How to reset User authentication in plugin

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to reset User authentication in plugin

Goyot, Martin
Hi there,

I'm working on an OAuth2 plugin integration on Jenkins. One question I have in the OAuth2 context and haven't found an answer to in the GitHub or BitBucket plugins is how to force the user through authentication again.

Let me explain the context:

In OAuth2 you're generally given 2 tokens, one short-lived, the Access Token, and one (optional) which lives longer, the Refresh Token which lets you get a new Access Token once the previous one expires. One use case that can appear is that either both (access and refresh) tokens are expired or you don't even have a refresh token. In this case, in the Matrix-based security when we try to check usernames or groupnames we just fail because we get rejected by the OAuth2 server.

In this context, what we'd like to be able to do is that in the loadUserByUsername and loadGroupByGroupname methods of the SecurityRealm we would force the user through re-authentication if we detect his token to be expired/revoked.

Is there a way to do so, have the user go through authentication again before accessing the page ? Some kind of Stapler middleware class ?

Thanks,
Martin

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CA%2Bb6JB-6EBs_fAFQgoWgDgvNsPY8H70LnbLx0qmkbKJ5ND5DMQ%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: How to reset User authentication in plugin

Goyot, Martin
Hi there,

still looking into this. Is there a Stappler middleware to write in order to catch requests beforehand ?

Thanks,
Martin

Le ven. 10 juil. 2020 à 16:24, Goyot, Martin <[hidden email]> a écrit :
Hi there,

I'm working on an OAuth2 plugin integration on Jenkins. One question I have in the OAuth2 context and haven't found an answer to in the GitHub or BitBucket plugins is how to force the user through authentication again.

Let me explain the context:

In OAuth2 you're generally given 2 tokens, one short-lived, the Access Token, and one (optional) which lives longer, the Refresh Token which lets you get a new Access Token once the previous one expires. One use case that can appear is that either both (access and refresh) tokens are expired or you don't even have a refresh token. In this case, in the Matrix-based security when we try to check usernames or groupnames we just fail because we get rejected by the OAuth2 server.

In this context, what we'd like to be able to do is that in the loadUserByUsername and loadGroupByGroupname methods of the SecurityRealm we would force the user through re-authentication if we detect his token to be expired/revoked.

Is there a way to do so, have the user go through authentication again before accessing the page ? Some kind of Stapler middleware class ?

Thanks,
Martin

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CA%2Bb6JB_OhLVb%2BPL7yFsYNo%2BEHnR8EeeFAC-PmPiSPay_j17kOg%40mail.gmail.com.