Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generic OIDC group scope is not sent in the request formed by the UI #12477

Open
gaktive opened this issue Nov 1, 2024 · 4 comments
Open

Generic OIDC group scope is not sent in the request formed by the UI #12477

gaktive opened this issue Nov 1, 2024 · 4 comments
Assignees
@cnotv
Labels
area/authentication JIRA kind/bug priority/1 QA/manual-test Indicates issue requires manually testing size/3 Size Estimate 3 status/backport-candidate
Milestone
v2.11.0

Comments

@gaktive
Copy link
Member

gaktive commented Nov 1, 2024
edited
Loading

Internal reference: SURE-9143
Reported in 2.9.2

Issue description:
Despite adding the "groups" scope in the OIDC config, the request that is generated is not including the "groups" scope.

Repro steps:
OIDC configured and checked the generated request.

Workaround:
None

Actual behavior:
The request does not contain the group scope despite being configured.

Expected behavior:
Expect the generated request to contain the group scope.

@mantis-toboggan-md was able to reproduce this issue and confirm it is a UI bug:

The UI ignores configured scopes and always uses the values configured here https://github.com/rancher/dashboard/blob/master/shell/store/auth.js#L16. Likely, we need to update the redirectTo method in that file to fetch the genericoidc authconfig object and use its scope field to construct the redirect url, instead of that list of defaults.
@gaktive gaktive added this to the v2.11.0 milestone Nov 1, 2024
@github-actions github-actions bot added the QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this label Nov 1, 2024
@mantis-toboggan-md mantis-toboggan-md added QA/manual-test Indicates issue requires manually testing and removed QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this labels Nov 1, 2024
@gaktive
Copy link
Member Author

gaktive commented Nov 12, 2024

/backport v2.10.1

@github-actions github-actions bot mentioned this issue Nov 12, 2024
Open
@gaktive gaktive added the size/3 Size Estimate 3 label Dec 18, 2024
@jplindquist jplindquist mentioned this issue Jan 24, 2025
Open
@cnotv cnotv self-assigned this Jan 28, 2025
@cnotv
Copy link
Member

cnotv commented Jan 31, 2025

@mantis-toboggan-md I see no mention of groups whatsoever in the whole store or auth util, is it missing or?

@cnotv
Copy link
Member

cnotv commented Jan 31, 2025
edited
Loading

Thanks @mantis-toboggan-md for clarifying in chat.
For the records, we talk about the scopes on this page to not be honored when generating a redirect URL:

Image

@raulcabello raulcabello mentioned this issue Feb 5, 2025
Closed
@cnotv cnotv mentioned this issue Feb 6, 2025
Open
2 tasks
@cnotv
Copy link
Member

cnotv commented Feb 7, 2025
edited
Loading

Just for the record, we will write a lot of unit tests for this process, as there are none, given that it's an old code.
This seems to cover:

  • View
  • State, several parts
  • Shared logic (mixin)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnotv cnotv

Labels
area/authentication JIRA kind/bug priority/1 QA/manual-test Indicates issue requires manually testing size/3 Size Estimate 3 status/backport-candidate
Projects
None yet
Milestone
v2.11.0
Development

No branches or pull requests
3 participants
@cnotv @gaktive @mantis-toboggan-md