Skip to content

[FEATURE] Handle the edge cases of On-behalf-of Authentication #2891

New issue
New issue
Closed
Closed
[FEATURE] Handle the edge cases of On-behalf-of Authentication#2891
Assignees
Labels
enhancementNew feature or requesttriagedIssues labeled as 'Triaged' have been reviewed and are deemed actionable.

Description

Image for: Description
RyanL1997
opened on Jun 22, 2023

Problem

Image for: Problem

Since the OBO Token can perform on behalf of another user, it is necessary for us to frame the usages of this token.

Goal for closing this issue

Image for: Goal for closing this issue

**Implemented functionalities **

  • OBO Token cannot be used to issue another OBO token
  • OBO Token cannot be used to change the passwords

Follow up work of refactoring

  • Transfer the checking logic into individual functions [2] (e.g. a util class?)

Reference

Image for: Reference

[1] : https://github.com/opensearch-project/security/pull/3179/files/b31555926c59aafe9a310d64918002b91d51c676#diff-0550f691677d70fb9da2b6d5baf7d342bc670e0618a8598a259117818cb66f86R230
[2] : #3179 (comment)

Metadata

Image for: Metadata

Metadata

Image for: Metadata

Assignees

Labels

enhancementNew feature or requesttriagedIssues labeled as 'Triaged' have been reviewed and are deemed actionable.

Type

No type

Projects

Security for Extensions

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

Image for: Issue actions