feat: add native UAE PASS OIDC provider#4540
Conversation
|
|
suquant
force-pushed
the
feat/uaepass-provider
branch
3 times, most recently
from
30352b0 to
7969a27
Compare
suquant
force-pushed
the
feat/uaepass-provider
branch
4 times, most recently
from
d5706b5 to
a82579b
Compare
Add a dedicated 'uaepass' provider type that handles UAE PASS OAuth2 natively without OIDC discovery. Key features: - Hardcoded staging/production endpoints (no .well-known support) - client_secret_basic auth style (AuthStyleInHeader) - Automatic acr_values injection for authentication level - No openid scope (UAE PASS does not support it) - Userinfo-based claims with all 18+ UAE PASS attributes - RawClaims populated for downstream Jsonnet mapper access - UUID-first subject identifier with sub fallback Includes unit tests (provider_userinfo_test.go) and documentation (docs/uaepass/README.md) with Jsonnet mapper examples.
suquant
force-pushed
the
feat/uaepass-provider
branch
from
a82579b to
20fc400
Compare
|
Hi @suquant! Thanks a lot for taking the time to contribute this PR and for working on UAE Pass support — we really appreciate the effort. Since this PR was opened, we’ve recently implemented native UAE Pass support in Kratos internally. Because of that, this change would overlap with the current implementation, so we’re going to close this PR. The built-in UAE Pass support will be released soon, so please keep an eye on the upcoming Kratos releases and let us know if anything is missing. Thanks again for the contribution and for helping improve Ory! |
|
Thanks for the update - and for explaining what’s going on. I’ll be honest, I did sink a fair amount of time into the UAE Pass integration for this PR. Research, testing the flow, wiring it into Kratos… the usual rabbit holes. So hearing that a native implementation was already in progress was a little frustrating at first. Mostly because there wasn’t any public signal about it. No PR, no issue, nothing I could find that hinted the work was already happening internally. If there had been even a small note somewhere, I probably would’ve taken a different route - or at least tried to line up with what you were building. Maybe that’s something worth considering for the future. Even a rough “work in progress” issue can help contributors avoid spending cycles on the same thing… or better yet, jump in and help earlier. Anyway, it’s still good news that Kratos will have proper UAE Pass support built in. I’ll keep an eye out for the release when it lands. If there’s anything that needs testing or an extra pair of eyes, I’m happy to help. And thanks for keeping the project going - seriously. |
|
@suquant Thanks for the thoughtful message and also for the work you put into the PR. We definitely understand that it’s frustrating to spend time on something only to find out overlapping work was already underway. Your point about visibility is fair feedback. In this case the work happened internally first and hadn’t been surfaced publicly yet. Just to add some context: in our contributing guide we recommend discussing larger features with the maintainers before starting implementation so we can align on direction and avoid duplicated work: That said, we really appreciate the effort you put into researching and wiring up the UAE Pass flow. Once the native UAE Pass support lands in a release, it would be great to have your help testing it and giving feedback — especially since you’ve already gone deep into the integration. Thanks again for contributing and for raising this in such a constructive way 🙏 |
|
To add on to what Deepak said - we just updated our CONTRIBUTING.md to make it clearer and prevent this in the future.
|
|
Thanks @vinckr and @deepakprabhakara for the update, and for tweaking the contributing guide. Makes sense to call that out more clearly. I get the idea behind asking for discussions upfront, especially to avoid people stepping on the same work. Totally fair. At the same time… just speaking from my side for a second. One of the reasons I ended up picking Kratos (and open source in general) is that you can just jump in, build something, see where it goes. A bit more "try first, talk later." That’s part of the fun. So with no public signal about the ongoing work, and now the stricter requirement, it does feel a bit more closed than I expected. Not saying it’s wrong - just… noticeable. Anyway, got the point, will keep that in mind next time. Still great to see UAE Pass landing natively, that’s a solid addition. Happy to test it once it’s out, or help out if anything’s missing. Good luck with the release 👍 |
|
That is fair - the idea behind having a discussion first is mostly to prevent drive-by pull requests - which are getting more and more common due to LLMs etc. And yea, due to the monorepo there is less visibility from outside into what the Ory team is working on - we are looking into different ways how we can make the "roadmap" more visible without causing frustration or putting pressure on the team. If you know a project that solves it well (or better) let me know. That being said we don't need a super involved discussion every time - in this instance for example you could just open an issue "i want to add an UAE Pass provider" - one of the maintainers will answer 👍 or 👎 and you can follow up with the PR quickly. |
4 participants
Add a dedicated 'uaepass' provider type that handles UAE PASS OAuth2 natively without OIDC discovery.
Key features:
Includes unit tests (provider_userinfo_test.go) and documentation (docs/uaepass/README.md) with Jsonnet mapper examples.
Related issue(s)
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
security@ory.com) from the maintainers to push
the changes.
works.
Credits
https://gbyte.tech