Skip to content

[management,client] PKCE add query parameter flag prompt=login or max… #3824

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 14, 2025
Merged

[management,client] PKCE add query parameter flag prompt=login or max… #3824

merged 8 commits into from
May 14, 2025

Conversation

crn4
Copy link
Contributor

@crn4 crn4 commented May 14, 2025
edited
Loading

Describe your changes

Introduces a new flag for the PKCE authentication flow. When active, this flag appends query parameters such as 'prompt=login' or 'max_age=0' to the authorization request.

Issue ticket number and link

Stack

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

@Copilot Copilot AI review requested due to automatic review settings May 14, 2025 13:01
@CLAassistant
Copy link

CLAassistant commented May 14, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

Copilot
Copilot AI reviewed May 14, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a new flag to configure PKCE authentication behavior, allowing the authorization request to include query parameters such as "prompt=login" or "max_age=0". Key changes include adding a new LoginFlag type and related methods in the management service, updating GRPC and proto definitions to carry the flag, and modifying client code and tests to handle the new behavior.

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file
File Description
management/server/types/config.go New LoginFlag enum and helper methods added
management/server/grpcserver.go Mapping LoginFlag from configuration to proto message
management/proto/management.proto New field for LoginFlag added (note comment mismatch)
infrastructure_files/*.tmpl and setup.env files New environment variables to configure the login flag
client/internal/pkce_auth.go & auth/pkce_flow*.go Client integration for the new flag with updated tests

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

mlsmaycon
mlsmaycon requested changes May 14, 2025
View reviewed changes
client/internal/pkce_auth.go
@@ -99,7 +102,7 @@ func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL
RedirectURLs: protoPKCEAuthorizationFlow.GetProviderConfig().GetRedirectURLs(),
UseIDToken: protoPKCEAuthorizationFlow.GetProviderConfig().GetUseIDToken(),
ClientCertPair: clientCert,
DisablePromptLogin: protoPKCEAuthorizationFlow.GetProviderConfig().GetDisablePromptLogin(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should keep this one

management/client/common/types.go Outdated
Comment on lines 7 to 12
// LoginFlagDisabled disables additional login flags
LoginFlagDisabled LoginFlag = iota
// LoginFlagPrompt adds prompt=login to the authorization request
LoginFlagPrompt
// LoginFlagMaxAge0 adds max_age=0 to the authorization request
LoginFlagMaxAge0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// LoginFlagDisabled disables additional login flags
LoginFlagDisabled LoginFlag = iota
// LoginFlagPrompt adds prompt=login to the authorization request
LoginFlagPrompt
// LoginFlagMaxAge0 adds max_age=0 to the authorization request
LoginFlagMaxAge0
// LoginFlagPrompt adds prompt=login to the authorization request
LoginFlagPrompt LoginFlag = iota
// LoginFlagMaxAge0 adds max_age=0 to the authorization request
LoginFlagMaxAge0

We don't need a disabled flag in this case since we have a dedicated field for it with the DisablePromptLogin bool.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, sure

@crn4 crn4 merged commit 2158461 into main May 14, 2025
36 of 37 checks passed
@crn4 crn4 deleted the feat/configurable-prompt-max-age-login branch May 14, 2025 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@mlsmaycon mlsmaycon mlsmaycon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@crn4 @CLAassistant @mlsmaycon