Feat/OIDC loopback redirect dynamic#13871
Merged
austingebauer merged 3 commits intohashicorp:mainfrom Feb 7, 2022
Merged
Conversation
…IDC client if it is the IPv4 or IPv6 loopback address.
63e4fdc to
4a66798
Compare
Contributor
|
Thanks, @paladin-devops! I had just started working on this issue too :) I'll be giving this a review. |
Contributor
austingebauer
left a comment
There was a problem hiding this comment.
Thanks again for this contribution, @paladin-devops! I have a few suggestions. I also wrote some tests and am happy to contribute those after this gets merged.
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Contributor
Author
|
@austingebauer thanks for the feedback & review! My next contribution will include tests up front. :) Looking forward to integrating this w/Waypoint! |
austingebauer
approved these changes
Feb 7, 2022
Contributor
austingebauer
left a comment
There was a problem hiding this comment.
LGTM! Thanks again, @paladin-devops. I'll be backporting this into the Vault 1.9.x branch as well.
This was referenced Feb 7, 2022
This was referenced Feb 7, 2022
fairclothjm
pushed a commit
that referenced
this pull request
Feb 12, 2022
* Add check for OIDC provider to permit a non-exact redirect URI from OIDC client if it is the IPv4 or IPv6 loopback address. * Update changelog/13871.txt Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> * Update redirectURI check to match that for the OIDC auth method. Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses #13523.
Adds check to OIDC provider to allow for redirect URI to have a dynamic port # in the URI if the loopback address is included in the OIDC client, and if the OIDC client's redirect URI is the loopback address.