Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authentication providers should check for valid hostnames before adding anything #1009

Closed
Tracked by #1049
baywet opened this issue Jan 7, 2022 · 0 comments · Fixed by #1051
Closed
Tracked by #1049

authentication providers should check for valid hostnames before adding anything #1009

baywet opened this issue Jan 7, 2022 · 0 comments · Fixed by #1051
Assignees
@baywet
Labels
Csharp Pull requests that update .net code fixed Go Java PHP Ruby TypeScript Pull requests that update Javascript code
Milestone
TypeWriter Replac...

Comments

@baywet
Copy link
Member

baywet commented Jan 7, 2022

The authentication provider should not add any auth information to a request that's not going to hosts we "know".
The AuthenticationProvider interface needs two more methods: Set/GetValidHostNames (hashset).
This then needs to be implemented in the base bearer authentication provider, which needs to check the hostname is present in that list before it adds the authorization header.
The request adapter interface needs to expose a getter to the authentication provider.
Finally, the constructor for the api client needs to set the value based on information available (hosts) in the OpenAPI description.
@baywet baywet added Csharp Pull requests that update .net code TypeScript Pull requests that update Javascript code Go Ruby Java generator Issues or improvements relater to generation capabilities. labels Jan 7, 2022
@baywet baywet added this to the TypeWriter Replacement milestone Jan 7, 2022
@baywet baywet self-assigned this Jan 7, 2022
@baywet baywet mentioned this issue Jan 21, 2022
Closed
42 tasks
@baywet baywet removed the generator Issues or improvements relater to generation capabilities. label Jan 21, 2022
@baywet baywet mentioned this issue Jan 21, 2022
Merged
@RabebOthmani RabebOthmani moved this to Todo in Kiota Jan 24, 2022
@Ndiritu Ndiritu added the PHP label Jan 26, 2022
@baywet baywet added the fixed label Jan 26, 2022
@baywet baywet moved this from Todo to In Progress in Kiota Jan 26, 2022
@Ndiritu Ndiritu mentioned this issue Jan 27, 2022
Merged
@baywet baywet linked a pull request Feb 10, 2022 that will close this issue
adds host and scheme validation for access token providers #1051
Merged
@baywet baywet closed this as completed Feb 10, 2022
Repository owner moved this from In Progress to Done in Kiota Feb 10, 2022
@baywet baywet mentioned this issue Jun 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@baywet baywet

Labels
Csharp Pull requests that update .net code fixed Go Java PHP Ruby TypeScript Pull requests that update Javascript code
Projects
Kiota
Archived in project
Milestone
TypeWriter Replacement
Development

Successfully merging a pull request may close this issue.

adds host and scheme validation for access token providers microsoft/kiota
2 participants
@baywet @Ndiritu