Feature/OIDC authenticate flow by jurei733 · Pull Request #448 · iqb-berlin/coding-box

jurei733 · 2026-04-13T10:57:39Z

No description provided.

…uthorization Code authentication flow.

…k method

…n controller

…w handles all token verification, and error redirects are securely validated against the KEYCLOAK_URL to prevent open redirect vulnerabilities

…handling

…lm, clientId, clientSecret) are now initialized once in the class constructor as private readonly properties

…oded logic

…LBACK_BASE_PATH'

… PKCE logic, and refactor frontend OIDC integration.

…ng Keycloak integration, environment setup, backend implementation, frontend integration, and troubleshooting steps.

…p" from package-lock.json and package.json

…API, Frontend, Keycloak, and OIDC integration

…ent setup

…OIDC identity handling

github-advanced-security AI found potential problems Apr 13, 2026

View reviewed changes

Comment thread apps/backend/src/app/auth/auth.controller.ts Fixed

Comment thread apps/backend/src/app/auth/auth.controller.ts Fixed

Comment thread apps/backend/src/app/auth/auth.controller.ts Fixed

Comment thread apps/backend/src/app/auth/auth.controller.ts Fixed

jurei733 force-pushed the feature/oidc-authenticate-flow branch from f3904c8 to a9fbc8d Compare April 28, 2026 05:44

jurei733 and others added 28 commits June 1, 2026 14:53

Move auth flow to backend

fc30448

Update the README with a new section explaining the Keycloak OAuth2 A…

bba6239

…uthorization Code authentication flow.

Fixes security issue for the untrusted URL redirect vulnerability

f7f4e20

Fixes the type confusion vulnerability in the auth controller callbac…

7949c7e

…k method

Fixes the server-side URL redirect vulnerability in the authenticatio…

459a33f

…n controller

Ensure that JWT_SECRET infrastructure is dismantled since Keycloak no…

68c7d86

…w handles all token verification, and error redirects are securely validated against the KEYCLOAK_URL to prevent open redirect vulnerabilities

Fix the authentication crash issue by adding safe decodeURIComponent …

2a8b463

…handling

Fix the authentication callback error handling issue

6f39641

Refactor that Keycloak configuration values (keycloakUrl, keycloakRea…

d3fd60a

…lm, clientId, clientSecret) are now initialized once in the class constructor as private readonly properties

Configure the routing through environment variables instead of hard-c…

f0fb06c

…oded logic

Remove processing of obsolete environment variable 'JWT_SECRET'

2ce46f0

Rename 'KEYCLOAK_URL' to 'OIDC_PROVIDER_URL'

02fabcc

Rename 'KEYCLOAK_REALM' to 'OIDC_REALM'

89c07d7

Rename 'KEYCLOAK_CLIENT_ID' to 'OAUTH2_CLIENT_ID'

81f1210

Rename 'KEYCLOAK_CLIENT_SECRET' to 'OAUTH2_CLIENT_SECRET'

3390e4a

Generalize Keycloak integration to OIDC

3110a14

Roll back the 'Nginx OIDC runtime configuration'

8de99b6

Delete obsolete docker compose environment variable 'API_HOST'

3c0b54c

Revise processing of docker compose environment variable 'BACKEND_CAL…

deb47b0

…LBACK_BASE_PATH'

Revise docker compose environment files

c41e3cd

Revise install script

1839c7a

Add initial coding box keycloak realm

243f036

Move auth flow to backend

639c608

Implement PKCE support for OIDC authentication flow, overhaul backend…

2ac1ec6

… PKCE logic, and refactor frontend OIDC integration.

Add keycloak dev environment

a6ab395

Add Postgres 14 image pull to dev makefile

61d26d9

Add "admin" role to coding-box-realm configuration

c747f0b

Update README with Keycloak realm setup and timestamp replacement steps

2df579c

jurei733 added 12 commits June 1, 2026 14:55

Add comprehensive documentation for OIDC authentication flow, includi…

efd46a8

…ng Keycloak integration, environment setup, backend implementation, frontend integration, and troubleshooting steps.

Remove unnecessary "peer" field entries and dependency "path-to-regex…

8612c7c

…p" from package-lock.json and package.json

Add initial .env file with configuration values for Redis, Postgres, …

105aa79

…API, Frontend, Keycloak, and OIDC integration

Update default admin credentials and document them for local developm…

62164cd

…ent setup

Refactor workspace creation and testing for consistency and enhanced …

a8d7f48

…OIDC identity handling

Fix OAuth redirect validation

d5c8051

test: allow docx integration test more time

e3a6923

Fix OIDC rebase conflict regressions

6f11872

fix backend oidc and workspace token auth

3a855c2

add replay-safe coding job endpoints

1423c58

update frontend oidc token handling

679f4a7

configure frontend redirect port in dev compose

e59df91

jurei733 force-pushed the feature/oidc-authenticate-flow branch from 956f918 to e59df91 Compare June 2, 2026 06:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/OIDC authenticate flow#448

Feature/OIDC authenticate flow#448
jurei733 wants to merge 40 commits into
developfrom
feature/oidc-authenticate-flow

jurei733 commented Apr 13, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

jurei733 commented Apr 13, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants