Closed thomasleplus closed 2 weeks ago
@tft7000 I have been meaning to pin the version of lua-resty-openidc since it's a best practice anyway. Just never got around to do it (plus I am not looking forward to have one more version to track and bump regularly). But we just saw a clear demonstration that it's worth it so now it's done. If I could request your help in testing again, I would greatly appreciate it.
@thomasleplus :
I tested #102 locally:
--no-cache
)main
-> it worked -> I later realized that the branch was merged already101-pin-lua-resty-openidc
-> it worked (login and logout in an automated test)meanwhile the image is out on docker hub:
leplusorg/openid-connect-provider-debugger:main
-> it worked the same waythank you very much!
Thank you! I still have to figure out what's the issue with lua-resty-openidc 1.8.0. I'd like to solve that before releasing but if I am stalled I'll release as it is now and make it the new latest
docker tag.
Cheers
@thomasleplus :
I tested #102 locally:
- clone the project
- adapt the build script (add
--no-cache
)- tested
main
-> it worked -> I later realized that the branch was merged already- tested
101-pin-lua-resty-openidc
-> it worked (login and logout in an automated test)meanwhile the image is out on docker hub:
- testing the image
leplusorg/openid-connect-provider-debugger:main
-> it worked the same waythank you very much!
You mentioned an automated test. Do you think that's something that you could contribute as well? If not it's OK but I am unhappy with the current test (it's just checking that the container starts and responds to a curl HTTP request). I meant to improve it but haven't found the time so far.
@thomasleplus :
You mentioned an automated test. Do you think that's something that you could contribute as well? If not it's OK but I am unhappy with the current test (it's just checking that the container starts and responds to a curl HTTP request). I meant to improve it but haven't found the time so far.
Unfortunately that is not possible, as I use this OIDC client to test our company product.
I was shortly looking around and I probably would do it in the following way:
I would use https://github.com/panva/node-oidc-provider
// standalone.js - run with `node standalone.js`
import Provider from 'oidc-provider';
const configuration = {
// refer to the documentation for other available configuration
clients: [{
client_id: 'foo',
client_secret: 'bar',
redirect_uris: ['http://localhost:8080/debug'],
// ... other client properties
pkce: { methods: ['S256'] }
}],
};
const oidc = new Provider('http://localhost:3000', configuration);
oidc.listen(3000, () => {
console.log('oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration');
});
with package.json
{
"dependencies": {
"oidc-provider": "^8.5.1"
},
"name": "test-op",
"main": "standalone.js",
"type": "module"
}
so the directory structure could look this this:
- test-op
- package.json
- package-lock.json
- standalone.js
use_pkce = false
from the lua-resty-openidc
libnode standalone.js
and the docker app (RP) I hope this helps as a starter.
OK, no worries I totally understand. I will revisit soon.
I tested the updates and I get an error
error opening session
(missing session audience
) on return from authentication. ~The error seems to be introduced by the change from openresty:1.25.3.1 -> 1.25.3.2 (FROM openresty/openresty:1.25.3.1-alpine-fat@sha256:17868b5ec232561bc64862160296c3f8480650bc4cbc19b88e056750bd78f527
toFROM openresty/openresty:1.25.3.2-alpine-fat@sha256:aa8ea52fa35a296558aed8b392fb39d575e39dd4a7717fa44f1fd6fc09c1185d
).~ At least if I change that line back, it seems to work again. I will have a look, if I see the problem.Edit:
To fix the current built the Dockerfile needs to add
--pin 1.7.6
to the oidc lib:What do you think?
Originally posted by @tft7000 in https://github.com/leplusorg/openid-connect-provider-debugger/issues/95#issuecomment-2378817796