feat(jans-cedarling): Remove authorization method based on user principals by haileyesus2433 · Pull Request #13538 · JanssenProject/jans (original) (raw)

and others added 30 commits

March 5, 2026 17:54

#13416)

• Removed the authorize method that accepted a Request type from the Cedarling implementation.
• Cleaned up the AuthorizeResult struct by removing unnecessary fields and their associated serialization logic.
• Deleted the trust_mode.rs file as it was no longer needed.
• Updated imports and references across the codebase to reflect these changes.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

…uthz (#13427)

• refactor(authz): simplify authorization configuration by removing unused fields

• Removed use_user_principal and use_workload_principal fields from AuthorizationConfig and related structures.
• Eliminated IdTokenTrustMode and its associated logic from the codebase.
• Updated the BootstrapConfig and EntityBuilderConfig to reflect these changes, ensuring a cleaner and more maintainable code structure.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(authz): remove unused parameters from authorization methods

• Eliminated _workload_uid and _person_uid parameters from the new_for_many_principals function in AuthorizeResult.
• Updated the call to new_for_many_principals in the Authz implementation to reflect these changes, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(authz): clean up authorization entity building code

• Removed the build_entities method from EntityBuilder, which was previously responsible for constructing various authorization entities.
• Updated imports to reflect the removal of unused code, enhancing overall code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(authz): streamline authorization configuration and remove unused fields

• Removed unused fields related to user and workload principals from AuthorizationConfig and EntityBuilderConfig.
• Simplified test configurations by utilizing default settings for authorization and entity building.
• Cleaned up related test files to enhance clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(entity_builder): remove workload configuration from entity builder

• Eliminated the with_workload() method call from EntityBuilderConfig across multiple entity builder files, simplifying the configuration process.
• Updated tests to use default settings, enhancing clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

… UniFFI) (#13440)

• refactor(authz): streamline authorization configuration by removing deprecated fields

• Removed decision_log_user_claims and decision_log_workload_claims from AuthorizationConfig and related structures.
• Updated BootstrapConfig and EntityBuilder to reflect these changes, enhancing code clarity and maintainability.
• Cleaned up associated tests to ensure consistency with the new configuration structure.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(python_bindings): remove deprecated request handling and clean up authorization code

• Eliminated the Request struct and its associated logic from the authorization module, streamlining the codebase.
• Removed the authorize method from the Cedarling implementation that accepted a Request type.
• Cleaned up the AuthorizeResult struct by removing unnecessary fields and their serialization logic.
• Updated imports and references across the codebase to reflect these changes, enhancing clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(python_bindings): remove unused authorization methods and clean up code

• Eliminated the authorize method from the Cedarling class, which accepted a Request type, to streamline the authorization process.
• Removed the IdTokenTrustModeError class from the authorize_errors module, simplifying error handling.
• Updated the Request class definition to remove unused fields, enhancing clarity and maintainability.
• Cleaned up the AuthorizeResult struct by removing unnecessary methods, further refining the codebase.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(python_binding_tests): streamline authorization tests by removing unnecessary assertions

• Removed assertions checking for workload and person being None in the test_authorize_unsigned and test_authorize_unsigned_json_rule_by_uid functions, as they are no longer relevant.
• Updated the test_logger to utilize RequestUnsigned and simplified the logging configuration for better clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(wasm_bindings): transition to unsigned request handling in authorization

• Updated the authorization process to utilize REQUEST_UNSIGNED instead of REQUEST, allowing for principals to be provided as entity data without JWT tokens.
• Removed deprecated fields and methods related to standard authorization, streamlining the codebase.
• Adjusted related tests to reflect the new unsigned request structure, enhancing clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• fix(wasm_bindings): add 'sub' field to principals in example data and tests

• Introduced the 'sub' field in the principals of the REQUEST_UNSIGNED structure to ensure proper identification of users.
• Updated test cases to include the 'sub' field for user principals, enhancing the accuracy of authorization tests.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(go_bindings): remove deprecated authorize method from G2RCall trait

• Eliminated the authorize method from the G2RCall trait to streamline the authorization process.
• Updated the implementation in G2RCallImpl to reflect this change, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(go_bindings): remove deprecated authorization methods and clean up request structures

• Eliminated the Authorize method from the Cedarling class and the associated Request struct to streamline the authorization process.
• Removed unnecessary fields from the AuthorizeResult struct, enhancing clarity and maintainability.
• Updated related tests and configurations to reflect these changes, ensuring consistency across the codebase.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_go): update README to reflect new authorization methods and configuration changes

