Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Extensibility for Custom Signed Assertion Providers #3226

Draft
wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

Adding Extensibility for Custom Signed Assertion Providers #3226

wants to merge 6 commits into from

Conversation

JoshLozensky
Copy link
Contributor

TODO write description :)

Fixes #3220

@github-actions GitHub Actions
Copy link

Summary

Summary
Generated on: 1/30/2025 - 1:39:03 AM
Coverage date: 1/30/2025 - 1:37:41 AM - 1/30/2025 - 1:38:48 AM
Parser: MultiReport (2x Cobertura)
Assemblies: 0
Classes: 0
Files: 0
Line coverage:
Covered lines: 0
Uncovered lines: 0
Coverable lines: 0
Total lines: 0
Covered branches: 0
Total branches: 0
Method coverage: Feature is only available for sponsors

Coverage

No assemblies have been covered.

@github-actions GitHub Actions
Copy link

Summary

Summary
Generated on: 1/30/2025 - 3:20:54 AM
Coverage date: 1/30/2025 - 3:19:27 AM - 1/30/2025 - 3:20:39 AM
Parser: MultiReport (2x Cobertura)
Assemblies: 0
Classes: 0
Files: 0
Line coverage:
Covered lines: 0
Uncovered lines: 0
Coverable lines: 0
Total lines: 0
Covered branches: 0
Total branches: 0
Method coverage: Feature is only available for sponsors

Coverage

No assemblies have been covered.

jmprieur
jmprieur reviewed Jan 30, 2025
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good start
I left some questions/comments. I'm puzzled by the exceptions.

src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoaderCustomSignedAssertion.cs Outdated Show resolved Hide resolved
src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoaderCustomSignedAssertion.cs Outdated Show resolved Hide resolved
src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoader.cs
if (CredentialSourceLoaders.TryGetValue(credentialDescription.SourceType, out ICredentialSourceLoader? loader))
if (credentialDescription.SourceType == CredentialSource.CustomSignedAssertion)
{
await ProcessCustomSignedAssertionAsync(credentialDescription, parameters);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method throws, but we don't catch the exception, which btw is internal?

Copy link
Contributor Author

@JoshLozensky JoshLozensky Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jmprieur
I'm a bit confused as to why we would need to catch it here since it is logged inside the ProcessCustomSignedAssertionAsync method. In the similar example on lines 87 and 88 for other source types when we do catch the exception, we do so to log it before throwing.

Copy link
Collaborator

@jmprieur jmprieur Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to throw at all in the extensibility (the code you are adding). We are in control of that code. But we need to catch the exception sent by the extensions (the code that extenders will write). So indeed, you should have something like line 83

@github-actions GitHub Actions
Copy link

Summary

Summary
Generated on: 1/30/2025 - 6:58:51 PM
Coverage date: 1/30/2025 - 6:57:25 PM - 1/30/2025 - 6:58:34 PM
Parser: MultiReport (2x Cobertura)
Assemblies: 0
Classes: 0
Files: 0
Line coverage:
Covered lines: 0
Uncovered lines: 0
Coverable lines: 0
Total lines: 0
Covered branches: 0
Total branches: 0
Method coverage: Feature is only available for sponsors

Coverage

No assemblies have been covered.

@JoshLozensky
Copy link
Contributor Author

Good start I left some questions/comments. I'm puzzled by the exceptions.

I mistook "log a new error" from the spec for throw a new exception

@github-actions GitHub Actions
Copy link

Summary

Summary
Generated on: 1/31/2025 - 6:54:26 AM
Coverage date: 1/31/2025 - 6:53:12 AM - 1/31/2025 - 6:54:14 AM
Parser: MultiReport (2x Cobertura)
Assemblies: 0
Classes: 0
Files: 0
Line coverage:
Covered lines: 0
Uncovered lines: 0
Coverable lines: 0
Total lines: 0
Covered branches: 0
Total branches: 0
Method coverage: Feature is only available for sponsors

Coverage

No assemblies have been covered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jennyf19 jennyf19 jennyf19 left review comments

@jmprieur jmprieur jmprieur left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose credential loader extensibility to support custom signed assertion providers
3 participants
@JoshLozensky @jmprieur @jennyf19