[ES-2712] OpenId global config readme update#1647
[ES-2712] OpenId global config readme update#1647Md-Humair-KK wants to merge 1 commit intomosip:developfrom
Conversation
Signed-off-by: Md-Humair-KK <mdhumair.kankudti@gmail.com>
WalkthroughA new documentation file has been added describing OpenID Server Profiles in eSignet, covering profile types (fapi2.0, none, custom), configuration properties, server-profile database mapping, custom profile creation, client registration behavior, and runtime execution steps. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/design/server-profile.md`:
- Line 20: Update the fapi2.0 feature mappings so JWE is enabled and PKCE is
not; specifically change the table row for the `fapi2.0` profile (the line
showing "| `fapi2.0` | ✅ | ✅ | ❌ | ✅ | ...") to reflect JWE=true and PKCE=false,
and correct the other occurrences that currently map PKCE instead of JWE (the
entries referenced around lines 27 and the block that maps features at lines
41-44) so that PAR, DPoP, and JWE are enabled and PKCE is not.
|
|
||
| | Profile | PAR | DPoP | JWE | PKCE | Description | | ||
| |---------|-----|------|-----|------|-------------| | ||
| | `fapi2.0` | ✅ | ✅ | ❌ | ✅ | FAPI 2.0 Security Profile compliant - Enforces Pushed Authorization Requests, DPoP token binding, and PKCE for enhanced security | |
There was a problem hiding this comment.
Correct fapi2.0 feature mapping (JWE enabled, PKCE not enforced).
The fapi2.0 entries are currently inverted in multiple places: Line 20 and Line 27 document PKCE as enabled and JWE as disabled, and Lines 41-44 map PKCE instead of JWE. This will mislead operators and produce incorrect profile expectations.
Proposed doc fix
-| `fapi2.0` | ✅ | ✅ | ❌ | ✅ | FAPI 2.0 Security Profile compliant - Enforces Pushed Authorization Requests, DPoP token binding, and PKCE for enhanced security |
+| `fapi2.0` | ✅ | ✅ | ✅ | ❌ | FAPI 2.0 Security Profile compliant - Enforces Pushed Authorization Requests, DPoP token binding, and JWE for enhanced security |
-# fapi2.0 - FAPI 2.0 compliance with PAR, DPoP, and PKCE enforced
+# fapi2.0 - FAPI 2.0 compliance with PAR, DPoP, and JWE enforced
| `fapi2.0` | PAR | `require_pushed_authorization_requests` |
| `fapi2.0` | DPOP | `dpop_bound_access_tokens` |
-| `fapi2.0` | PKCE | `require_pkce` |
+| `fapi2.0` | JWE | `encrypted_id_token_supported` |Based on learnings: For the esignet OpenID profile feature configurations, the fapi2.0 profile enables only PAR, DPOP, and JWE features, and PKCE should not be included for fapi2.0.
Also applies to: 27-27, 41-44
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/design/server-profile.md` at line 20, Update the fapi2.0 feature
mappings so JWE is enabled and PKCE is not; specifically change the table row
for the `fapi2.0` profile (the line showing "| `fapi2.0` | ✅ | ✅ | ❌ | ✅ | ...")
to reflect JWE=true and PKCE=false, and correct the other occurrences that
currently map PKCE instead of JWE (the entries referenced around lines 27 and
the block that maps features at lines 41-44) so that PAR, DPoP, and JWE are
enabled and PKCE is not.
1 participant
Summary by CodeRabbit