• Added AuthorizeMultiIssuer() to the features list for multi-issuer authorization support.
• Updated example configuration by removing deprecated fields and clarifying the usage of CEDARLING_ID_TOKEN_TRUST_MODE.
• Revised sections on authorization processes to reflect changes in method names and request structures, enhancing clarity for users.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_uniffi): streamline error handling and clean up serialization logic

• Refactored error handling in the try_from implementation for DataEntry to improve readability and maintainability.
• Simplified serialization error messages for data_type and value fields.
• Removed deprecated fields from the AuthorizeResult struct, enhancing clarity in the authorization response structure.
• Cleaned up the authorize_unsigned method to ensure consistent error handling.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_uniffi): update configuration files and clean up tests

• Removed deprecated fields from bootstrap.json to streamline configuration.
• Added a new principals.json file to define test principals for authorization.
• Cleaned up the test suite by removing unused test cases, enhancing maintainability and clarity.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_uniffi): update action and principals for authorization

• Changed the action in configuration files from Update to UpdateTestPrincipal to reflect new testing requirements.
• Introduced principals.json files for both Android and iOS to define test principals for authorization processes.
• Updated the authorization logic in the Java and Swift implementations to utilize the new principals structure, enhancing the flexibility of authorization handling.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_uniffi): update README to clarify authorization methods and configuration

• Revised the description of the Cedarling initialization process to specify the use of authorizeUnsigned with sample principals.
• Introduced new authorization methods: authorizeUnsigned and authorizeMultiIssuer, detailing their usage and input requirements.
• Removed the deprecated CEDARLING_ID_TOKEN_TRUST_MODE section and updated the configuration example for clarity.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_java): remove deprecated authorization fields and update tests

• Eliminated deprecated fields from bootstrap.json to streamline configuration.
• Refactored the authorize method in CedarlingAdapter to use authorizeUnsigned, enhancing clarity in authorization handling.
• Updated test cases in CedarlingAdapterTest to reflect changes in authorization logic and ensure consistency across tests.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(cedarling_java): remove ID Token Trust Mode section from README

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

#13360)

• feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint

Signed-off-by: imran imranishaq7071@gmail.com

• feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 1

Signed-off-by: imran imranishaq7071@gmail.com

• feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 2

Signed-off-by: imran imranishaq7071@gmail.com

• feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 3

Signed-off-by: imran imranishaq7071@gmail.com

• feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 4

Signed-off-by: imran imranishaq7071@gmail.com

Signed-off-by: imran imranishaq7071@gmail.com Co-authored-by: YuriyM Yuriy.Movchan@gmail.com

…n running monitor script (#13385)

#13414)

• feat(jans-cli-tui): add arguments --auth-url, --config-url, --scim-url

Signed-off-by: Mustafa Baser mbaser@mail.com

• fix(jans-cli-tui): copilot suggestion

Signed-off-by: Mustafa Baser mbaser@mail.com

• fix(jans-cli-tui): coderabbitai suggestions

Signed-off-by: Mustafa Baser mbaser@mail.com

• fix(jans-cli-tui): coderabbitai suggestions

Signed-off-by: Mustafa Baser mbaser@mail.com

• fix(jans-cli-tui): Initialize logging before emitting normalized URL

Signed-off-by: Mustafa Baser mbaser@mail.com

Signed-off-by: Mustafa Baser mbaser@mail.com

…13429)

• feat(jans-auth-server): harden allowed schemes for redirects #13423 Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

• Fixes Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

…ing configuration (#13424)

• feat(policy_store): add SHA-1 checksum support and validation

• Updated load_policy_store_directory and related functions to accept a validate_checksum parameter for manifest validation.
• Enhanced ManifestValidator to support SHA-1 checksums alongside SHA-256.
• Modified error messages to reflect the new checksum format.
• Updated tests to cover SHA-1 checksum computation and validation.

This change improves the integrity verification of policy store files by allowing both SHA-1 and SHA-256 checksums.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• feat(policy_store): add validate_checksum option for policy store configuration

• Introduced validate_checksum field in PolicyStoreConfig to control checksum validation when loading policy stores from directories or archives.
• Updated BootstrapConfig and PolicyStoreConfigRaw to support the new field, with a default value of true.
• Enhanced the decoding logic to utilize the validate_checksum parameter for policy store configurations.

This change improves flexibility in policy store loading by allowing users to disable checksum validation if needed.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• feat(policy_store): enable checksum validation in policy store configurations

• Added validate_checksum option to PolicyStoreConfig in multiple benchmark files to enhance policy store integrity checks.
• Updated relevant configurations in authz_authorize_benchmark.rs, authz_authorize_multi_issuer_benchmark.rs, context_data_store_benchmark.rs, and startup_benchmark.rs.

