Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oidc): OIDC Prompt Support #519

Merged
merged 3 commits into from
Dec 13, 2023
Merged

feat(oidc): OIDC Prompt Support #519

merged 3 commits into from
Dec 13, 2023

Conversation

elimt
Copy link
Member

@elimt elimt commented Nov 21, 2023
edited
Loading

Boundary OIDC method does not currently support passing in prompts during authentication. This change adds the capability of passing OIDC prompts. Prompts are optional OIDC parameters that determine the behaviour of the authentication server: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

NOTE: This PR will not be merged until the latest release is out. This is needed to update boundary,boundary/api & boundary/sdk dependencies.

Changes

Add new optional prompts option to boundary_auth_method_oidc resource. prompts option are optional OIDC parameters that determine the behavior of the authentication server.

Examples

  1. OIDC Auth Method With 1 Prompt
resource "boundary_auth_method_oidc" "oidc_with_one_prompt" {
  api_url_prefix     = "https://XO-XO-XO-XO-XOXOXO.boundary.hashicorp.cloud:9200"
  client_id          = "eieio"
  client_secret      = "hvo_secret_XO"
  description        = "My Boundary OIDC Auth Method With Prompt"
  issuer             = "https://sts.windows.net/TENANT_ID/"
  scope_id           = "global"
  signing_algorithms = ["RS256"]
  prompts            = ["select_account"]
  type               = "oidc"
}
  1. OIDC Auth Method With Multiple Prompts
resource "boundary_auth_method_oidc" "oidc_with_multiple_prompts" {
  api_url_prefix     = "https://XO-XO-XO-XO-XOXOXO.boundary.hashicorp.cloud:9200"
  client_id          = "eieio"
  client_secret      = "hvo_secret_XO"
  description        = "My Boundary OIDC Auth Method With Multiple Prompts"
  issuer             = "https://sts.windows.net/TENANT_ID/"
  scope_id           = "global"
  signing_algorithms = ["RS256"]
  prompts            = ["consent", "select_account"]
  type               = "oidc"
}

@elimt elimt added this to the 0.14.x milestone Nov 21, 2023
@elimt elimt marked this pull request as ready for review November 21, 2023 22:14
@elimt elimt requested a review from jimlambrt November 21, 2023 22:14
elimt
elimt commented Nov 21, 2023
View reviewed changes
go.mod Outdated
Comment on lines 7 to 9
github.com/hashicorp/boundary v0.14.3-0.20231121173019-2cd2d4ecfceb
github.com/hashicorp/boundary/api v0.0.44-0.20231121173019-2cd2d4ecfceb
github.com/hashicorp/boundary/sdk v0.0.41-0.20231121173019-2cd2d4ecfceb
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NOTE: This will be updated with the new release once ready

jimlambrt
jimlambrt requested changes Nov 22, 2023
View reviewed changes
Copy link
Contributor

@jimlambrt jimlambrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. A few minor suggestions.

internal/provider/resource_auth_method_oidc.go Outdated Show resolved Hide resolved
internal/provider/resource_auth_method_oidc.go Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
@elimt elimt requested a review from jimlambrt November 22, 2023 15:55
jimlambrt
jimlambrt approved these changes Nov 22, 2023
View reviewed changes
Copy link
Contributor

@jimlambrt jimlambrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ty!

elimt added 3 commits December 13, 2023 15:46
@elimt
feat(oidc): OIDC Prompt Support
c632e5c 
Boundary OIDC method does not currently support passing in prompts during authentication. This change adds the capability of passing OIDC prompts. Prompts are optional OIDC parameters that determine the behaviour of the authentication server: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

Add new optional `prompts` option to `boundary_auth_method_oidc` resource. `prompts` option are optional OIDC parameters that determine the behavior of the authentication server.
@elimt
add changelog
f1d185f
@elimt
Address PR Feedback
eda77fe
@elimt elimt force-pushed the elimt-oidc-prompts branch from 9935918 to eda77fe Compare December 13, 2023 20:47
@elimt elimt merged commit 9e30a68 into main Dec 13, 2023
6 checks passed
@elimt elimt deleted the elimt-oidc-prompts branch December 13, 2023 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimlambrt jimlambrt jimlambrt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.14.x
Development

Successfully merging this pull request may close these issues.
2 participants
@elimt @jimlambrt