Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

try using google oidc for demo purpose

Browse Source
This commit is contained in:
beltram 2023-03-28 18:32:39 +02:00 committed by Herman Slatman
parent 3576cc30c8
commit a49966f4c9
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
acme/challenge.go
View File

@ -382,8 +382,11 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
}
var claims struct {
Name string `json:"preferred_username"`
Handle string `json:"name"`
Name string `json:"preferred_username,omitempty"`
Handle string `json:"name"`
Issuer string `json:"iss,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
}
err = idToken.Claims(&claims)
if err != nil {
@ -405,8 +408,15 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
"keyAuthorization does not match; expected %s, but got %s", expectedKeyAuth, wireChallengePayload.KeyAuth))
}
if challengeValues.Name != claims.Name || challengeValues.Handle != claims.Handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
if claims.Issuer == "https://accounts.google.com" {
var handle = fmt.Sprintf("%s.%s@wire.com", strings.ToLower(claims.GivenName), strings.ToLower(claims.FamilyName))
if challengeValues.Name != claims.Name || challengeValues.Handle != handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
}
} else {
if challengeValues.Name != claims.Name || challengeValues.Handle != claims.Handle {
return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
}
}
// Update and store the challenge.