Skip to content

Commit

Permalink
Actually respect ignore list in should_consider
Browse files Browse the repository at this point in the history
  • Loading branch information
@malexmave @twwd
malexmave authored and twwd committed Oct 1, 2024
1 parent 08434cb commit 8b0d3c3
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions kcwarden/auditors/idp/oidc_identity_provider_without_pkce.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,9 @@ class OIDCIdentityProviderWithoutPKCE(Auditor):
REFERENCE = "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-23#section-2.1.1"

def should_consider_idp(self, idp) -> bool:
# TODO Support the ignore list from the config here
# We are interested in identity providers that are:
# - using either the "oidc" or the "keycloak-oidc" provider (the others don't allow configuring the setting)
return idp.get_provider_id() in ["oidc", "keycloak-oidc"]
return idp.get_provider_id() in ["oidc", "keycloak-oidc"] and self.is_not_ignored(idp)

def idp_does_not_enforce_pkce(self, cfg) -> bool:
# TODO Refactor with .get once unit tests exist
Expand Down

0 comments on commit 8b0d3c3

Please sign in to comment.