Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use OIDC nonce as the reuse key.

Browse Source
pull/51/head
Mariano Cano 5 years ago
parent 3e234427ed
commit 07cdc1021c
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File

11
authority/authorize.go
Unescape Escape View File

@ -61,8 +61,15 @@ func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error) {
}
// Store the token to protect against reuse.
if p.GetType() == provisioner.TypeJWK && claims.ID != "" {
if _, ok := a.ottMap.LoadOrStore(claims.ID, &idUsed{
var reuseKey string
switch p.GetType() {
case provisioner.TypeJWK:
reuseKey = claims.ID
case provisioner.TypeOIDC:
reuseKey = claims.Nonce
}
if reuseKey != "" {
if _, ok := a.ottMap.LoadOrStore(reuseKey, &idUsed{
UsedAt: time.Now().Unix(),
Subject: claims.Subject,
}); ok {

Write Preview
Loading…
Cancel
Save