Skip to content

feat: add token request hooks for all grant types#3427

Merged
aeneasr merged 9 commits intoory:masterfrom
sgal:feat-add-request-hooks-for-all-grant-types
Mar 26, 2023
Merged

feat: add token request hooks for all grant types#3427
aeneasr merged 9 commits intoory:masterfrom
sgal:feat-add-request-hooks-for-all-grant-types

Conversation

@sgal
Copy link
Copy Markdown
Contributor

@sgal sgal commented Jan 29, 2023
edited
Loading

Added a generic token hook that is called for all grant types and includes payload with a single allowed value - assertion to cover the jwt-bearer grant type customization.

Existing refresh hook is left unchanged and will be deprecated in favor of the new hook.

Related issue(s)

#3244
ory/fosite#729

This change completes and extends the work done in #3254

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

Docs update PR - ory/docs#1241

@sgal sgal requested a review from aeneasr as a code owner January 29, 2023 19:52
@codecov
Copy link
Copy Markdown

codecov bot commented Jan 29, 2023
edited
Loading

Codecov Report

Merging #3427 (4b341d8) into master (a663927) will decrease coverage by 0.01%.
The diff coverage is 71.76%.

❗ Current head 4b341d8 differs from pull request most recent head d06cdf0. Consider uploading reports for the commit d06cdf0 to get more accurate results

@@            Coverage Diff             @@
##           master    #3427      +/-   ##
==========================================
- Coverage   76.83%   76.82%   -0.01%     
==========================================
  Files         123      124       +1     
  Lines        9125     9160      +35     
==========================================
+ Hits         7011     7037      +26     
- Misses       1666     1673       +7     
- Partials      448      450       +2
Impacted Files Coverage Δ
oauth2/refresh_hook.go 67.64% <60.00%> (ø)
oauth2/token_hook.go 71.05% <71.05%> (ø)
driver/config/provider.go 81.85% <100.00%> (ø)
driver/registry_base.go 85.98% <100.00%> (+0.05%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

sgal
sgal commented Jan 30, 2023
View reviewed changes
sgal
sgal commented Jan 30, 2023
View reviewed changes
This was referenced Jan 30, 2023
Closed
Merged
@hperl hperl self-requested a review March 6, 2023 09:53
hperl
hperl requested changes Mar 7, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@hperl hperl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks very good! I just had some minor questions & suggestions.

@sgal
Copy link
Copy Markdown
Contributor Author

sgal commented Mar 7, 2023

@hperl I fixed the comments, please have a look!

hperl
hperl previously approved these changes Mar 10, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@hperl hperl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🎉

aeneasr
aeneasr reviewed Mar 23, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice changes, just two minor remarks

@sgal
Copy link
Copy Markdown
Contributor Author

sgal commented Mar 24, 2023

@aeneasr I fixed the following parts:

  • Remove client_secret from the payload that is sent to the webhook
  • Only send the payload in the jwt-bearer grant type
  • Remove the data duplication in the webhook request

Please have a look.

@sgal
Copy link
Copy Markdown
Contributor Author

sgal commented Mar 24, 2023

Docs are also updated - ory/docs#1241

aeneasr
aeneasr reviewed Mar 24, 2023
View reviewed changes
spec/config.json Outdated
"format": "uri",
"examples": ["https://my-example.app/token-refresh-hook"]
},
"authorization_code_hook": {
Copy link
Copy Markdown
Member

@aeneasr aeneasr Mar 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need all of these config elements? Maybe it makes more sense to have one endpoint and pass the grant type and let the webhook deal with that?

Copy link
Copy Markdown
Contributor Author

@sgal sgal Mar 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that makes much more sense. Let me take a stab at it.

Copy link
Copy Markdown
Member

@aeneasr aeneasr Mar 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome thanks :)

Copy link
Copy Markdown
Member

@aeneasr aeneasr Mar 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To keep backwards compatibility we could also just add a new key "hook" and deprecate the refresh token hook at some point. That way we don't break BC?

aeneasr
aeneasr reviewed Mar 24, 2023
View reviewed changes
@sgal
Copy link
Copy Markdown
Contributor Author

sgal commented Mar 24, 2023

@aeneasr Changed to having a generic token hook config, along with the existing one. Cleaned up the request payload for the new hook to remove duplication.

aeneasr
aeneasr approved these changes Mar 26, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice

@aeneasr aeneasr merged commit 9bdf225 into ory:master Mar 26, 2023
@sgal sgal deleted the feat-add-request-hooks-for-all-grant-types branch March 26, 2023 10:55
@sgal
Copy link
Copy Markdown
Contributor Author

sgal commented Mar 26, 2023

@fehrnah FYI, it's finally in! Thanks for laying the foundation for this feature 👍

@fehrnah
Copy link
Copy Markdown
Contributor

fehrnah commented Mar 26, 2023

@fehrnah FYI, it's finally in! Thanks for laying the foundation for this feature 👍

Congratulations!

@aeneasr
Copy link
Copy Markdown
Member

aeneasr commented Mar 26, 2023

Thank you both :)

harnash pushed a commit to Wikia/ory-hydra that referenced this pull request Apr 12, 2023
@sgal @harnash
feat: add token request hooks for all grant types (ory#3427)
5865a8f 
Added a generic token hook that is called for all grant types and includes `payload` with a single allowed value - `assertion` to cover the `jwt-bearer` grant type customization.

The existing `refresh token hook` is left unchanged and is considered to be deprecated in favor of the new hook logic. The `refresh token hook` will at some point be removed.

Closes ory#3244
Closes ory/fosite#729
@terev terev mentioned this pull request Jul 2, 2024
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aeneasr aeneasr aeneasr approved these changes

@hperl hperl hperl left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sgal @fehrnah @aeneasr @hperl