Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AuthenticationScheme primary attribute is not returned when /ServiceProviderConfig is called #748

Closed
Afira-Zahari-i2 opened this issue Oct 9, 2024 · 4 comments

Comments

@Afira-Zahari-i2
Copy link

My service provider builder has the following AuthenticationScheme

   final AuthenticationScheme authScheme =
       AuthenticationScheme.builder()
           .name("Bearer")
           .description("Authentication scheme using the OAuth Bearer Token Standard")
           .specUri("http://www.rfc-editor.org/info/rfc6750")
           .primary(true) // This field is not returned
           .type("oauthbearertoken")
           .build();

When I call the /ServiceProviderConfig endpoint, the response is missing the primary attribute

   "authenticationSchemes": [
       {
           "name": "Bearer",
           "description": "Authentication scheme using the OAuth Bearer Token Standard",
           "specUri": "http://www.rfc-editor.org/info/rfc6750",
           "type": "oauthbearertoken"
       }
   ],
@Colvin-Cowie-i2
Copy link

Ah, I think our confusion also stems from https://datatracker.ietf.org/doc/html/rfc7643#section-8.5 including this example (though it is non-normative). I agree that the specification of authenticationSchemes itself doesn't mention primary, and it also doesn't make much sense to have a primary auth method.

    "authenticationSchemes": [
      {
        "name": "OAuth Bearer Token",
        "description":
          "Authentication scheme using the OAuth Bearer Token Standard",
        "specUri": "http://www.rfc-editor.org/info/rfc6750",
        "documentationUri": "http://example.com/help/oauth.html",
        "type": "oauthbearertoken",
        "primary": true
      }, 
     {
        "name": "HTTP Basic",
        "description":
          "Authentication scheme using the HTTP Basic Standard",
        "specUri": "http://www.rfc-editor.org/info/rfc2617",
        "documentationUri": "http://example.com/help/httpBasic.html",
        "type": "httpbasic"
       }
    ],

@Captain-P-Goldfish
Copy link
Owner

Sorry. I checked again and you are right. I am currently fixing it :-)

@Colvin-Cowie-i2
Copy link

Oh, I do find the this spec quite ambiguous. https://datatracker.ietf.org/doc/html/rfc7643#section-2.4 says for Multi-Valued Attributes If not otherwise defined, the default set of sub-attributes for a multi-valued attribute is as follows [...] primary

But the definition of authenticationSchemes does define the sub-attributes explicitly, so then that does mean that those defaults don't apply, doesn't it? 🤷

@Captain-P-Goldfish
Copy link
Owner

The examples below also show the primary-attribute in the JSON structure and I also think that the primary-attribute does make sense in the authentication schemes. So it is absolutely justified to add it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants