webfinger | A crate to help you fetch and serve WebFinger resources | REST library

 by   Plume-org Rust Version: Current License: GPL-3.0

kandi X-RAY | webfinger Summary

kandi X-RAY | webfinger Summary

webfinger is a Rust library typically used in Web Services, REST applications. webfinger has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has low support. You can download it from GitHub.

A crate to help you fetch and serve WebFinger resources.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              webfinger has a low active ecosystem.
              It has 7 star(s) with 0 fork(s). There are 4 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 0 open issues and 5 have been closed. On average issues are closed in 42 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of webfinger is current.

            kandi-Quality Quality

              webfinger has no bugs reported.

            kandi-Security Security

              webfinger has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              webfinger is licensed under the GPL-3.0 License. This license is Strong Copyleft.
              Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

            kandi-Reuse Reuse

              webfinger releases are not available. You will need to build from source code and install.
              Installation instructions are not available. Examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of webfinger
            Get all kandi verified functions for this library.

            webfinger Key Features

            No Key Features are available at this moment for webfinger.

            webfinger Examples and Code Snippets

            No Code Snippets are available at this moment for webfinger.

            Community Discussions

            QUESTION

            How can I discover the issuer of an opaque access token?
            Asked 2021-Jun-02 at 11:55

            I'm using OpenID Connect to control access to my REST API. One of the things I need to do when servicing a request is get the OIDC UserInfo based on the access token in request's Authorization: Bearer ... header.

            To this point I've been working with JWTs and this works fine. I'm looking at expanding this to work with opaque tokens as well.

            My strategy has been based on my understanding of the OpenID Connect Discovery spec, section 4:

            1. Extract the iss from the access token.
            2. Discover the userinfo endpoint by getting ${iss}/.well-known/openid-configuration and querying the JSON for userinfo_endpoint.
            3. HTTP GET the userinfo_endpoint, passing the access token as an Authorization: Bearer ... header.

            This works fine for opaque tokens... except for step 1. Currently, I have to know who the issuer is via an out-of-band mechanism because I don't know how to get the issuer from the opaque token (which, to be honest, makes sense given that it's opaque). I see a few possibilities:

            • Maybe I'm just supposed to know who issued it and my question is misguided.
            • Maybe the best thing to do is try a list of known issuers and see if one of them works.
            • Maybe there's a mechanism for discovering the issuer of the opaque token. (The spec refers to WebFinger, but that doesn't seem like it fits my use case.)
            • Maybe there's something I haven't considered...

            Thanks all for any help.

            ...

            ANSWER

            Answered 2021-May-27 at 17:32

            The standard mechanism for dealing with opaque tokens is via introspection. Also the preferred option is for there to only be a single type of access token - issued by your Authorization Server (AS), which sits alongside your APIs.

            The introspection result can be a claims payload or a JWT. It is common to plug in an API gateway, as in this article, so that the gateway makes the actual introspection call. The gateway should then cache results for subsequent calls made with the same access token.

            An opaque token is typically a GUID or something similar, and the issuer value is not stored in the token - it is instead stored in the issuing Authorization Server's back end state. The only way to determine the issuer is to try to introspect the token.

            FOREIGN ACCESS TOKENS

            Aim to avoid using foreign access tokens in your APIs as in the following examples. This can make it difficult to control data added to tokens and token lifetimes:

            • User signs in with Google - then API uses Google access tokens
            • User signs in with Microsoft - then API uses Microsoft access tokens

            It is preferred instead to use 'federated login capabilities' of your Authorization Server, leading to the following cleaner result, and fewer issues:

            • User signs in with Google - then API uses your AS access tokens
            • User signs in with Microsoft - then API uses your AS access tokens

            Source https://stackoverflow.com/questions/67722345

            QUESTION

            How can I get httpretty to stop printing exceptions during testing?
            Asked 2020-Aug-01 at 15:33

            I have a test which simulates a request from a remote server which does not exist:

            ...

            ANSWER

            Answered 2020-Aug-01 at 15:33

            HTTPretty uses a thread to simulate socket timeouts but are not handling exceptions correctly, see issue #334. The latter proposes a method for handling exceptions, but that hasn't been picked up by the maintainers (yet).

            However, the message you see is printed by the default threading.excepthook() implementation. You can set your own hook; a no-op lambda would silence the errors:

            Source https://stackoverflow.com/questions/63206653

            QUESTION

            SOLVED - Installing nextcloud on nginx, getting error 500
            Asked 2020-Apr-27 at 15:05

            I'm following the instructions to install Nextcloud on an nginx server. I copy the configuration from the offical documentation, i set my server name and my ssl certificate path, and when i try to reach nextcloud from my browser i get

            "500 Internal server error".

