Comparing changes

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

Fix an issue where invalid config might lead to an ValueError object being used as a databasse object, leading to application errors later. Rather fail fast by properly raising the exception.

fix: ValueError should be raised, not returned

Store the updated `authz_info` info back into the database after marking the code as used. Otherwise, the change would be discarded when using a DB (would hold only with in-memory dict)

fix: auth_state: update db when marking code as used

In stateless mode, `user_id` passed to `get_claims_for` is always `None`. When no claims are available and userinfo is thus also `None`, `user_id` is used as index to self._db, but that triggers a `KeyError: None`. As `create_access_token` populates `user_info` field in `authz_info` only of `user_info` is pythonically `True`, `user_info` passed here ends up being `None`, not empty dict `{}`. As the `Userinfo` class does not have access to `Provider.stateless`, the easiest fix is to make the db lookup conditional on user_id being pythonically True - which corresponds with not being in stateltess mode.

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904

According to the [OIDC Documentation](https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg), the client must configure a `subject_identifier_uri`, if multiple `redirect_uri` are configured. This patch adds the possibility to do this as described in #49. Signed-off-by: Sven Haardiek <sven@haardiek.de>

Pin pyop to the latest version of PyMongo 3.x until it has completely migrated to PyMongo 4. Most of the key new methods and options from PyMongo 4.0 are backported in PyMongo 3.12, making migration much easier. Closes #51

- Fix support of PyMongo 4 - Add configurable subject_identifier_uri to clients - fix: example/requirements.txt to reduce vulnerabilities - fix: userinfo: avoid indexing by None user_id in stateless mode Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482

…uth_code in the request

For the stateless flow, retrieve the extra_id_token_claims from the auth_code in the request Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on May 31, 2022

Commits on Nov 8, 2022

Commits on Nov 9, 2022

Commits on Nov 15, 2022

Commits on Jun 30, 2023

Commits on Sep 29, 2023

Commits on Oct 11, 2023

Commits on Oct 26, 2023

Commits on Oct 1, 2024

Commits on Nov 6, 2024

This comparison is taking too long to generate.

Uh oh!