Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Esaco should not hide token introspection results claims #12

Closed
andreaceccanti opened this issue Jan 22, 2020 · 0 comments
Closed

Esaco should not hide token introspection results claims #12

andreaceccanti opened this issue Jan 22, 2020 · 0 comments
Assignees
@marcelovilaca

Comments

@andreaceccanti
Copy link
Contributor

The current approach relies on a fixed model object, while ESACO should be flexible enough to allow the validation of required claims and expose any other claim returned by the upstream introspection endpoint.
marcelovilaca pushed a commit to marcelovilaca/esaco that referenced this issue Mar 18, 2020
[Solved] Issue indigo-iam#12
66afb7c 
Issue:
Esaco should not hide token introspection results claims
The current approach relies on a fixed model object,
while ESACO should be flexible enough to allow the
validation of required claims and expose any other claim
returned by the upstream introspection endpoint.

Solution:
- Splitted TokenInfoController into TokenInfoController,
TokenIntrospectController and TokenControllerUtils (to prevent
duplicated code)
- Re-arranged the logic on Services and Controllers to not
disserialize the introspection response into a json object,
pass it as json string to avoid restriction of parameters
- Adapt the tests
- Changed Jenkinsfile to work accordingly
- Fixed SonarQube bot reported issues

Resolves: indigo-iam#12
marcelovilaca pushed a commit to marcelovilaca/esaco that referenced this issue Mar 19, 2020
[Solved] Issue indigo-iam#12
478cba6 
Issue:
Esaco should not hide token introspection results claims
The current approach relies on a fixed model object,
while ESACO should be flexible enough to allow the
validation of required claims and expose any other claim
returned by the upstream introspection endpoint.

Solution:
- Splitted TokenInfoController into TokenInfoController,
TokenIntrospectController and TokenControllerUtils (to prevent
duplicated code)
- Re-arranged the logic on Services and Controllers to not
disserialize the introspection response into a json object,
pass it as json string to avoid restriction of parameters
- Adapt the tests
- Changed Jenkinsfile to work accordingly
- Fixed SonarQube bot reported issues
- Fixed PR change requests
Resolves: indigo-iam#12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcelovilaca marcelovilaca

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andreaceccanti @marcelovilaca