Skip to content

🐛(back) allow / and = characters in user sub field #1295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🐛(back) allow / and = characters in user sub field #1295

wants to merge 1 commit into from

Conversation

lunika
Copy link
Member

@lunika lunika commented Aug 22, 2025

Purpose

We want to keep a restricted list of allowed characters in the user sub field. We allow now the = and /

Proposal

  • 🐛(back) allow / and = characters in user sub field

Fix #1280

@lunika
🐛(back) allow / and = characters in user sub field
0ea8aba 
We want to keep a restrict list of allowed characters in the user sub
field. We allow now the = and /
Fix #1280
@lunika lunika requested a review from AntoLC August 22, 2025 10:05
@lunika lunika self-assigned this Aug 22, 2025
@lunika lunika added the bug Something isn't working label Aug 22, 2025
@lunika lunika mentioned this pull request Aug 22, 2025
Open
@lunika lunika requested a review from qbey August 26, 2025 09:14
qbey
qbey reviewed Aug 26, 2025
View reviewed changes
Copy link
Member

@qbey qbey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check:

  • add a changelog?
  • update migrations (no-op)?

We can merge it like this, but I wonder whether we should be less restrictive on the sub field, wdyt?

src/backend/core/models.py
),
)

sub = models.CharField(
_("sub"),
help_text=_(
"Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
"Required. 255 characters or fewer. Letters, numbers, and @.+-_:=/ characters only."
Copy link
Member

@qbey qbey Aug 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually the OIDC spec says the sub can contain up to 255 ASCII characters (following RFC 20 https://www.rfc-editor.org/rfc/rfc20.txt)

Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII [RFC20] characters in length. The sub value is a case-sensitive string.

Should we be less restrictive?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qbey qbey qbey left review comments

@AntoLC AntoLC Awaiting requested review from AntoLC

At least 1 approving review is required to merge this pull request.

Assignees

@lunika lunika

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Docs incompatible with ADFS OIDC provider
2 participants
@lunika @qbey