Pass the trusted CA from the OIDC config to the HTTP GET call just like POST

istio-ecosystem / authservice

Move OIDC token acquisition out of your app code and into the Istio mesh

Apache License 2.0

217 stars 63 forks source link

Pass the trusted CA from the OIDC config to the HTTP GET call just like POST #235

Closed asa-yeamans closed 2 weeks ago

asa-yeamans commented 1 year ago

The GET call does not provide the trusted CA cert in opt to the HTTP GET call. Setting ca_cert to the provided value in the OIDC config

istio-testing commented 1 year ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: asa-yeamans Once this PR has been reviewed and has the lgtm label, please assign brenodemedeiros for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/istio-ecosystem/authservice/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

dio commented 1 year ago

Could you fix DCO? I think this is a legit change. Thanks!

asa-yeamans commented 1 year ago

Added DCO bits

jbraswell commented 1 year ago

Any updates here? We'd love to have this fix.

asa-yeamans commented 1 year ago

I am unable to build it locally due to issues creating a build environment, so I haven't been able to verify the changes build and subsequently that they perform as expected. The changes themselves are minimal so I presume they work, but assistance in verifying that would be helpful.

nacx commented 7 months ago

This should have been addressed in v1.0.0 already, as part of the Go rewrite. Could you give it a try?

nacx commented 2 weeks ago

This is already addressed in the latest versions of authservice, but please reopen if needed.