Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,154 Commits 40 Branches 223 Tags 44 MiB
2c27e865cb
Commit Graph

158 Commits

Author SHA1 Message Date
Herman Slatman
9bb1b24bf1
Change kid and dpop validation 2024-01-12 10:44:49 +01:00
Herman Slatman
79739e5073
Change signature algorithm property name 2024-01-12 09:48:49 +01:00
Herman Slatman
7eacb68361
Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor 2024-01-11 21:29:15 +01:00
Herman Slatman
44721a7d58
Remove debug err print 2024-01-11 21:24:39 +01:00
Herman Slatman
348363abce
Add Wire DPoP proof claims verification 2024-01-11 21:19:24 +01:00
Herman Slatman
1bf807add3
Use base64 encoded signing key format 2024-01-11 17:04:08 +01:00
Herman Slatman
1f5f756fce
Make Wire options more robust 2024-01-11 16:14:53 +01:00
Herman Slatman
6ef64b6ed6
Refactor the Wire option configuration 2024-01-11 15:08:44 +01:00
Herman Slatman
b6fc0005d5
Add verification of maximum expiry time for Wire tokens 2024-01-11 14:24:34 +01:00
Herman Slatman
b964c97750
Add validation of handle and token to Wire verification 2024-01-11 13:47:17 +01:00
Herman Slatman
acad227b25
Put Wire options in lower level wire struct 2024-01-11 13:18:43 +01:00
Herman Slatman
cd9480ab14
Fix test for parseAndVerifyWireAccessToken 2024-01-11 12:45:29 +01:00
Herman Slatman
897688a831
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-11 12:03:52 +01:00
Herman Slatman
70a2f431fa
Address review remarks 2024-01-11 11:06:39 +01:00
Herman Slatman
033aef9f9d
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 2024-01-10 18:57:51 +01:00
Herman Slatman
8faf26c593
Change KeyAuth back to old behavior (for now) 2024-01-10 18:32:18 +01:00
beltram
bf5f1201ea
fix: keyauth was not bound to the id token 2024-01-10 17:15:54 +01:00
Herman Slatman
29fa6621b1
Remove the Wire CLI invocatation 2024-01-10 15:12:28 +01:00
Herman Slatman
776a839a42
Fix linter issues and improve error handling 2024-01-09 21:31:19 +01:00
Herman Slatman
01169b2483
Make the Target optional in Challenge object 
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
 2024-01-09 16:43:18 +01:00
Herman Slatman
c1a7acc306
Make it compile with Go 1.20 again 2024-01-08 22:21:27 +01:00
beltram
90b5347887
feat: try using the new ClientId & Handle format (i.e. plain URIs) 2024-01-08 22:11:37 +01:00
beltram
d6ceebba94
feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge 2024-01-08 22:09:51 +01:00
beltram
6ffd913e28
feat: remove custom hardcoded OIDC challenge for Google 2024-01-08 22:08:37 +01:00
beltram
2be77385f6
fix: same issue as with oidc challenge 2024-01-08 22:07:59 +01:00
beltram
ff07fdc0fd
fix: oups 2024-01-08 22:07:43 +01:00
beltram
13df461e97
fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable 2024-01-08 22:07:29 +01:00
beltram
83f76433a8
b64 encode the kid since apparently it wasn't 2024-01-08 22:06:52 +01:00
beltram
8fd0192da3
print kid for debugging 2024-01-08 22:06:42 +01:00
beltram
4d028f7813
client jwk was there the whole time 2024-01-08 22:05:58 +01:00
beltram
ed2bce9a3c
fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key 2024-01-08 22:05:29 +01:00
beltram
9d5c974f44
fix: PR review 2024-01-08 22:02:48 +01:00
beltram
7b5740153d
support for oidc id token 2024-01-08 22:00:29 +01:00
beltram
f5b346ee36
i'm tired 2024-01-08 21:53:08 +01:00
beltram
613e6cae6e
wip 2024-01-08 21:50:49 +01:00
beltram
abe86002ee
try by storing everything in db 2024-01-08 21:33:53 +01:00
beltram
a32bb66e47
trying to pass access token to template 2024-01-08 21:22:50 +01:00
beltram
ff41a1193d
fix deviceId computing in dpop challenge 2024-01-08 21:21:01 +01:00
Stefan Berthold
83ba0bdc51
Replace field access by accessor functions 2024-01-08 21:17:57 +01:00
beltram
c4fb19d01f
passing expected issuer to rusty-jwt-cli 2024-01-08 21:15:30 +01:00
beltram
d32a3e23f0
wip 2024-01-08 21:08:34 +01:00
beltram
7c9f8020d5
fix: add URI prefix to handle 2024-01-08 21:04:23 +01:00
beltram
680b6ea08f
adapt google demo for wire's special handle format "{firstname}_wire" 2024-01-08 21:03:54 +01:00
beltram
a97991aa83
infer domain from google email address 2024-01-08 21:01:50 +01:00
beltram
49ad2d9967
fix google id token matching in oidc challenge 2024-01-08 21:01:30 +01:00
beltram
a49966f4c9
try using google oidc for demo purpose 2024-01-08 20:59:09 +01:00
beltram
b6ec4422b4
feat: adapt to dex and pass the 'keyauth' in payload instead of in id_token. Also have a different mapping for id_token claims name 2024-01-08 20:54:54 +01:00
beltram
b3dd169190
cleanup my mess 2024-01-08 20:52:32 +01:00
beltram
ca01c74333
avoid manipulating the key PEM format and take a plain PEM key as input 2024-01-08 20:42:52 +01:00
beltram
74ddad69dc
fix: challenge is '.token' and not '.id' 2024-01-08 20:39:27 +01:00