[pve-devel] [PATCH SERIES access-control/docs/manager/perl-rs/proxmox-openid v3] Make OIDC userinfo endpoint optional
Mira Limbeck
m.limbeck at proxmox.com
Thu Mar 6 16:15:49 CET 2025
On 2/8/25 06:42, Thomas Skinner wrote:
> Continues work on adding an option to disable querying the userinfo endpoint for an
> OIDC provider.
>
> Changes since v2:
> - Adjust verify_authorization_code in pve-rs to be backwards compatible
> - Fix defaults in wrapper functions
>
> access-control:
>
> Thomas Skinner (1):
> fix #4234: add library functions for openid optional userinfo request
>
> src/PVE/API2/OpenId.pm | 6 +++++-
> src/PVE/Auth/OpenId.pm | 7 +++++++
> 2 files changed, 12 insertions(+), 1 deletion(-)
>
>
> docs:
>
> Thomas Skinner (1):
> fix #4234: add docs for openid optional userinfo request
>
> pveum.adoc | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>
> manager:
>
> Thomas Skinner (1):
> fix #4234: add GUI option for openid optional userinfo request
>
> www/manager6/dc/AuthEditOpenId.js | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
>
> perl-rs:
>
> Thomas Skinner (1):
> fix #4234: openid: adjust openid verification function for userinfo
> option
>
> pve-rs/src/openid/mod.rs | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
>
> proxmox-openid:
>
> Thomas Skinner (1):
> fix #4234: openid: add library functions for optional userinfo
> endpoint
>
> proxmox-openid/src/lib.rs | 30 +++++++++++++++++++++++++++++-
> 1 file changed, 29 insertions(+), 1 deletion(-)
>
>
Thank you for the patch series!
I've tested it with Authentik, and checked with tcpdump to see if the
userinfo endpoint was queried. Works as I would expect.
I had to manually apply the pve-rs patch since code was moved around
since then. More information as reply to the patch itself.
More information about the pve-devel
mailing list