Skip to content

Support for $oidc_pkce_enable directive through OIDC Policy #6713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 tasks
shaun-nx opened this issue Oct 25, 2024 · 1 comment · May be fixed by #7765
Open
2 tasks

Support for $oidc_pkce_enable directive through OIDC Policy #6713

shaun-nx opened this issue Oct 25, 2024 · 1 comment · May be fixed by #7765
Assignees
@javorszky @AlexFenlon
Labels
area/security Issues related to security capabilities or concerns backlog Pull requests/issues that are backlog items proposal An issue that proposes a feature request refined Issues that are ready to be prioritized
Milestone
v5.1.0

Comments

@shaun-nx
Copy link
Contributor

shaun-nx commented Oct 25, 2024
edited
Loading

As a user of NGINX Ingress Controller, I would like to ensure my OIDC Policies can enable PCKE (Proof of key exchange) to further enhance the security posture of my applications

Final part for #1782

UACs:

  • Update OIDC policy to enable toggling the $oidc_pkce_enable directive
  • Update documentation to detail the implications of this setting

References:

This directive is currently configured in our templates here:
https://github.com/nginxinc/kubernetes-ingress/blob/release-3.7/internal/configs/version2/nginx-plus.virtualserver.tmpl#L92
@shaun-nx shaun-nx added the proposal An issue that proposes a feature request label Oct 25, 2024
@github-actions GitHub Actions
Copy link

Hi @shaun-nx thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@shaun-nx shaun-nx added ready for refinement An issue that was triaged and it is ready to be refined refined Issues that are ready to be prioritized backlog Pull requests/issues that are backlog items and removed ready for refinement An issue that was triaged and it is ready to be refined labels Oct 25, 2024
@pdabelf5 pdabelf5 mentioned this issue Oct 30, 2024
Open
@shaun-nx shaun-nx added this to the v4.1.0 milestone Jan 9, 2025
@lucacome lucacome moved this to Prioritized backlog in NGINX Ingress Controller Jan 15, 2025
@shaun-nx shaun-nx modified the milestones: v4.1.0, v4.2.0 Feb 27, 2025
@shaun-nx shaun-nx added the area/security Issues related to security capabilities or concerns label Mar 28, 2025
@shaun-nx shaun-nx modified the milestones: v4.2.0, v4.3.0 Mar 28, 2025
@danielnginx danielnginx moved this from Prioritized backlog to Todo ☑ in NGINX Ingress Controller Apr 16, 2025
@javorszky javorszky moved this from Todo ☑ to In Progress 🛠 in NGINX Ingress Controller Apr 22, 2025
@javorszky javorszky linked a pull request May 8, 2025 that will close this issue
Draft
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javorszky javorszky

@AlexFenlon AlexFenlon

Labels
area/security Issues related to security capabilities or concerns backlog Pull requests/issues that are backlog items proposal An issue that proposes a feature request refined Issues that are ready to be prioritized
Projects
NGINX Ingress Controller
Status: In Progress 🛠
Milestone
v5.1.0
Development

Successfully merging a pull request may close this issue.

Add OIDC PKCE configuration through policy nginx/kubernetes-ingress
3 participants
@javorszky @AlexFenlon @shaun-nx