[PR #824] [MERGED] Enhance OIDC Support for Compatibility with Strict Providers #1114

New Issue

Closed

opened 2026-02-04 21:51:09 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-04 21:51:09 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/plankanban/planka/pull/824
Author: @lebaudantoine
Created: 7/15/2024
Status: ✅ Merged
Merged: 7/16/2024
Merged by: @meltyshev

Base: master ← Head: master

---

📝 Commits (3)

• a6c8f1b ref: Parametrize OIDC authorization response mode
• 9aaaca1 feat: Support OIDC signed UserInfo responses
• 6b3f887 feat: Parametrize OIDC ID token signing algorithm

📊 Changes

5 files changed (+34 additions, -6 deletions)

View changed files

📝 server/api/controllers/access-tokens/exchange-using-oidc.js (+7 -0)
📝 server/api/controllers/show-config.js (+9 -4)
📝 server/api/helpers/users/get-or-create-one-using-oidc.js (+5 -0)
📝 server/api/hooks/oidc/index.js (+9 -2)
📝 server/config/custom.js (+4 -0)

📄 Description

I am working for the French government, which employs a very strict OIDC provider. Government applications often adhere to more stringent implementations of the OIDC specification to enhance security.

To properly connect Planka with their OIDC provider, I needed to add greater flexibility to the current openid-client integration. The initial implementation was missing some important features, such as support for signed user info.

Given the nature of this work, it's crucial to clearly explain every change, I tried to be as explicit as possible in my commits.

Here's a summary:

• Allow using the default value of response_mode or specifying a custom value without introducing breaking changes.
• Ensure the client can handle signed user info responses from strict OIDC providers.
• Expand Supported Signing Algorithms, by supporting more signing algorithms than just 'RS256' for the ID token endpoint.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/plankanban/planka/pull/824 **Author:** [@lebaudantoine](https://github.com/lebaudantoine) **Created:** 7/15/2024 **Status:** ✅ Merged **Merged:** 7/16/2024 **Merged by:** [@meltyshev](https://github.com/meltyshev) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (3) - [`a6c8f1b`](https://github.com/plankanban/planka/commit/a6c8f1bc23ecfff3fc728f515aa551d6f7fec651) ref: Parametrize OIDC authorization response mode - [`9aaaca1`](https://github.com/plankanban/planka/commit/9aaaca1b8d9c34f2587c361abeae7a13e3392331) feat: Support OIDC signed UserInfo responses - [`6b3f887`](https://github.com/plankanban/planka/commit/6b3f8876840988595807191a058ac7b0c431d066) feat: Parametrize OIDC ID token signing algorithm ### 📊 Changes **5 files changed** (+34 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `server/api/controllers/access-tokens/exchange-using-oidc.js` (+7 -0) 📝 `server/api/controllers/show-config.js` (+9 -4) 📝 `server/api/helpers/users/get-or-create-one-using-oidc.js` (+5 -0) 📝 `server/api/hooks/oidc/index.js` (+9 -2) 📝 `server/config/custom.js` (+4 -0) </details> ### 📄 Description I am working for the French government, which employs a very strict OIDC provider. Government applications often adhere to more stringent implementations of the OIDC specification to enhance security. To properly connect Planka with their OIDC provider, I needed to add greater flexibility to the current openid-client integration. The initial implementation was missing some important features, such as support for signed user info. Given the nature of this work, it's crucial to clearly explain every change, I tried to be as explicit as possible in my commits. Here's a summary: - Allow using the default value of `response_mode` or specifying a custom value without introducing breaking changes. - Ensure the client can handle signed user info responses from strict OIDC providers. - Expand Supported Signing Algorithms, by supporting more signing algorithms than just 'RS256' for the ID token endpoint. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-04 21:51:09 +03:00

OVERLORD closed this issue 2026-02-04 21:51:22 +03:00

OVERLORD referenced this issue 2026-02-04 21:55:57 +03:00

[PR #1114] [MERGED] updated italian locales to 2.0 #1191

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

dependabot/npm_and_yarn/client/multi-5543462fab

gh-pages

dependabot/npm_and_yarn/multi-795903f3f3

dependabot/npm_and_yarn/server/multi-60f2582fdd

dependabot/npm_and_yarn/client/qs-6.14.2

dependabot/npm_and_yarn/client/markdown-it-14.1.1

v2.0.2

planka-2.0.2

v2.0.1

planka-2.0.1

v2.0.0

planka-2.0.0

planka-1.1.2

planka-1.1.1

planka-1.1.0

planka-1.0.5

planka-1.0.4

v2.0.0-rc.4

v1.26.3

planka-0.2.26

planka-1.0.3

planka-1.0.2

v2.0.0-rc.3

planka-1.0.1

planka-1.0.0

v2.0.0-rc.2

planka-0.2.25

v1.26.2

v1.26.1

planka-0.2.24

v1.26.0

planka-0.2.23

v1.25.1

planka-0.2.22

v1.25.0

planka-0.2.21

v1.24.4

planka-0.2.20

v1.24.3

planka-0.2.19

planka-0.2.18

v1.24.2

planka-0.2.17

planka-0.2.16

v1.24.1

planka-0.2.15

v1.24.0

planka-0.2.14

v1.23.5

v1.23.4

planka-0.2.13

planka-0.2.12

v1.23.3

planka-0.2.11

v1.23.2

planka-0.2.10

v1.23.1

planka-0.2.9

v1.23.0

v1.22.0

planka-0.2.8

Labels

Clear labels

bug

bug

documentation

documentation

duplicate

enhancement

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#1114