Skip to content

OAuth2 Authentication policy conflicting oneOf #1007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
JBBianchi opened this issue Sep 6, 2024 · 0 comments · Fixed by #1008
Closed

OAuth2 Authentication policy conflicting oneOf #1007

JBBianchi opened this issue Sep 6, 2024 · 0 comments · Fixed by #1008
Assignees
Labels
area: spec Changes in the Specification change: fix Something isn't working. Impacts in a minor version change.
Milestone

Comments

@JBBianchi
Copy link
Member

JBBianchi commented Sep 6, 2024

What seems off:
When using a secret based OAuth2 authentication policy, it conflicts with the OAuth2 authentication properties (oauth2AuthenticationProperties) because the later is not restrictive enough.

For instance:

#...
use:
  secrets:
    - mySecret
  authentications:
    synapseOAuth2:
      oidc:
        use: mySecret
#...

Will raise validation errors, because it matches both https://serverlessworkflow.io/schemas/1.0.0-alpha1/workflow.yaml#/$defs/authenticationPolicy/oneOf/4/oidc's oneOfs:

#...
    - title: OpenIdConnectAuthenticationPolicy
      description: Use OpenIdConnect authentication.
      properties:
        oidc:
          type: object
          title: OpenIdConnectAuthenticationPolicyConfiguration
          description: The configuration of the OpenIdConnect authentication policy.
          unevaluatedProperties: false
          oneOf:
            - $ref: '#/$defs/oauth2AuthenticationProperties'
              title: OpenIdConnectAuthenticationProperties
              description: The inline configuration of the OpenIdConnect authentication policy.
            - $ref: '#/$defs/secretBasedAuthenticationPolicy'
              title: OpenIdConnectAuthenticationPolicySecret
              description: Secret based configuration of the OpenIdConnect authentication policy.
      required: [ oidc ]
  oauth2AuthenticationProperties:
    type: object
    title: OAuth2AutenthicationData
    description: Inline configuration of the OAuth2 authentication policy.
    properties:
      authority:
        type: string
        format: uri-template
        title: OAuth2AutenthicationDataAuthority
        description: The URI that references the OAuth2 authority to use.
#...

What you expected to be:
For each oneOf to be clearly distinct.

  • Specification version used: 1.0.0-alpha3
@ricardozanini ricardozanini added change: fix Something isn't working. Impacts in a minor version change. area: spec Changes in the Specification labels Sep 6, 2024
@ricardozanini ricardozanini added this to the v1.0.0 milestone Sep 6, 2024
@github-project-automation github-project-automation bot moved this from Backlog to Done in Progress Tracker Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: spec Changes in the Specification change: fix Something isn't working. Impacts in a minor version change.
Projects
Status: Done
2 participants