Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add constant cookie name for the OIDC filter #3234

Merged
merged 12 commits into from
Sep 19, 2024
Merged

Add constant cookie name for the OIDC filter #3234

merged 12 commits into from
Sep 19, 2024

Conversation

czhou-brex
Copy link
Contributor

@czhou-brex czhou-brex commented Sep 18, 2024
edited
Loading

In order to support the logout filter for OIDC, we are proposing a parameter to make the cookie name a constant, so it can be read accordingly.

This is one of the PRs for #3235

Thanks to @Matheus-Michels for the code.

@czhou-brex
fallback to env variable for oidc client id and secret
1e9df0a 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
fallback to env variable for oauth grant client id and secret
e7ddc41 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
fix env var name
a879480 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
move env lookup to skipper.go
803ede0 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
add documentation for client and secret env vars
f2a7ef0 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
fix wording
8d032c6 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
Merge branch 'zalando:master' into master
a1c0c57
@czhou-brex
Merge branch 'zalando:master' into master
8fa7d2e
@czhou-brex
Add redirect_uri override headers
79c9f93 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex
Add Custom Cookie Name for OIDC filter
237a433 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex czhou-brex changed the title Add constant OIDC cookie name Add constant cookie name for the OIDC filter Sep 18, 2024
@czhou-brex
revert grantconfig code to master
062a6c9 
Signed-off-by: Carl Zhou <czhou@brex.com>
@czhou-brex czhou-brex marked this pull request as ready for review September 18, 2024 20:58
@czhou-brex
fix capitalization
d31828b 
Signed-off-by: Carl Zhou <czhou@brex.com>
@szuecs
Copy link
Member

szuecs commented Sep 19, 2024

I just want to be clear:
Do you know that this cookie name is only a prefix of the name, because we will split the content into multiple cookies because the size of the data we need in the cookie is often too big for browsers to accept?
So you will only match by "prefix" the cookie names. The number of cookies can change and we have the feature to split into more cookies and merge into less cookies based on data needed.

@szuecs szuecs added the major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs label Sep 19, 2024
@szuecs
Copy link
Member

szuecs commented Sep 19, 2024

👍

1 similar comment
@AlexanderYastrebov
Copy link
Member

👍

@czhou-brex
Copy link
Contributor Author

I just want to be clear: Do you know that this cookie name is only a prefix of the name, because we will split the content into multiple cookies because the size of the data we need in the cookie is often too big for browsers to accept? So you will only match by "prefix" the cookie names. The number of cookies can change and we have the feature to split into more cookies and merge into less cookies based on data needed.

Thanks for explaining this. So far we were only able to observe one skipper cookie for the OIDC session. Can you elaborate on cases where there may be multiple cookies? Are these cases only within auth or outside of auth?

@AlexanderYastrebov AlexanderYastrebov merged commit 3c2a615 into zalando:master Sep 19, 2024
10 checks passed
@AlexanderYastrebov
Copy link
Member

@czhou-brex Thank you for contribution.

Next time please rebase and squash your PR on top of the latest master so we do not have github confused and its easier to write release notes as they are composed from all commit messages

Screenshot from 2024-09-19 18-21-48

@zalando-teapot-robot zalando-teapot-robot mentioned this pull request Sep 23, 2024
Merged
RomanZavodskikh pushed a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Sep 25, 2024
Update skipper version, step 1/2
81f39b8 
+ zalando/skipper#3227
+ zalando/skipper#3225
+ zalando/skipper#3234
+ zalando/skipper#3239
+ zalando/skipper#3240
+ zalando/skipper#3241
+ zalando/skipper#3242
+ zalando/skipper#3245
+ zalando/skipper#3246
+ zalando/skipper#3247
+ zalando/skipper#3249
+ zalando/skipper#3248

FYI zalando/skipper@v0.21.198...v0.21.208

Signed-off-by: Roman Zavodskikh <roman.zavodskikh@zalando.de>
@RomanZavodskikh RomanZavodskikh mentioned this pull request Sep 25, 2024
Closed
RomanZavodskikh pushed a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Sep 26, 2024
Update skipper version, step 1/2
ed652be 
+ zalando/skipper#3227
+ zalando/skipper#3225
+ zalando/skipper#3234
+ zalando/skipper#3239
+ zalando/skipper#3240
+ zalando/skipper#3241
+ zalando/skipper#3242
+ zalando/skipper#3245
+ zalando/skipper#3246
+ zalando/skipper#3247
+ zalando/skipper#3249
+ zalando/skipper#3248

FYI zalando/skipper@v0.21.198...v0.21.208

Signed-off-by: Roman Zavodskikh <roman.zavodskikh@zalando.de>
@RomanZavodskikh RomanZavodskikh mentioned this pull request Sep 26, 2024
Merged
RomanZavodskikh pushed a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Sep 30, 2024
skipper: update main fleet version to v0.21.208
5f37867 
+ zalando/skipper#3227
+ zalando/skipper#3225
+ zalando/skipper#3234
+ zalando/skipper#3239
+ zalando/skipper#3240
+ zalando/skipper#3241
+ zalando/skipper#3242
+ zalando/skipper#3245
+ zalando/skipper#3246
+ zalando/skipper#3247
+ zalando/skipper#3249
+ zalando/skipper#3248

FYI zalando/skipper@v0.21.198...v0.21.208

canary was updated #8214

Signed-off-by: Roman Zavodskikh <roman.zavodskikh@zalando.de>
@RomanZavodskikh RomanZavodskikh mentioned this pull request Sep 30, 2024
Merged
Pushpalanka pushed a commit that referenced this pull request Oct 11, 2024
@czhou-brex @Pushpalanka
Add configurable cookie name prefix for the OIDC filter (#3234)
3c27da4 
Allow specifying cookie name prefix for OIDC filters

Signed-off-by: Carl Zhou <czhou@brex.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@czhou-brex @szuecs @AlexanderYastrebov