Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: remove custom hardcoded OIDC challenge for Google

Browse Source
This commit is contained in:
beltram 2023-11-20 11:33:08 +01:00 committed by Herman Slatman
parent 2be77385f6
commit 6ffd913e28
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
1 changed files with 2 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
acme/challenge.go
View File

@ -411,17 +411,8 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
"keyAuthorization does not match; expected %s, but got %s", expectedKeyAuth, wireChallengePayload.KeyAuth))
}
if claims.Issuer == "https://accounts.google.com" {
// for internal demo purpose only
var handle = fmt.Sprintf("im:wireapp=%s_wire", strings.ToLower(claims.GivenName))
var displayName = claims.Handle
if challengeValues.Name != displayName || challengeValues.Handle != handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
}
} else {
if challengeValues.Name != claims.Name || challengeValues.Handle != claims.Handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
}
if challengeValues.Name != claims.Name || challengeValues.Handle != claims.Handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
}
// Update and store the challenge.