Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace OpenID Connect backend library #313

Open
michael-doubez opened this issue May 3, 2024 · 0 comments
Open

Replace OpenID Connect backend library #313

michael-doubez opened this issue May 3, 2024 · 0 comments
Labels
enhancement

Comments

@michael-doubez
Copy link
Contributor

michael-doubez commented May 3, 2024
edited

What feature do you want to see added?

The backend library currently used is Google OAuth Client library which brings many issues:

  • the library is in maintenance mode
  • the code is primarily design to work for google API - features are hard to implement or checks prevents usage of library (see Login not working if alg field is missing in jwks_uri response #304 )
  • the library is pulling dependencies which are not needed or desirable for Jenkins plugin - in particular some transistive dependencies are hard to specify right

Moving to a more generic library would allow restoring advanced checked bypassed in #308.

Spring security seems to have a decent support of openid connect and is more in line with Jenkins' dependencies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michael-doubez