Skip authentication for direct POST on endpoint #1034
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1034 +/- ##
==========================================
- Coverage 97.54% 97.50% -0.05%
==========================================
Files 32 32
Lines 2120 2122 +2
==========================================
+ Hits 2068 2069 +1
- Misses 52 53 +1 ☔ View full report in Codecov by Sentry. |
n2ygk
requested changes
Dec 22, 2021
|
@n2ygk allow is actually the result of the DOT AllowForm when authorization is requested this will have the value the user clicked. |
dopry
requested changes
May 21, 2023
There was a problem hiding this comment.
@brat002 thanks for creating this PR! We need to tick two boxes before we can merge this.
- Can you clarify your use case? While I know the allow is from our form, I want to be sure I understand the flow you're going for here. Wouldn't setting skip authorization on the application resolve this for you?
- We'll need tests for these changes before we can merge it.
The solution fixes a problem of automation when user should get an authorization code to send it to a client to exchange to token(hashikorp vault in example). ``` curl -k -vvv -sXPOST "http://127.0.0.1:8000/authorize/" -d"grant_type=authorization_code&response_type=code&client_id=testvault&username=xxx&password=xxx&redirect_uri=http://127.0.0.1:8000&scope=openid profile&allow=1" ``` will look like ``` curl -k -vvv -sXPOST "http://127.0.0.1:8000/authorize/" -d"grant_type=authorization_code&response_type=code&client_id=testvault&username=xxx&password=xxx&redirect_uri=http://127.0.0.1:8000&scope=openid profile" ``` as it should.
for more information, see https://pre-commit.ci
|
@brat002 do you still have the time or inclination to finish working on this PR? |
|
Closing as stale |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the Change
The solution fixes a problem of automation when user should get an authorization code to send it to a client to exchange to token(hashikorp vault in example).
will look like
as it should.
Checklist
CHANGELOG.mdupdated (only for user relevant changes)AUTHORS