Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure presence of DPoP related response headers #2711

Merged
merged 3 commits into from
Aug 13, 2024
Merged

Ensure presence of DPoP related response headers #2711

merged 3 commits into from
Aug 13, 2024

Conversation

matthieusieben
Copy link
Contributor

In order to work with DPoP, the AuthVerifier class needs to be able to set response headers (here and here).

The current catch all handler does not provide the response object to the verifier context, preventing it from setting the headers.

This PRs ensures that the AuthVerifier's accessStandard authentication strategy indeed receives the res object.

@matthieusieben matthieusieben force-pushed the msieben/oauth-error-headers branch from 6da2fa0 to 569335f Compare August 13, 2024 11:04
@matthieusieben matthieusieben force-pushed the msieben/oauth-error-headers branch from 569335f to aa5b747 Compare August 13, 2024 11:05
devinivy
devinivy approved these changes Aug 13, 2024
View reviewed changes
Copy link
Collaborator

@devinivy devinivy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup!

@matthieusieben matthieusieben merged commit acbacbb into main Aug 13, 2024
10 checks passed
@matthieusieben matthieusieben deleted the msieben/oauth-error-headers branch August 13, 2024 14:41
@github-actions github-actions bot mentioned this pull request Aug 13, 2024
Merged
@matthieusieben matthieusieben restored the msieben/oauth-error-headers branch August 13, 2024 19:06
@matthieusieben matthieusieben deleted the msieben/oauth-error-headers branch August 13, 2024 19:07
estrattonbailey added a commit that referenced this pull request Aug 15, 2024
@estrattonbailey
Merge remote-tracking branch 'origin/main' into reply-qp-moderation
2c0e730 
* origin/main:
  Provide a ponyfill for CustomEvent (#2710)
  Ensure presence of DPoP related response headers (#2711)
  prettier ignore changelogs, as changesets not resolving prettier config properly
  Version packages (#2709)
  Export `AtpAgentOptions` type from @atproto/api (#2708)
  tidy
  Version packages (#2706)
  Update changeset to better reflect changes (#2707)
  Client SDK rework (#2483)
  Allow aud of pds or entryway for service auth tokens on pds (#2694)
  Version packages (#2692)
  Lex-cli prettier changes changeset (#2691)
  Version packages (#2689)
  PDS - inspect bearer tokens (#2688)
  Version packages (#2685)
  Service auth method binding - PDS (#2668)
  minor typos in descriptions and comments (#2681)
  Fix run-dev-env-logged command (#2682)
  Version packages (#2677)
  Tweak some wording in `oauth-client-browser` readme (#2678)
haileyok pushed a commit that referenced this pull request Aug 16, 2024
@matthieusieben @haileyok
Ensure presence of DPoP related response headers (#2711)
0c50736 
* fix(pds): ensure presence of DPoP related response headers

* Expose the request context for AuthVerifier and StreamAuthVerifier as distinct types

* Properly type ReqCtx for stream auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devinivy devinivy devinivy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthieusieben @devinivy