hydra icon indicating copy to clipboard operation
hydra copied to clipboard
verified publisher icon ory

feat: list consent sessions by session id

Open aarmam opened this issue 4 years ago • 2 comments

This pull request introduces feature to list subject consent sessions by session id.

Use case: When authentication is initiated without prompt parameter from multiple devices, we would like to distinguish in what session was the consent given.

Current situation: GET /oauth2/auth/sessions/consent returns single consent and it references to the session id, where the consent was initially given. Furthermore if logout is performed from device initially gave the consent, the reference to login session id is cleared. If prompt=consent were to be used, separate consents with separate session id would be returned and you would not have same problems. So this endpoint behaves differently in relation to how login session id is referenced.

Proposed solution: Add additional query parameter login_session_id for GET /oauth2/auth/sessions/consent to return consents related to requested session id. This solution does not change how login session id is referenced in result.

Checklist

  • [x] I have read the contributing guidelines.
  • [x] I have referenced an issue containing the design document if my change introduces a new feature.
  • [x] I am following the contributing code guidelines.
  • [x] I have read the security policy.
  • [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. vulnerability, I confirm that I got green light (please contact [email protected]) from the maintainers to push the changes.
  • [x] I have added tests that prove my fix is effective or that my feature works.
  • [x] I have added or changed the documentation.

Further Comments

Tests and documentation will be commited after inital acceptance of the proposed feature.

aarmam avatar Nov 12 '21 17:11 aarmam

Let me know if ready for 👀 by clicking "ready for review"!

aeneasr avatar Nov 22 '21 21:11 aeneasr

Codecov Report

Merging #2853 (20d5bbc) into master (316b582) will increase coverage by 0.13%. The diff coverage is 94.20%.

@@            Coverage Diff             @@
##           master    #2853      +/-   ##
==========================================
+ Coverage   76.82%   76.95%   +0.13%     
==========================================
  Files         123      123              
  Lines        8976     9044      +68     
==========================================
+ Hits         6896     6960      +64     
- Misses       1652     1655       +3     
- Partials      428      429       +1
Impacted Files Coverage Δ
consent/manager.go 100.00% <ø> (ø)
persistence/sql/persister_consent.go 87.41% <84.61%> (-0.18%) :arrow_down:
consent/handler.go 66.01% <100.00%> (+0.67%) :arrow_up:
consent/manager_test_helpers.go 97.93% <100.00%> (+0.10%) :arrow_up:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Nov 24 '21 08:11 codecov[bot]