From 036a144e09fbed34165128716d00cf2f6e2ddfaa Mon Sep 17 00:00:00 2001 From: beltram Date: Thu, 4 May 2023 14:39:45 +0200 Subject: [PATCH] add oidc target --- acme/api/order.go | 13 ++++++++++--- authority/provisioner/dpop_options.go | 4 +++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/acme/api/order.go b/acme/api/order.go index 4f45f7b2..5b7acd63 100644 --- a/acme/api/order.go +++ b/acme/api/order.go @@ -275,10 +275,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error { continue } - targetTemplate := prov.GetOptions().GetDPOPOptions().DpopTarget - var target = "" - switch az.Identifier.Type { case acme.WireID: wireId, err := wire.ParseID([]byte(az.Identifier.Value)) @@ -294,6 +291,16 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error { return acme.NewError(acme.ErrorMalformedType, "DeviceId is not hexadecimal") } _ = decoded + + var targetTemplate = "" + switch typ { + case acme.WIREOIDC01: + targetTemplate = prov.GetOptions().GetDPOPOptions().OidcTarget + case acme.WIREDPOP01: + targetTemplate = prov.GetOptions().GetDPOPOptions().DpopTarget + default: + } + tmpl, err := template.New("DeviceId").Parse(targetTemplate) if err != nil { return acme.NewError(acme.ErrorMalformedType, "Misconfigured target template configuration") diff --git a/authority/provisioner/dpop_options.go b/authority/provisioner/dpop_options.go index ccfca156..9c5fc1f1 100644 --- a/authority/provisioner/dpop_options.go +++ b/authority/provisioner/dpop_options.go @@ -6,8 +6,10 @@ type DPOPOptions struct { ValidationExecPath string `json:"validation-exec-path,omitempty"` // Backend signing key for DPoP access token SigningKey string `json:"key"` - // URI template acme client must call to fetch the challenge proof + // URI template acme client must call to fetch the DPoP challenge proof (an access token from wire-server) DpopTarget string `json:"dpop-target"` + // URI template acme client must call to fetch the OIDC challenge proof (an Id token) + OidcTarget string `json:"oidc-target"` } func (o *DPOPOptions) GetValidationExecPath() string {