            When i check in the error.log i get

            rewrite or internal redirection cycle while processing "/index.php"

            This is my configuration file:

            ...

            ANSWER

            Answered 2020-Apr-27 at 15:05

            I solved the issue by re-uploading the configuration file via ftp, pasting it in nano on the ssh shell was a bad idea!

            Source https://stackoverflow.com/questions/61448437

            QUESTION

            Conflicting Seafile and Nextcloud nginx configs
            Asked 2020-Feb-02 at 11:18

            I've searched for this problem, but haven't get solution yet. I have Nextcloud installed on https://example.com/nextcloud. Yesterday I installed Seafile, that works on https://example.com (I simply don't know, how to make it accessible from, for example, https://example.com/seafile) While I was setting it, Nextcloud was switched off by deleting link to corresponding file in sites-enabled directory. Seafile worked. But when I enabled Nextcloud, I got error 403 forbidden trying to access Seafile. I also enabled info level in Nginx and there I got next message:

            ...

            ANSWER

            Answered 2020-Feb-02 at 11:18

            As said Lars Stegelitz, I have to run these services on different ports. I did that and now Nextcloud runs on 445 port, at the same time Seafile on 443. I've added location /nextcloud and there is directive proxy_pass https://192.168.1.134:445; Here are my updated configs. seafile.conf:

            Source https://stackoverflow.com/questions/59234441

            QUESTION

            403 Forbidden on CORS request from local
            Asked 2019-Mar-13 at 14:30

            I am working with Gluu Server and trying to get the OpenID Connect configuration from the /.well-known/openid-configuration endpoint through a CORS/AJAX request (for use with an Angular app). However, when I try to request the endpoint from a locally hosted app/HTML file with XHR requesting the endpoint, I receive a 403 Forbidden error.

            This only seems to happen when the request stems from a local context, i.e. Angular's development server or a local HTML file requesting the endpoint. If I open the same HTML file that performs the AJAX request, hosted on a server, it works.

            The testing HTML file looks like the following

            ...

            ANSWER

            Answered 2019-Mar-13 at 14:30

            Turns out this problem was an amalgamation of two unrelated things.

            First, and this is mostly conjecture, it seems that Chrome blocks requests from a local file (the HTML file) and simply provides output that is, to me, very confusing. I.e. the 403 error might be because Chrome blocks the CORS request somehow. I tried running Chrome with various flags, e.g. --disable-web-security and --allow-file-access-from-files, but this did not change the output from the local HTML file. So, the local file request still fails and I don't really know the exact reason. But, since this was just for testing it is not that relevant, for me, currently.

            Secondly, an erroneous implementation in an interceptor in the Angular project overwrote all headers for requests. After fixing this, the local server was able to request the endpoint.

            It just so happened that the output from the two different issues looked pretty much identical which threw me off.

            Source https://stackoverflow.com/questions/55121944

            QUESTION

            How do I call MitreID OIDC server?
            Asked 2018-Dec-19 at 12:51

            I am using the Spring Boot MitreID OIDC application from here. This runs OK and I can login but there are no other options available to me:

            I am trying to access it using simple-web-app. In simple-web-app I try to login using URI: http://localhost:8080/openid-connect-server-webapp/. This gives:

            ...

            ANSWER

            Answered 2018-Dec-19 at 12:48

            MitreID is serving on root but sample app is calling on /openid-connect-server-webapp/ You'll want to change your sample app to point to the proper issuer....http://localhost:8080/ (maybe in the application.properties of your sample app?) Or your MitreID server is not configured properly (possibly for issuer property)

            See http://localhost:8080/.well-known/openid-configuration for all the endpoints your sample app would hit

            Source https://stackoverflow.com/questions/53851457

            QUESTION

            How can I add a route to the index in my WordPress plugin using generate_rewrite_rules?
            Asked 2018-Oct-10 at 13:20

            I'm trying to add the route /.well-known/webfinger to WordPress in a plugin, e.g. http://exampleblog.com/.well-known/webfinger. I'm using the generate_rewrite_rules, parse_request, and query_vars hooks to load up some code that should run when the URL is matched. Here's what I've got:

            ...

            ANSWER

            Answered 2018-Oct-10 at 13:20

            It turns out the problem was that I was running WordPress via php -S localhost:8080. When I ran a proper Apache webserver locally generate_rewrite_rules worked as it was supposed to.

