This repository has been archived by the owner on Oct 19, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #88 from stormpath/rc3
RC3 release
- Loading branch information
Showing
18 changed files
with
500 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,13 +10,6 @@ If you have questions or need help, please reach out to us at support@stormpath. | |
|
||
Follow the [migration guide](migrating.md) to understand how to migrate an application step-by-step. | ||
|
||
### Coming soon | ||
|
||
These features don't work yet, but are coming in a future RC. | ||
|
||
* Client Credentials (API key/secret) authentication | ||
* Updating user profile or custom fields (reading works, no way to save currently) | ||
|
||
### Stormpath features that will not migrate | ||
|
||
See the Compatibility Matrix on the [Stormpath-Okta Customer FAQ](https://stormpath.com/oktaplusstormpath) for a complete list of features that are not being migrated. The relevant points for this library are: | ||
|
@@ -26,12 +19,18 @@ See the Compatibility Matrix on the [Stormpath-Okta Customer FAQ](https://stormp | |
* Custom Data is only be available on account resources. | ||
* The Verification Success Email, Welcome Email, and Password Reset Success Email workflows are not supported. | ||
|
||
## Version 4.0.0-RC3 | ||
|
||
### Breaking changes | ||
|
||
* The Client Credentials grant works, but it is handled differently in Okta than it was at Stormpath. The API key ID and secret are stored in the user profile, and are verified locally by this middleware code. This feature is intended to help our customers migrate, but won't be how Okta supports API key management going forward. If you're using the API key management features of Stormpath heavily, please reach out to [email protected] and let us know so we can assist. | ||
|
||
## Version 4.0.0-RC2 | ||
|
||
### Breaking changes | ||
|
||
* Authorizing (using attributes in ASP.NET or handlers in ASP.NET Core) by Group `href` is no longer possible. Authorizing by Group name still works. | ||
* Any `OrganizationNameKey` value that is set in a pre-handler is not honored. | ||
|
||
#### Social login | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
using System.Text; | ||
|
||
namespace Stormpath.Owin.Middleware | ||
{ | ||
public static class ConstantTimeComparer | ||
{ | ||
public static bool Equals(string x, string y) | ||
{ | ||
var xIsNull = x == null; | ||
var yIsNull = y == null; | ||
|
||
if (xIsNull && yIsNull) | ||
{ | ||
return true; | ||
} | ||
|
||
if ((xIsNull && !yIsNull) || (!xIsNull && yIsNull)) | ||
{ | ||
return false; | ||
} | ||
|
||
if (x.Length != y.Length) | ||
{ | ||
return false; | ||
} | ||
|
||
byte[] decodedCryptoBytes = Encoding.ASCII.GetBytes(x); | ||
byte[] decodedSignatureBytes = Encoding.ASCII.GetBytes(y); | ||
|
||
byte result = 0; | ||
for (int i = 0; i < x.Length; i++) | ||
{ | ||
result |= (byte)(decodedCryptoBytes[i] ^ decodedSignatureBytes[i]); | ||
} | ||
|
||
return result == 0; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
using Newtonsoft.Json; | ||
using Stormpath.Owin.Middleware.Okta; | ||
|
||
namespace Stormpath.Owin.Middleware | ||
{ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
using System; | ||
using System.Threading; | ||
using System.Threading.Tasks; | ||
|
||
namespace Stormpath.Owin.Middleware.Okta | ||
{ | ||
public class ApiKeyResolver | ||
{ | ||
private readonly IOktaClient _oktaClient; | ||
|
||
public ApiKeyResolver(IOktaClient oktaClient) | ||
{ | ||
_oktaClient = oktaClient; | ||
} | ||
|
||
public async Task<ShimApiKey> LookupApiKeyIdAsync(string id, string secret, CancellationToken cancellationToken) | ||
{ | ||
var apiKey = await _oktaClient.GetApiKeyAsync(id, cancellationToken); | ||
|
||
var validKey = | ||
apiKey != null && | ||
apiKey.Status.Equals("enabled", StringComparison.OrdinalIgnoreCase) && | ||
ConstantTimeComparer.Equals(apiKey.Secret, secret); | ||
|
||
if (!validKey) return null; | ||
|
||
var validAccount = | ||
apiKey.User != null && | ||
apiKey.User.Status.Equals("active", StringComparison.OrdinalIgnoreCase); | ||
|
||
if (!validAccount) return null; | ||
|
||
return apiKey; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
using Newtonsoft.Json; | ||
|
||
namespace Stormpath.Owin.Middleware.Okta | ||
{ | ||
public class OauthApiError | ||
{ | ||
public string Error { get; set; } | ||
|
||
[JsonProperty("error_description")] | ||
public string Description { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.