Commit Graph

4129 Commits

Author SHA1 Message Date
Herman Slatman
8997ce1a1e
Disable wire-dpop-01 and wire-oidc-01 by default 2024-01-10 20:06:02 +01:00
Herman Slatman
bf8c17e3ec
Remove the Wire oidc and dpop from attestation formats 2024-01-10 19:12:22 +01:00
Herman Slatman
6a98fea1f3
Fix linter issues 2024-01-10 18:36:24 +01:00
Herman Slatman
8faf26c593
Change KeyAuth back to old behavior (for now) 2024-01-10 18:32:18 +01:00
beltram
bf5f1201ea
fix: keyauth was not bound to the id token 2024-01-10 17:15:54 +01:00
Herman Slatman
e2a2e00526
Make template use DeviceId for now 2024-01-10 17:15:03 +01:00
Herman Slatman
7a464cdb17
Use require to check for errors in Wire integration test 2024-01-09 21:52:00 +01:00
Herman Slatman
776a839a42
Fix linter issues and improve error handling 2024-01-09 21:31:19 +01:00
Herman Slatman
f5a2f436df
Fix missing DPoP and OIDC tokens for Wire integration test 2024-01-09 18:24:37 +01:00
Herman Slatman
eb9893bd21
Refactor logic for processing WireID identifiers in Order
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
2024-01-09 18:22:21 +01:00
Herman Slatman
40668ae09e
Refactor WireID target processing a bit 2024-01-09 16:52:09 +01:00
Herman Slatman
01169b2483
Make the Target optional in Challenge object
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
2024-01-09 16:43:18 +01:00
Herman Slatman
85309bb8ec
Fix the integration test 2024-01-09 00:33:01 +01:00
Herman Slatman
fdea5e7db3
Fix tests for new ACME orders with Wire IDs 2024-01-08 23:16:31 +01:00
Herman Slatman
c1a7acc306
Make it compile with Go 1.20 again 2024-01-08 22:21:27 +01:00
beltram
84e9682476
feat: change the separator between user-id & device-id in a client-id. Use '!' instead of ':' 2024-01-08 22:12:13 +01:00
beltram
90b5347887
feat: try using the new ClientId & Handle format (i.e. plain URIs) 2024-01-08 22:11:37 +01:00
beltram
39bf889925
feat: remove query parameters from OIDC issuerUrl so that it allows us to use it to carry the OAuth ClientId in the Challenge.target field without at the same time undermining the idToken verification which relies on a issuer (iss) claim without this query parameter 2024-01-08 22:10:49 +01:00
beltram
d6ceebba94
feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge 2024-01-08 22:09:51 +01:00
beltram
6ffd913e28
feat: remove custom hardcoded OIDC challenge for Google 2024-01-08 22:08:37 +01:00
beltram
2be77385f6
fix: same issue as with oidc challenge 2024-01-08 22:07:59 +01:00
beltram
ff07fdc0fd
fix: oups 2024-01-08 22:07:43 +01:00
beltram
13df461e97
fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable 2024-01-08 22:07:29 +01:00
beltram
83f76433a8
b64 encode the kid since apparently it wasn't 2024-01-08 22:06:52 +01:00
beltram
8fd0192da3
print kid for debugging 2024-01-08 22:06:42 +01:00
beltram
4d028f7813
client jwk was there the whole time 2024-01-08 22:05:58 +01:00
beltram
ed2bce9a3c
fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key 2024-01-08 22:05:29 +01:00
beltram
5fdf036a4d
fix: invalid OID for display name in CSR 2024-01-08 22:03:03 +01:00
beltram
9d5c974f44
fix: PR review 2024-01-08 22:02:48 +01:00
beltram
1b32957ff6
fix: verify custom display_name extension is present 2024-01-08 22:02:16 +01:00
Herman Slatman
ab9e1ddb28
Make MockDB implement acme.DB interface again 2024-01-08 22:00:50 +01:00
beltram
7b5740153d
support for oidc id token 2024-01-08 22:00:29 +01:00
beltram
f5b346ee36
i'm tired 2024-01-08 21:53:08 +01:00
beltram
03dbd91418
fix dpop token json serialization to db 2024-01-08 21:52:28 +01:00
beltram
613e6cae6e
wip 2024-01-08 21:50:49 +01:00
Herman Slatman
0b68e1bbcf
Add GetAllOrdersByAccountID to MockDB 2024-01-08 21:44:10 +01:00
beltram
8888262e45
cheat by allowing also looking up for ready orders 2024-01-08 21:43:43 +01:00
beltram
0bc530c98e
log more things 2024-01-08 21:36:50 +01:00
beltram
2e128056dc
have updateOrder also update the update joint table [order by account] 2024-01-08 21:35:54 +01:00
Herman Slatman
1a711e1b91
Add new Wire DB methods to acme.DB interface 2024-01-08 21:34:01 +01:00
beltram
abe86002ee
try by storing everything in db 2024-01-08 21:33:53 +01:00
beltram
76dfcb00e4
try silencing template data for dichotomies 2024-01-08 21:23:09 +01:00
beltram
a32bb66e47
trying to pass access token to template 2024-01-08 21:22:50 +01:00
beltram
ff41a1193d
fix deviceId computing in dpop challenge 2024-01-08 21:21:01 +01:00
Stefan Berthold
5ceed08ae0
Reorganize parsing target 2024-01-08 21:19:54 +01:00
Stefan Berthold
83ba0bdc51
Replace field access by accessor functions 2024-01-08 21:17:57 +01:00
beltram
c4fb19d01f
passing expected issuer to rusty-jwt-cli 2024-01-08 21:15:30 +01:00
beltram
2b1223a080
simpler 2024-01-08 21:14:17 +01:00
beltram
036a144e09
add oidc target 2024-01-08 21:10:46 +01:00
beltram
97002040a5
fix: challenge target field was not mapped to db entity 2024-01-08 21:09:07 +01:00