Comments (4)
asetty
commented on July 30, 2024
2
Another thing enabled by forwarding the id token is that, if desired, the backend service could verify the token / signature for an extra layer of security.
from oidc-authservice.
yanniszark
commented on July 30, 2024
@SachinVarghese if I may ask, what do you need the IDToken for? You can get the ID from the HTTP headers (username and groups). Is there anything else missing?
from oidc-authservice.
SachinVarghese
commented on July 30, 2024
Hi @yanniszark The IDToken provides additional info like user email and other extra details missing in the headers currently.
Also, more importantly, the raw ID token could be useful to make requests to another service behind the auth service. For example, a potential use case would be a Kubeflow pipeline task needing to make a Seldon Core inference using the same credentials as the user who triggered the pipeline run via the auth service. It would be great to know if you have any ideas.
from oidc-authservice.
yanniszark
commented on July 30, 2024
@asetty @SachinVarghese thanks, I think this makes sense. The current authenticator abstraction can't access the ResponseWriter, so the first step would be to plumb it through and make it available in the authenticator code. Or alternatively, expose some functionality to set headers/cookies in the authenticator.
from oidc-authservice.
Related Issues (20)
- Enable oidc-authservice repository CI for power(ppc64le) architecture. HOT 4
- External Authentication with Updated OIDC authservice image HOT 1
- Wildcard support for GROUPS_ALLOWLIST
- Authservice pod "Failed to save state in store: error trying to save session: input/output error" HOT 4
- ERROR: CSRF check failed. This may happen if you opened the login form in more than 1 tabs. Please try to login again. HOT 6
- Set LOG_LEVEL not work HOT 4
- Getting access denied 403 from OIDC login with Azure AD in Kubeflow HOT 1
- all URIs are whitelisted and cannot be secured by OIDC provider HOT 1
- OIDC authentication repeating and getting session timed out HOT 2
- Support Secure and HttpOnly flags in session cookie HOT 2
- x509: certificate signed by unknown authority-While deploying Kubeflow
- STORE_PATH option isn't honoured HOT 1
- Authservice validation HOT 1
- /var/lib/authservice
- Sessions are not cleaned up when using bolt db
- Possibly memory leak HOT 2
- Update container image on gcr.io HOT 1
- Failed to exchange authorization code with token: oauth2: cannot fetch token: 400 Bad Request Using Azure AD OIDC HOT 3
- how to get user info by session token?
- Access kubeflow from path "/kubeflow" instead of "/" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oidc-authservice.