This change ensures that checksum validation can be consistently applied across different benchmarks, improving the reliability of policy store loading.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• feat(policy_store): enable checksum validation in additional examples

• Added validate_checksum option to PolicyStoreConfig in various example files, including authorize_unsigned.rs, authorize_with_jwt_validation.rs, authorize_without_jwt_validation.rs, bulk_authorization_benchmark.rs, lock_integration.rs, log_init.rs, and profiling.rs.
• This enhancement ensures consistent checksum validation across different examples, improving the integrity checks for policy store configurations.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• feat(policy_store): enable checksum validation in policy store tests

• Updated load_policy_store_archive_bytes calls in test files to include the validate_checksum parameter.
• Modified PolicyStoreConfig in various test configurations to ensure consistent checksum validation across tests.

This change enhances the integrity checks for policy store loading in the test suite.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(tests): Updated the validate_file method call in the tests to use expect for clearer error handling.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(config): format policy_store_validate_checksum field for improved readability and use is_some

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• feat(policy_store): refactor checksum computation into a method

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• fix(jans-cedarling): fix loading default supported algorithms

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): add check if supported algorisms list is not empty

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): set default true for CEDARLING_POLICY_STORE_VALIDATE_CHECKSUM parameter

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): remove word duplication

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): fix clippy issue

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

…ation (#13415)

• feat(cloud-native): add subchart for Gateway API conformant implementation

Signed-off-by: iromli isman.firmansyah@gmail.com

• fix: resolve incorrect route labels and annotations

Signed-off-by: iromli isman.firmansyah@gmail.com

• fix: grpc endpoints support for airlock-microgateway

Signed-off-by: iromli isman.firmansyah@gmail.com

• refactor: explicit h2c protocol

Signed-off-by: iromli isman.firmansyah@gmail.com

• docs: change WARNING message about legacy gatewayApi values

Signed-off-by: iromli isman.firmansyah@gmail.com

• refactor: use gateway-api instead of gatewayApi

Signed-off-by: iromli isman.firmansyah@gmail.com

• docs(cloud-native): conform to changes in gateway-api configuration

Signed-off-by: iromli isman.firmansyah@gmail.com

• ci(cloud-native): change reference of Gateway API configuration

Signed-off-by: iromli isman.firmansyah@gmail.com

• ci: attach global.lbIp to the gateway if using NodePort service

Signed-off-by: iromli isman.firmansyah@gmail.com

• fix: guard the optional legacy flag lookup

Signed-off-by: iromli isman.firmansyah@gmail.com

• chore: fix minimum requirement for gateway-api subchart

Signed-off-by: iromli isman.firmansyah@gmail.com

• docs: update subchart docs

Signed-off-by: iromli isman.firmansyah@gmail.com

• docs: add migration for attribute changes

Signed-off-by: iromli isman.firmansyah@gmail.com

• docs: fix link to subchart source code

Signed-off-by: iromli isman.firmansyah@gmail.com

Signed-off-by: iromli isman.firmansyah@gmail.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

)

• fix(jans-auth-server): harden jwe nested jwt verification #13437

Signed-off-by: YuriyZ yzabrovarniy@gmail.com Signed-off-by: yuriyz yzabrovarniy@gmail.com

• fixes Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

• minor Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

Signed-off-by: YuriyZ yzabrovarniy@gmail.com Signed-off-by: yuriyz yzabrovarniy@gmail.com

…13439)

• fix(jans-cli-tui): catch exceptions while getting smtp configuration

Signed-off-by: Mustafa Baser mbaser@mail.com

• fix(jans-cli-tui): coderabbitai suggestions

Signed-off-by: Mustafa Baser mbaser@mail.com

• fix(jans-cli-tui): typo

Signed-off-by: Mustafa Baser mbaser@mail.com

Signed-off-by: Mustafa Baser mbaser@mail.com Co-authored-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

…#13446)

• feat(jans-auth-server): support X-Forwarded-Client-Cert header #13444 Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

• added explicit test scope for mockito Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

• improved docs Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

• fixed bug if xfcc cert has blank value Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

• improved docs Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

…from 3.5.4 to 3.5.5 in /agama (#13328)

chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin

Bumps org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5.

