Skip to content

identity/oidc: optional nonce parameter for authorize request#13231

Merged
austingebauer merged 3 commits into
mainfrom
oidc-optional-nonce
Nov 22, 2021
Merged

identity/oidc: optional nonce parameter for authorize request#13231
austingebauer merged 3 commits into
mainfrom
oidc-optional-nonce

Conversation

@austingebauer

@austingebauer austingebauer commented Nov 19, 2021

Copy link
Copy Markdown
Contributor

Overview

This PR makes the nonce parameter optional for the Authorization Endpoint published by Vault OIDC providers. It includes updates to documentation for this change.

Fixes #13204.

Additionally, this PR renames requiredClaims -> reservedClaims because it makes more sense as a variable name.

Testing

I've added test coverage to this PR. I also manually tested that the nonce isn't required and doesn't appear as an ID token claim when omitted.

@austingebauer austingebauer added this to the 1.9.1 milestone Nov 19, 2021
@vercel vercel Bot temporarily deployed to Preview – vault November 19, 2021 23:59 Inactive
@vercel vercel Bot temporarily deployed to Preview – vault-storybook November 19, 2021 23:59 Inactive
@austingebauer austingebauer merged commit 87c355e into main Nov 22, 2021
@austingebauer austingebauer deleted the oidc-optional-nonce branch November 22, 2021 17:42
austingebauer added a commit that referenced this pull request Nov 22, 2021
@austingebauer
identity/oidc: optional nonce parameter for authorize request (#13231)
a5b3c7e
@austingebauer austingebauer mentioned this pull request Nov 22, 2021
Merged
austingebauer added a commit that referenced this pull request Nov 24, 2021
@austingebauer
Backport 1.9.x: identity/oidc: optional nonce parameter for authorize…
79019d0 
… request (#13231) (#13242)
@braunsonm braunsonm mentioned this pull request Dec 16, 2021
Closed
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
pull Bot pushed a commit to Zezo-Ai/vault that referenced this pull request Mar 20, 2026
@hc-github-team-secure-vault-core @hc-github-team-secure-vault-ecosystem @vinay-gopalan
Backport Update vault-plugin-secrets-mongodbatlas to v0.17.1 into ce/…
2ab26b6 
…main (hashicorp#13231)

Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fairclothjm fairclothjm fairclothjm approved these changes

@robmonte robmonte Awaiting requested review from robmonte

@vinay-gopalan vinay-gopalan Awaiting requested review from vinay-gopalan

@taoism4504 taoism4504 Awaiting requested review from taoism4504

+1 more reviewer

@calvn calvn calvn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

identity/oidc

Projects

None yet

Milestone

1.9.1

Development

Successfully merging this pull request may close these issues.

OIDC provider: nonce should be optional in authorization code flow

3 participants

@austingebauer @calvn @fairclothjm