            Source https://stackoverflow.com/questions/52598675

            QUESTION

            Is the OpenID Connect webfinger endpoint a map of user account to OpenID Connect providers?
            Asked 2017-Nov-05 at 14:33

            In this question the example answer starts with:

            Suppose Carol wishes to authenticate with a web site she visits using OpenID Connect. She would provide the web site with her OpenID Connect identifier, say carol@example.com. The visited web site would perform a WebFinger query looking for the OpenID Connect provider.

            So it sounds like example.com does not yet know which OpenID connect provider can authenticate Carol? It has to use Carol's email address as a lookup key to find out which OpenID Connect providers can authenticate her?

            A lot of sites have Authenticate with Github or Authenticate with Google, but in this case it looks like the sites just figures out the authentication provider based on the email address of the person who wishes to authenticate. So instead of the person selecting the authentication provider, the site asks for the email address, and then figures out which authentication provider the user can use. So the sequence is something like:

            • 1) User enters email address (Or userid)
            • 2) Server looks up authentication providers using the email address / userid
            • 3) Server displays a list of authentication providers that the user can select from

              Did I understand this correctly?

            ...

            ANSWER

            Answered 2017-Nov-05 at 14:33

            OpenID Provider Issuer Discovery is an OPTIONAL discovery service Relying Party knows the OP's Issuer location through an out-of-band mechanism. Or use webfinger which requires the Website to be provided

            • resource = Identifier for the target End-User that is the subject of the discovery request.

            • host = Server where a WebFinger service is hosted.

            • rel = URI identifying the type of service whose location is being requested.

            IMHO, the example from RFC 7033 supplied is misleading. Determining the issuer from and "carol@example.com" is not well implemented by many of the providers. (At least what I could find)

            I tried a few email addresses and could only get on to send a response. (Further the example shows a simple http get and yet the OpenID Connect Discovery requires https)

            I did get "will@willnorris.com" to send a response. (See https://indieweb.org/WebFinger where Will Norris contributes)

            I am also of the using OpenID Connect webfinger discovery which is convenient is also a security concern.

            I was able to do some discovery on an bradfitz@gmail.com based on an entry dated 2010 but is was not as simple as a webfinger query as described in the example.

            Perhaps some others will respond.

            Generally the website must register (a Client ID), this may be performed dynamically, with each the OpenID connect provider they wish to work with.

            Source https://stackoverflow.com/questions/47115005

            QUESTION

            How to use the OpenID Connect WebFinger Endpoint?
            Asked 2017-Nov-04 at 19:17

            Reading the description here it says:

            WebFinger — Enables dynamic discovery of the OpenID Connect provider for a given user, based on their email address or some other information.

            Can someone give an example of how this works (Description is somewhat abstract)?

            ...

            ANSWER

            Answered 2017-Nov-04 at 19:17

            WebFinger is a protocol defined in RFC7033. There is a complete example in section 3.1:

            3.1. Identity Provider Discovery for OpenID Connect

            Suppose Carol wishes to authenticate with a web site she visits using OpenID Connect. She would provide the web site with her OpenID Connect identifier, say carol@example.com. The visited web site would perform a WebFinger query looking for the OpenID Connect provider. Since the site is interested in only one particular link relation, the WebFinger resource might utilize the "rel" parameter as described in Section 4.3:

            Source https://stackoverflow.com/questions/47113980

            QUESTION

            Nginx redirects .well-known endpoints
            Asked 2017-May-18 at 18:37

            I have a web application that runs on WSGI server. The application has OpenID Connect identity provider endpoints, for instance:

            ...

            ANSWER

            Answered 2017-May-18 at 18:37

            The problem is the setting location ~ /\.well-known { allow all; }.

            This should be removed. Additionally, the setting include /etc/nginx/default.d/*.conf; includes a default config file which also has the setting location ~ /\.well-known { allow all; }. This setting should be removed from that file too.

            Source https://stackoverflow.com/questions/43924261

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install webfinger

            You can download it from GitHub.
            Rust is installed and managed by the rustup tool. Rust has a 6-week rapid release process and supports a great number of platforms, so there are many builds of Rust available at any time. Please refer rust-lang.org for more information.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/Plume-org/webfinger.git

          • CLI

            gh repo clone Plume-org/webfinger

          • sshUrl

            git@github.com:Plume-org/webfinger.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular REST Libraries

            public-apis

            by public-apis

            json-server

            by typicode

            iptv

            by iptv-org

            fastapi

            by tiangolo

            beego

            by beego

            Try Top Libraries by Plume-org

            Plume

            by Plume-orgRust

            joinplu.me

            by Plume-orgHTML

            gettext-macros

            by Plume-orgRust

            rocket_i18n

            by Plume-orgRust

            rocket_csrf

            by Plume-orgRust