Comments (3)
souradeepmajumdar05
commented on June 7, 2024
@markphelps can you attach steps to replicate this, would like to take this up
changes should be around auth_grpc.pb.go#L472
from flipt.
markphelps
commented on June 7, 2024
Hey @souradeepmajumdar05 !!
So im trying to see if this is something that is possible for us to 'fix', as it seems like it should be working looking through our code as well as the underlying libraries.
Here's what I've found so far:
- It starts here at the OIDC callback handler where the provider successfully calls back to Flipt to initiate the code/token exchange:
- We get the configured provider and initiate the exchange
- It calls the Hashicorp Cap OIDC provider exchange method: https://github.com/hashicorp/cap/blob/1d58e0e8bd5f948b9d2bebe8b25a81eb0288fe32/oidc/provider.go#L261
- This eventually calls the underlying oauth2.Exchange method here: https://github.com/golang/oauth2/blob/6e9ec9323da7adcd2cc6e62e4deb9fae4c309a1a/oauth2.go#L223
- This calls
retrieveToken: https://github.com/golang/oauth2/blob/6e9ec9323da7adcd2cc6e62e4deb9fae4c309a1a/token.go#L166 - Which calls
internal.RetrieveToken: https://github.com/golang/oauth2/blob/6e9ec9323da7adcd2cc6e62e4deb9fae4c309a1a/internal/token.go#L212 - Which gets down here: https://github.com/golang/oauth2/blob/6e9ec9323da7adcd2cc6e62e4deb9fae4c309a1a/internal/token.go#L212
Looking at this logic, it should actually try both ways (Auth in header first, then Auth in body) and cache the result for the provider for future calls.
And since we don't currently expose setting the AuthStyle at all in Flipt, it should use the default 0 value, which according to the code is AutoDetect: https://github.com/golang/oauth2/blob/master/oauth2.go#L85
This should mean that Flipt essentially tries both ways to exchange the code, first in the header as requested per this issue, then in the body.. unless we are using an outdated version of the oauth2 dependency..
Let me dive in some more and check
from flipt.
markphelps
commented on June 7, 2024
go list -m all | grep x/oauth2
golang.org/x/oauth2 v0.15.0
which is the latest version: https://pkg.go.dev/golang.org/x/oauth2 which should contain the code/perform as described above
https://cs.opensource.google/go/x/oauth2/+/refs/tags/v0.15.0:internal/token.go;l=212
Gonna ask the OP in Discord to help debug this one
from flipt.
Related Issues (20)
- [FLI-936] [Bug]: Export doesnt capture rollout rule order HOT 3
- [FLI-937] Ensure determinism in exporting and declarative formats
- [FLI-938] Allow passing a starting dir `flipt validate` HOT 4
- [FLI-939] Vercel feature flags adapter
- Allow OCI credentials expiration/refresh HOT 13
- [Bug]: kubernetes authentication method failing on AWS EKS HOT 4
- [FLI-941] Ability to define trusted service account + namespace when using Kubernetes Auth method HOT 6
- Accept a username in Redis configuration HOT 8
- [Feature Request] make `flag not found` a reason HOT 1
- [FLI-946] Don't require DB for auth if only using JWT and non-DB flag storage
- Gitops with multiple repositories HOT 1
- Improve OpenTelemetry (OTLP) instrumentation HOT 4
- [FLI-953] Add OpenFeature Remote Evaluation Protocol Support
- UI - Flags view - Indicate if a boolean flag has a rollout set HOT 3
- Connect to multiple PostgreSQL hosts HOT 1
- [FLI-954] JWT Auth: Support custom claim validation
- Allow multiple metrics exporter (Prometheus, OpenTelemetry) HOT 4
- Internal evaluation data API does not skip auth when evaluation is marked as excluded HOT 1
- [FLI-978] Issue with latest mysql 8 release
- [Bug]: OCI registry with AWS ECR HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flipt.