Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add parameter in client registration request to include claims in id_token #9358

Merged
merged 2 commits into from
Sep 4, 2024
Merged

feat: add parameter in client registration request to include claims in id_token #9358

merged 2 commits into from
Sep 4, 2024

Conversation

duttarnab
Copy link
Contributor

closes #9357

@duttarnab
feat: add parameter in client registration request to include claims …
4bc770f 
…in id_token

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 4, 2024
edited
Loading

DryRun Security Summary

The code changes in the registerClient.tsx file are related to the implementation of an OIDC client registration process, including the addition of a new field, handling of client expiration and token lifetimes, making a POST request to the registration endpoint, and storing the registered OIDC client information in the browser's local storage.

Expand for full summary

Summary:

The code changes in the registerClient.tsx file appear to be related to the implementation of an OIDC (OpenID Connect) client registration process. The changes include the addition of a new field jansInclClaimsInIdTkn to the registerObj object, which is set to "true". This field is likely related to including claims in the ID token, and it's important to ensure that the claims included in the ID token do not contain sensitive information that could be used to compromise the application or user data.

The code also includes a check for the expireAt value and sets the lifetime property of the registerObj accordingly. Proper handling of client expiration and token lifetimes is crucial for maintaining the security of the application. Additionally, the registerOIDCClient function makes a POST request to the registration endpoint with the registerObj data, which should be properly validated and sanitized to prevent potential security issues like injection attacks. The code also stores the registered OIDC client information in the browser's local storage, which should be carefully managed and protected, as it may contain sensitive information like client IDs and secrets.

Files Changed:

  • demos/jans-tarp/src/options/registerClient.tsx: This file appears to be related to the implementation of an OIDC client registration process. The changes include the addition of a new field jansInclClaimsInIdTkn to the registerObj object, a check for the expireAt value and setting the lifetime property, making a POST request to the registration endpoint with the registerObj data, storing the registered OIDC client information in the browser's local storage, and using the uuidv4 function to generate a unique client name. The code also includes error handling and displays error messages to the user.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added the kind-feature Issue or PR is a new feature request label Sep 4, 2024
@moabu moabu merged commit 6ddff0f into main Sep 4, 2024
11 checks passed
@moabu moabu deleted the jans-tarp-issue-9357 branch September 4, 2024 07:22
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@duttarnab @moabu
feat: add parameter in client registration request to include claims …
4af0dcc 
…in id_token (#9358)

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Former-commit-id: 6ddff0f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

Assignees
No one assigned
Labels
kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-tarp): add parameter in client registration request to include claims in id_token
3 participants
@duttarnab @moabu @mo-auto