Merged
Conversation
This is about going from what the software can do and what the admin wants it to do to what is actually used.
This is about going from what the software can do and what the admin wants it to do to what is actually used.
Contributor
Author
|
Don't know why but the version that this PR is based on was not the latest I had. |
Contributor
|
@rohe I can see token revocation documentation, but no related code or tests. |
Contributor
Author
|
As I said the version I wanted was not the one I got. I'll go through the token revocation code. |
Added TokenExchangeHelper which had somehow managed to go missing before.
…hould actually work.
peppelinux
approved these changes
Feb 14, 2023
Member
peppelinux
left a comment
peppelinux
left a comment
There was a problem hiding this comment.
As said during our last meeting, I totally trust this important work made available in this PR, for tests and concrete revisions I'd prefer having it merged on the develop branch and let the guys plying a while with it
thank you Roland!
Deal with policy expressed in two claims: metadata and metadata_policy.
…ed names must be used.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I tried to squash all the intermediate commits into one and it looked like it worked until I rebased fedservice unto develop.
I don't really understand why all the intermediates appear here but anyway the only thing you have to care about is the last commit.
What changed is the handling of configuration of entity preferences and who these plus for clients influences from OP provider info and possible dynamic client registration. All this is handled by the idpyoidc.Claims, idpyoidc.client.Claims and idpyoidc.server.Claims classes.
Another changes is that previously an entity was either a client (which could used services at service endpoints) or a server (provider of service endpoints). Now there is a class of entity that can be both at the same time. This is very useful in the context of OIDC Federation. A side effect of this was the need to be able to handle different key jars on different levels. To deal with this the method upstream_get was introduced. It allows a class/function/method to find the 'nearest' value of an attribute.
More about the new functionality in the architectural documentation I'm working on.