Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with Google OAuth integration #2062

Merged
merged 1 commit into from
Nov 29, 2021
Merged

Fix issue with Google OAuth integration #2062

merged 1 commit into from
Nov 29, 2021

Conversation

sunu
Copy link
Contributor

@sunu sunu commented Nov 19, 2021

OIDC doesn't specify the format for access_token. Some providers use it
as a JWT to store information about groups (eg: Keycloak), some don't
use it as a JWT (eg: Google).

So we try to parse it as a JWT but if that fails we ignore the error
and move on. In case the access_token is not an JWT, the groups info is
stored in the id_token and that's where we look.

Fixes #2003

@sunu
Fix issue with Google OAuth integration
1381dfd 
OIDC doesn't specify the format for access_token. Some providers use it
as a JWT to store information about groups (eg: Keycloak), some don't
use it as a JWT (eg: Google).

So we try to parse it as a JWT but if that fails we ignore the error
and move on. In case the access_token is not an JWT, the groups info is
stored in the id_token and that's where we look.

Refs #2003
@sunu
Copy link
Contributor Author

sunu commented Nov 19, 2021

Hey @thimios and @keanpaderes! Can you please check if this fixes the issue with Google OAuth for you?

Also, I'm curious if any of you use groups to manage users and whether you know where Google stores that info in the OAuth payload? It seems groups are only available in a Google Workspace environment. And I don't have access to one to test that functionality.

@sunu sunu mentioned this pull request Nov 29, 2021
Closed
@sunu sunu merged commit 22b3999 into develop Nov 29, 2021
@thimios
Copy link

thimios commented Nov 29, 2021

@sunu the fix works for our setup.

We do not use google groups to manage the users, so I do not know much about them.

Thanks for pushing this forward. It would be great to have some specs covering the OAuth functionality so that it does not break again in the future.

@kjacks kjacks deleted the sunu/#2003-google-oauth branch January 26, 2022 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sunu @thimios