Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,112 Commits 40 Branches 223 Tags 44 MiB
39bf889925
Commit Graph

4112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
beltram
39bf889925
feat: remove query parameters from OIDC issuerUrl so that it allows us to use it to carry the OAuth ClientId in the Challenge.target field without at the same time undermining the idToken verification which relies on a issuer (iss) claim without this query parameter 2024-01-08 22:10:49 +01:00
beltram
d6ceebba94
feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge 2024-01-08 22:09:51 +01:00
beltram
6ffd913e28
feat: remove custom hardcoded OIDC challenge for Google 2024-01-08 22:08:37 +01:00
beltram
2be77385f6
fix: same issue as with oidc challenge 2024-01-08 22:07:59 +01:00
beltram
ff07fdc0fd
fix: oups 2024-01-08 22:07:43 +01:00
beltram
13df461e97
fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable 2024-01-08 22:07:29 +01:00
beltram
83f76433a8
b64 encode the kid since apparently it wasn't 2024-01-08 22:06:52 +01:00
beltram
8fd0192da3
print kid for debugging 2024-01-08 22:06:42 +01:00
beltram
4d028f7813
client jwk was there the whole time 2024-01-08 22:05:58 +01:00
beltram
ed2bce9a3c
fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key 2024-01-08 22:05:29 +01:00
beltram
5fdf036a4d
fix: invalid OID for display name in CSR 2024-01-08 22:03:03 +01:00
beltram
9d5c974f44
fix: PR review 2024-01-08 22:02:48 +01:00
beltram
1b32957ff6
fix: verify custom display_name extension is present 2024-01-08 22:02:16 +01:00
Herman Slatman
ab9e1ddb28
Make MockDB implement acme.DB interface again 2024-01-08 22:00:50 +01:00
beltram
7b5740153d
support for oidc id token 2024-01-08 22:00:29 +01:00
beltram
f5b346ee36
i'm tired 2024-01-08 21:53:08 +01:00
beltram
03dbd91418
fix dpop token json serialization to db 2024-01-08 21:52:28 +01:00
beltram
613e6cae6e
wip 2024-01-08 21:50:49 +01:00
Herman Slatman
0b68e1bbcf
Add GetAllOrdersByAccountID to MockDB 2024-01-08 21:44:10 +01:00
beltram
8888262e45
cheat by allowing also looking up for ready orders 2024-01-08 21:43:43 +01:00
beltram
0bc530c98e
log more things 2024-01-08 21:36:50 +01:00
beltram
2e128056dc
have updateOrder also update the update joint table [order by account] 2024-01-08 21:35:54 +01:00
Herman Slatman
1a711e1b91
Add new Wire DB methods to acme.DB interface 2024-01-08 21:34:01 +01:00
beltram
abe86002ee
try by storing everything in db 2024-01-08 21:33:53 +01:00
beltram
76dfcb00e4
try silencing template data for dichotomies 2024-01-08 21:23:09 +01:00
beltram
a32bb66e47
trying to pass access token to template 2024-01-08 21:22:50 +01:00
beltram
ff41a1193d
fix deviceId computing in dpop challenge 2024-01-08 21:21:01 +01:00
Stefan Berthold
5ceed08ae0
Reorganize parsing target 2024-01-08 21:19:54 +01:00
Stefan Berthold
83ba0bdc51
Replace field access by accessor functions 2024-01-08 21:17:57 +01:00
beltram
c4fb19d01f
passing expected issuer to rusty-jwt-cli 2024-01-08 21:15:30 +01:00
beltram
2b1223a080
simpler 2024-01-08 21:14:17 +01:00
beltram
036a144e09
add oidc target 2024-01-08 21:10:46 +01:00
beltram
97002040a5
fix: challenge target field was not mapped to db entity 2024-01-08 21:09:07 +01:00
beltram
d32a3e23f0
wip 2024-01-08 21:08:34 +01:00
beltram
b58de27675
fix: do not convert URIs to lowercase for comparison purpose 2024-01-08 21:05:41 +01:00
beltram
7c9f8020d5
fix: add URI prefix to handle 2024-01-08 21:04:23 +01:00
beltram
680b6ea08f
adapt google demo for wire's special handle format "{firstname}_wire" 2024-01-08 21:03:54 +01:00
beltram
a97991aa83
infer domain from google email address 2024-01-08 21:01:50 +01:00
beltram
49ad2d9967
fix google id token matching in oidc challenge 2024-01-08 21:01:30 +01:00
beltram
a49966f4c9
try using google oidc for demo purpose 2024-01-08 20:59:09 +01:00
beltram
3576cc30c8
forward displayName in CSR with custom OID 2024-01-08 20:58:32 +01:00
beltram
4172b69816
remove displayName validation, potentially harmful 2024-01-08 20:57:35 +01:00
beltram
79501df5a2
fix: exclude displayName from SAN DNS 2024-01-08 20:56:39 +01:00
beltram
3f474f77d4
feat: change from impp prefix to just im 2024-01-08 20:55:32 +01:00
beltram
b6ec4422b4
feat: adapt to dex and pass the 'keyauth' in payload instead of in id_token. Also have a different mapping for id_token claims name 2024-01-08 20:54:54 +01:00
Stefan Berthold
af31a167c6
skip empty entries for uniqueSortedLowerNames 2024-01-08 20:54:17 +01:00
beltram
01ef526d08
change uri prefix to impp:wireapp= 2024-01-08 20:53:10 +01:00
beltram
cc5fd0a6a5
fix san validation 2024-01-08 20:52:52 +01:00
beltram
b3dd169190
cleanup my mess 2024-01-08 20:52:32 +01:00
beltram
3eb0ff43c0
fix orderNames size 2024-01-08 20:47:51 +01:00