Add support for additional IdP authentication parameters in OIDC connector #3831
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: roddyherries <[email protected]> Signed-off-by: Adam Nych <[email protected]>
…arameters are handled Signed-off-by: Adam Nych <[email protected]>
a-nych
force-pushed
the
roddyherries-support-auth-params
branch
from
218c6d6
to
553beb0
Compare
a-nych
changed the title
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR is a refresh of #2631 by @roddyherries.
Some IdPs support login features that are accessible via additional parameters on an authorization request. The current OIDC connector implementation provides no mechanism to configure additional authorization request parameters and hence the IdP specific features are out of reach. This PR adds support to for such additional params to the OIDC connector.
What this PR does / why we need it
Adds a new "additionalAuthRequestParams" map to the OIDC Config struct
Populates the map from config at connector "open"
Adds any additional auth params to the auth LoginURL
Prevents mis-configuration attempts to override OIDC specified auth params.
Special notes for your reviewer
Issue: #2504