Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

add oidc target

Browse Source
This commit is contained in:
beltram 2023-05-04 14:39:45 +02:00 committed by Herman Slatman
parent 97002040a5
commit 036a144e09
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
acme/api/order.go
View File

@ -275,10 +275,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
continue continue
} }
targetTemplate := prov.GetOptions().GetDPOPOptions().DpopTarget
var target = "" var target = ""
switch az.Identifier.Type { switch az.Identifier.Type {
case acme.WireID: case acme.WireID:
wireId, err := wire.ParseID([]byte(az.Identifier.Value)) wireId, err := wire.ParseID([]byte(az.Identifier.Value))
@ -294,6 +291,16 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
return acme.NewError(acme.ErrorMalformedType, "DeviceId is not hexadecimal") return acme.NewError(acme.ErrorMalformedType, "DeviceId is not hexadecimal")
} }
_ = decoded _ = decoded
var targetTemplate = ""
switch typ {
case acme.WIREOIDC01:
targetTemplate = prov.GetOptions().GetDPOPOptions().OidcTarget
case acme.WIREDPOP01:
targetTemplate = prov.GetOptions().GetDPOPOptions().DpopTarget
default:
}
tmpl, err := template.New("DeviceId").Parse(targetTemplate) tmpl, err := template.New("DeviceId").Parse(targetTemplate)
if err != nil { if err != nil {
return acme.NewError(acme.ErrorMalformedType, "Misconfigured target template configuration") return acme.NewError(acme.ErrorMalformedType, "Misconfigured target template configuration")

4
authority/provisioner/dpop_options.go
View File

@ -6,8 +6,10 @@ type DPOPOptions struct {
ValidationExecPath string `json:"validation-exec-path,omitempty"` ValidationExecPath string `json:"validation-exec-path,omitempty"`
// Backend signing key for DPoP access token // Backend signing key for DPoP access token
SigningKey string `json:"key"` SigningKey string `json:"key"`
// URI template acme client must call to fetch the challenge proof // URI template acme client must call to fetch the DPoP challenge proof (an access token from wire-server)
DpopTarget string `json:"dpop-target"` DpopTarget string `json:"dpop-target"`
// URI template acme client must call to fetch the OIDC challenge proof (an Id token)
OidcTarget string `json:"oidc-target"`
} }
func (o *DPOPOptions) GetValidationExecPath() string { func (o *DPOPOptions) GetValidationExecPath() string {