Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix google id token matching in oidc challenge

Browse Source
pull/1671/head
beltram 1 year ago committed by Herman Slatman
parent a49966f4c9
commit 49ad2d9967
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

8
acme/challenge.go
Unescape Escape View File

@ -19,6 +19,7 @@ import (
"errors"
"fmt"
"io"
"log"
"net"
"net/url"
"os"
@ -409,8 +410,11 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
}
if claims.Issuer == "https://accounts.google.com" {
var handle = fmt.Sprintf("%s.%s@wire.com", strings.ToLower(claims.GivenName), strings.ToLower(claims.FamilyName))
if challengeValues.Name != claims.Name || challengeValues.Handle != handle {
var handle = fmt.Sprintf("im:wireapp=%s.%s@wire.com", strings.ToLower(claims.GivenName), strings.ToLower(claims.FamilyName))
var displayName = claims.Handle
log.Printf("handle, actual: '%s', expected: '%s'", handle, challengeValues.Handle)
log.Printf("displayName, actual: '%s', expected: '%s'", displayName, challengeValues.Name)
if challengeValues.Name != displayName || challengeValues.Handle != handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
}
} else {

Write Preview
Loading…
Cancel
Save