insert connectorData into OfflineSession (dexidp…
aa1857a 
…#2199)

* handlePasswordGrant: insert connectorData into OfflineSession

This change will insert the ConnectorData from the initial Login
into the OfflineSession, as already done in handlePasswordLogin.

Signed-off-by: Henning Surmeier <[email protected]>
Signed-off-by: cschnapka <[email protected]>
@vmaillot vmaillot mentioned this pull request Sep 9, 2021
Merged
6 tasks
elffjs pushed a commit to DIMO-Network/dex that referenced this pull request Jun 27, 2022
@hensur @elffjs
handlePasswordGrant: insert connectorData into OfflineSession (dexidp…
86ab429 
…#2199)

* handlePasswordGrant: insert connectorData into OfflineSession

This change will insert the ConnectorData from the initial Login
into the OfflineSession, as already done in handlePasswordLogin.

Signed-off-by: Henning Surmeier <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nabokihms nabokihms nabokihms approved these changes

Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
v2.30.0
Development

Successfully merging this pull request may close these issues.
2 participants
@hensur @nabokihms