Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC Auth Bug #13133

Merged
merged 4 commits into from
Nov 15, 2021
Merged

OIDC Auth Bug #13133

merged 4 commits into from
Nov 15, 2021

Conversation

zofskeez
Copy link
Contributor

Resolves #12436

When using the MetaMask chrome extension it was reported that the OIDC auth login workflow was not working. After investigating the source code it was discovered that the javascript being injected calls window.postMessage which was being handled inadvertently by the auth-jwt component.

To guard against unintended messages from the same origin a source property was added to the message data which is then verified in the event handler. Unit tests were added to verify the functionality.

@vercel vercel bot temporarily deployed to Preview – vault November 12, 2021 17:32 Inactive
@zofskeez zofskeez added the ui label Nov 12, 2021
@zofskeez zofskeez added this to the 1.10 milestone Nov 12, 2021
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 12, 2021 17:34 Inactive
@vercel vercel bot temporarily deployed to Preview – vault November 12, 2021 18:23 Inactive
@zofskeez
fixes race condition in runCommands ui-panel helper method where runn…
b4da664 
…ing multiple commands would not always result in the same output order
@vercel vercel bot temporarily deployed to Preview – vault November 12, 2021 22:10 Inactive
@zofskeez
Copy link
Contributor Author

zofskeez commented Nov 12, 2021
edited

@chelshaw I spent some time debugging these oidc acceptance test failures and wanted to bring them to your attention since you were working on them recently. I threw a pause in and found that a network request was failing with Invalid client ID.
image

After logging out the clientId return value from the setupOidc method I noticed that it was set to the following on failing runs: Success! Data written to: identity/oidc/client/my-webapp-1636753641317. There are 2 commands that are run to generate the clientId and it appears that the lastLogOutput value is the output from the first command:

await consoleComponent.runCommands([
  `write identity/oidc/client/${webappName} redirect_uris="${redirect}" assignments="my-assignment" key="sigkey" id_token_ttl="30m" access_token_ttl="1h"`,
  `read -field=client_id identity/oidc/client/${webappName}`,
]);

It seems that there is a race condition in the runCommands method where responses are not output in the same order that they are run consistently. Waiting for a settled state before continuing the loop to run the console commands seems to have fixed it in this commit. Since this change will impact all usages of the helper I'm hoping that it doesn't break any other tests but I don't think it should 🤞.

hashishaw
hashishaw approved these changes Nov 15, 2021
View reviewed changes
Copy link
Collaborator

@hashishaw hashishaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, thanks for working on this!

@zofskeez zofskeez merged commit 26970c4 into main Nov 15, 2021
@zofskeez zofskeez deleted the ui/oidc-auth-bug branch November 15, 2021 15:48
@zofskeez zofskeez modified the milestones: 1.10, 1.9.1 Nov 17, 2021
@zofskeez zofskeez added bug Used to indicate a potential bug backport labels Nov 18, 2021
zofskeez added a commit that referenced this pull request Nov 18, 2021
@zofskeez
OIDC Auth Bug (#13133)
3b16a64 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
zofskeez added a commit that referenced this pull request Nov 18, 2021
@zofskeez
OIDC Auth Bug (#13133)
a802996 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
zofskeez added a commit that referenced this pull request Nov 18, 2021
@zofskeez
OIDC Auth Bug (#13133)
df6bec1 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
@zofskeez zofskeez modified the milestones: 1.9.1, 1.7.7 Nov 18, 2021
@zofskeez zofskeez mentioned this pull request Nov 18, 2021
Merged
zofskeez added a commit that referenced this pull request Nov 18, 2021
@zofskeez
OIDC Auth Bug (#13133) (#13216)
81a4a3c 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
This was referenced Nov 18, 2021
Merged
Merged
zofskeez added a commit that referenced this pull request Nov 18, 2021
@zofskeez
OIDC Auth Bug (#13133) (#13218)
0d87606 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
zofskeez added a commit that referenced this pull request Nov 19, 2021
@zofskeez
OIDC Auth Bug (#13133) (#13217)
481fbad 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
@austingebauer austingebauer mentioned this pull request Dec 20, 2021
Merged
qk4l pushed a commit to qk4l/vault that referenced this pull request Feb 4, 2022
@zofskeez
OIDC Auth Bug (hashicorp#13133)
cd02dea 
* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
@davidspek davidspek mentioned this pull request Nov 29, 2022
Closed
@davidspek davidspek mentioned this pull request Dec 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hashishaw hashishaw hashishaw approved these changes

Assignees
No one assigned
Labels
backport bug Used to indicate a potential bug ui
Projects
None yet
Milestone
1.7.7
Development

Successfully merging this pull request may close these issues.

OIDC UI based login not possible with MetaMask installed
2 participants
@zofskeez @hashishaw