• Release notes
• Commits

updated-dependencies:

• dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:development update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

• chore(cloud-native): upgrade cryptography library in OCI images

Signed-off-by: iromli isman.firmansyah@gmail.com

• chore: target specific JANS_SOURCE_VERSION that introduces cryptography upgrade

Signed-off-by: iromli isman.firmansyah@gmail.com

• fix: disable unsupported command until we have proper SAML component

Signed-off-by: iromli isman.firmansyah@gmail.com

• fix: avoid silent success path of calling kc-sync command

Signed-off-by: iromli isman.firmansyah@gmail.com

Signed-off-by: iromli isman.firmansyah@gmail.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

• fix: compilation error #13447

Signed-off-by: jgomer2001 bonustrack310@gmail.com

• chore: oidc code flow refactoring #13447

Signed-off-by: jgomer2001 bonustrack310@gmail.com

• fix: compilation error #13447

Signed-off-by: jgomer2001 bonustrack310@gmail.com

Signed-off-by: jgomer2001 bonustrack310@gmail.com

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

…re Changes (#13464)

• refactor(tests): remove deprecated test files and streamline test configurations

• Deleted several obsolete test files including authorize_resource_entity.rs, cases_authorize_different_principals.rs, cases_authorize_namespace_jans2.rs, cases_authorize_without_check_jwt.rs, and schema_type_mapping.rs to clean up the test suite.
• Updated authorize_multi_issuer.rs to remove unnecessary parameters in callback functions.
• Adjusted mod.rs to reflect the removal of deleted test modules, enhancing clarity and maintainability of the test structure.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(benches): streamline authorization benchmarks and remove deprecated fields

• Updated authz_authorize_benchmark.rs to utilize RequestUnsigned and renamed the benchmark function for clarity.
• Simplified prepare_cedarling function by removing unused parameters and deprecated fields in AuthorizationConfig.
• Adjusted authz_authorize_multi_issuer_benchmark.rs and context_data_store_benchmark.rs to remove unnecessary fields related to user and workload principals.
• Cleaned up startup_benchmark.rs by eliminating deprecated fields from BootstrapConfig and EntityBuilderConfig.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(examples): streamline authorization configurations and remove deprecated files

• Updated authorize_unsigned.rs, bulk_authorization_benchmark.rs, lock_integration.rs, log_init.rs, and profiling.rs to utilize default settings for AuthorizationConfig and EntityBuilderConfig, removing unnecessary fields.
• Deleted obsolete files authorize_with_jwt_validation.rs and authorize_without_jwt_validation.rs to clean up the examples directory.
• Adjusted imports and function calls to reflect the removal of deprecated fields, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(authz): remove built_entities method and related documentation

• Eliminated the built_entities method from the AuthorizeEntitiesData implementation, streamlining the authorization logic.
• Removed associated documentation comments to enhance code clarity and maintainability.
• Adjusted imports to reflect the removal of the unused method.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(entity_builder): remove deprecated entity building files and streamline imports

• Deleted obsolete files related to role and token entity building, including build_role_entity.rs and build_token_entities.rs, to clean up the entity builder module.
• Refactored imports in build_multi_issuer_entity.rs and build_principal_entity.rs to remove unused dependencies and enhance code clarity.
• Removed legacy user and workload entity building logic from build_principal_entity.rs, aligning with the current authorization paths.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(jwt): simplify token handling and remove deprecated methods

• Removed unused fields and methods from the JwtService and Token structures, including signed_authz_available and jwt_sig_validation_required.
• Streamlined the validate_tokens method by eliminating unnecessary logic and comments, focusing on single token validation.
• Updated imports to reflect the removal of deprecated items, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(config): remove deprecated authorization fields from configuration files and examples

• Eliminated CEDARLING_USER_AUTHZ, CEDARLING_WORKLOAD_AUTHZ, and CEDARLING_ID_TOKEN_TRUST_MODE from various configuration files including JSON and YAML examples.
• Streamlined the bootstrap_props and docker-compose-env configurations to enhance clarity and maintainability.
• Updated test configurations to reflect the removal of deprecated fields, ensuring consistency across the codebase.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(tests): remove obsolete policy store files and update configurations

• Deleted multiple deprecated policy store files including agama-store_2.yaml, policy-store_entity_mapping.yaml, and others to clean up the test suite.
• Updated bootstrap_props.json and bootstrap_props.yaml to reference the new policy store file policy-store_ok.yaml.
• Removed unused files related to local JWKS and policy store locks, enhancing clarity and maintainability of the test configurations.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• chore(jans-cedarling): remove claim mappings

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): remove role mapping

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): remove user_id

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): remove get_token_metadata

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): add fix build app after merging

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• chore(jans-cedarling): clean up unused imports and redundant code and fix failing tests

