auth/backends: Simplify and improve OIDC authentication
While working on #2267 (closed), I noticed a couple of improvements could be added to the OIDC auth backend implementation:
-
there is no need to query the
userinfoendpoint of the OIDC server when authenticating as those information can also be found in the decoded access token -
use a more reliable access token expiration date (use
exptimestamp in decoded token) -
check groups claim is present in decoded token before trying to read it
Migrated from D2876 (view on Phabricator)
Merge request reports
Activity
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1030/ for more details.
-
Build has FAILED
Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/639/ See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/639/console
-
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1032/ for more details.
-
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/641/ for more details.
-
Build has FAILED
Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/647/ See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/647/console
-
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1037/ for more details.
-
Build has FAILED
Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/649/ See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/649/console
-
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1039/ for more details.
-
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/651/ for more details.
-
Build is green See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/653/ for more details.
