Improvements to validating incoming scitokens
This MR improves the validation of incoming auth scitokens, after some real-world testing.
The main functional changes are as follows
- don't use any custom validators, just set up
scitokens.Encforcerand use it's defaulttest()method. - explicitly
deserialize()tokens withaud:ANY, the enforcer will restrict the audience later
Merge request reports
Activity
changed milestone to %GWDataFind Server 1.2.0
added gwdatafind_server.authentication label
added 7 commits
-
fd3f898a...bfeacd6c - 2 commits from branch
computing/gwdatafind:master - d2e1bbc3 - auth: move server scitoken param parsing inside validator
- 4240af1d - auth: simplify validating scitokens
- 1f4c18d0 - auth: enable multiple audience claims in config
- ebc3ecaa - simplify fixup
- 2f4957d7 - auth: deserialize all tokens, enforce aud later
Toggle commit list-
fd3f898a...bfeacd6c - 2 commits from branch
added 1 commit
- e51e1eee - auth: deserialize all tokens, enforce aud later
assigned to @duncan.meacher
requested review from @duncan.meacher
added 9 commits
-
e51e1eee...83129ad0 - 4 commits from branch
computing/gwdatafind:master - 26d6f985 - auth: move server scitoken param parsing inside validator
- c1d87a61 - auth: simplify validating scitokens
- b80b9c6d - auth: enable multiple audience claims in config
- 8dd4780d - simplify fixup
- 86d3bddb - auth: deserialize all tokens, enforce aud later
Toggle commit list-
e51e1eee...83129ad0 - 4 commits from branch
enabled an automatic merge when the pipeline for 86d3bddb succeeds
mentioned in commit 65338aed
Please register or sign in to reply