• Removed unused imports from lib.rs and mod.rs.
• Eliminated unnecessary continue statements in build_entity_attrs.rs.
• Cleaned up commented-out test code in mod.rs.
• Streamlined imports in token.rs for clarity.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• feat(jans-cedarling): add multi-issuer profiling example

• Introduced a new example file profiling_multi_issuer.rs to demonstrate profiling for multi-issuer JWT validation.
• Implemented a main function that initializes Cedarling with multiple issuers, validates authorization requests, and generates a flamegraph for performance analysis.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• refactor(docs): rename authorization methods for clarity

• Updated method names in the Cedarling Rust documentation to improve clarity:
  • Renamed authorize() to authorize_unsigned() for unsigned authorization with directly provided principals.
  • Renamed authorize_unsigned() to authorize_multi_issuer() for token-based authorization using multi-issuer tokens.
• Adjusted corresponding examples in the mobile apps documentation to reflect these changes.
• Removed deprecated configuration fields from the sidecar tutorial to streamline setup instructions.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): update README to reflect changes in authorization interfaces

• Revised the Cedarling documentation to clarify the number of core interfaces, reducing from six to five.
• Enhanced descriptions for authorize_unsigned and authorize_multi_issuer methods to improve understanding of their functionality and use cases.
• Removed redundant explanations and streamlined the text for better readability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): remove deprecated configuration fields from KrakenD integration guide

• Eliminated CEDARLING_WORKLOAD_AUTHZ and CEDARLING_ID_TOKEN_TRUST_MODE from the KrakenD integration documentation to reflect recent changes in authorization configurations.
• Updated the instructions for clarity and to ensure alignment with the current setup requirements.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): update authorization documentation to reflect multi-issuer changes

• Removed references to deprecated configuration fields CEDARLING_USER_AUTHZ and CEDARLING_WORKLOAD_AUTHZ from the quick start and reference guides.
• Enhanced the cedarling-authz.md and cedarling-entities.md documentation to clarify the creation of User and Workload entities in the context of the new authorize_multi_issuer method.
• Updated examples and descriptions to align with the latest authorization methods and their usage.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): update authorization tutorials

• Removed deprecated configuration fields and streamlined examples to enhance clarity and usability.
• Updated context and request building sections to align with the latest authorization practices.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): remove deprecated configuration fields from sample inputs

• Eliminated CEDARLING_ID_TOKEN_TRUST_MODE, CEDARLING_USER_AUTHZ, and CEDARLING_WORKLOAD_AUTHZ from the sample inputs documentation to reflect recent changes in authorization configurations.
• Streamlined the documentation for improved clarity and alignment with current practices.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): update README files to reflect changes in authorization methods

• Revised the README documentation across multiple components to clarify the usage of authorize_unsigned and remove references to deprecated fields such as CEDARLING_ID_TOKEN_TRUST_MODE.
• Enhanced examples and descriptions for better alignment with current authorization practices, including updates to the Python and WASM bindings.
• Added new bootstrap config fixtures for testing purposes to support the updated authorization methods.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• refactor(policies): Removed legacy User and Workload policies from policy-store_no_trusted_issuers.yaml and policy-store_ok_2.yaml to focus on TestPrincipal entities.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• docs(cedarling): update authorization documentation and examples

• Revised the Cedarling Rust and Go documentation to reflect the new authorize_multi_issuer method, replacing references to the deprecated authorize method.
• Updated examples in the Go and Python tutorials to demonstrate the new multi-issuer token handling and clarified the differences between authorization methods.
• Removed outdated sections and streamlined content for better clarity and alignment with current practices.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

• chore(jans-cedarling): remove unused params from test files

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• docs(cedarling): update authorization method references and examples

• Revised documentation across Rust, JavaScript, Python, and Java tutorials to replace deprecated authorize method references with authorize_unsigned and authorize_multi_issuer.
• Added a new example for multi-issuer profiling in the Rust documentation.
• Clarified the retrieval of request_id in the logging documentation to include both authorize_unsigned and authorize_multi_issuer methods.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

…13539)

• refactor(jans-cedarling): update build_entity_attrs_with_shape to return error

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• fix(jans-cedarling): fix errors surfaced by build_entity_attrs_with_shape returning Result

• Skip type mismatch errors for optional attributes instead of failing
• Pass all claims (incl. synthetic token_type/validated_at) to build_entity_attrs instead of filtering reserved claims and re-adding them
• Fix test schemas: use Url record type for TrustedIssuer.issuer_entity_id
• Check for default resource entity before attribute validation
• Update can_build_entity_with_optional_attr test to provide required attrs

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

• refactor(jans-cedarling): cosmetic code changes

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

…n cargo fmt --all

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

[](/apps/coderabbitai)

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})