Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-9758

Quay 3.16.0 Quay APP should validate OIDC PKCE configurations at Startup

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • quay-v3.16.0
    • quay
    • False
    • Hide

      None

      Show
      None
    • False

      Description:

      This is an issue found in Quay 3.16.0 OIDC PKCE Support, the issue is with invalid PKCE configurations, Quay App can start successfully, and users can only see this issue when login with Quay, pls review this issue. 

      1. Invalid PKCE_METHOD not detected until user login attempt
      2. No startup check for USE_PKCE + PUBLIC_CLIENT combinations

      Quay: 3.16.0

      quay.io/redhat-user-workloads/quay-eng-tenant/stable-3-16-v4-20@sha256:ef7198a012b821bae4f5180f94aa226273d03c5d3ab28313f52f36a88b3040cd

      Example of invalid OIDC PKCE Configurations:

      REDHATSSO_LOGIN_CONFIG:
  CLIENT_ID: quay
  CLIENT_SECRET: *****
  OIDC_SERVER: https://sso-redhatsso.apps.quaytest-15413.qe.devcluster.openshift.com/auth/realms/quay/
  PREFERRED_GROUP_CLAIM_NAME: groupNames
  LOGIN_SCOPES: [ 'openid', 'roles' ]
  USE_PKCE: true
  PKCE_METHOD: "s299"
  SERVICE_NAME: redhatsso

       

       

       

              doconnor@redhat.com Dave O'Connor
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: