openwallet-foundation / acapy-vc-authn-oidc / 20922788936 / 1
89%
main: 89%

DEFAULT BRANCH: main
Ran
Files 37
Run time 1s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 88.732% (+0.09%) from 88.646%
20922788936.1

push

github

web-flow 
Webvh Support (#937)

* Fix OIDC subject identifier management and Redis memory leaks

Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com>

This commit addresses critical issues in subject identifier handling for
OIDC authentication with verifiable credentials, ensuring stable subjects
across logins.

* Subject Identifier Stability (OIDC Compliance)

- Update AuthSession.pyop_user_id to presentation_sub after verification
  This ensures the subject in the database matches the subject in the ID
  token, eliminating UUID indirection and improving consistency.

- Use presentation_sub directly as PyOP user_id for claims storage
  Instead of mapping UUID -> presentation_sub, we now replace the UUID
  with presentation_sub after credential verification, simplifying the
  architecture and ensuring stable subjects across multiple logins.

* Reverse Mapping Cleanup (Stale Entry Prevention)

- Implement reverse mapping cleanup in store_subject_identifier()
  When a user logs in multiple times, the same presentation_sub creates
  new user_id entries. Without cleanup, PyOP's reverse lookup would find
  stale mappings, causing it to look up claims with wrong user_id.

- Add reverse:{identifier} -> user_id mapping for O(1) cleanup
  Before storing a new subject identifier, check if reverse mapping exists.
  If it points to a different user_id, delete that stale mapping.
  This ensures only ONE user_id -> presentation_sub mapping exists at
  a time.

* TTL for subject_identifier_storage

Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com>

Add 1-hour TTL to subject_identifier_storage

* Add necessary configuration to support webvh

Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com>

* Add webvh plugin

Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com>

* Add tests for subject_identifier changes

Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com>

* Correcting tests

Signed-off-by: Gavin Jaeger-Freeborn <gavi... (continued)

2071 of 2334 relevant lines covered (88.73%)

0.89 hits per line

Source Files on job python-3.12 - 20922788936.1