nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-4210) Add OpenId Connect support for authenticating users
Date Tue, 01 Aug 2017 22:50:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-4210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16109940#comment-16109940
] 

ASF GitHub Bot commented on NIFI-4210:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2047#discussion_r130748639
  
    --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/OidcService.java
---
    @@ -0,0 +1,207 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.nifi.web.security.oidc;
    +
    +import com.google.common.cache.Cache;
    +import com.google.common.cache.CacheBuilder;
    +import com.nimbusds.oauth2.sdk.AuthorizationGrant;
    +import com.nimbusds.oauth2.sdk.Scope;
    +import com.nimbusds.oauth2.sdk.id.State;
    +import org.apache.nifi.web.security.util.CacheKey;
    +
    +import java.io.IOException;
    +import java.math.BigInteger;
    +import java.net.URI;
    +import java.security.SecureRandom;
    +import java.util.concurrent.ExecutionException;
    +import java.util.concurrent.TimeUnit;
    +
    +import static org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED;
    +
    +/**
    + * OidcService is a service for managing the OpenId Connect Authorization flow.
    + */
    +public class OidcService {
    +
    +    private OidcIdentityProvider identityProvider;
    +    private Cache<CacheKey, State> stateLookupForPendingRequests; // identifier
from cookie -> state value
    +    private Cache<CacheKey, String> jwtLookupForCompletedRequests; // identifier
from cookie -> jwt or identity (and generate jwt on retrieval)
    +
    +    /**
    +     * Creates a new OtpService with an expiration of 5 minutes.
    +     */
    +    public OidcService(final OidcIdentityProvider identityProvider) {
    +        this(identityProvider, 60, TimeUnit.SECONDS);
    --- End diff --
    
    The Javadoc says the expiration is 5 minutes, but it looks like this is hardcoded to 1
minute. 


> Add OpenId Connect support for authenticating users
> ---------------------------------------------------
>
>                 Key: NIFI-4210
>                 URL: https://issues.apache.org/jira/browse/NIFI-4210
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Core UI
>            Reporter: Matt Gilman
>            Assignee: Matt Gilman
>
> Add support for authenticating users with the OpenId Connection specification. Evaluate
whether a new extension point is necessary to allow for a given provider to supply custom
code for instance to implement custom token validation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message