Herman Slatman
|
8997ce1a1e
|
Disable wire-dpop-01 and wire-oidc-01 by default
|
2024-01-10 20:06:02 +01:00 |
|
Herman Slatman
|
bf8c17e3ec
|
Remove the Wire oidc and dpop from attestation formats
|
2024-01-10 19:12:22 +01:00 |
|
Herman Slatman
|
6a98fea1f3
|
Fix linter issues
|
2024-01-10 18:36:24 +01:00 |
|
Herman Slatman
|
8faf26c593
|
Change KeyAuth back to old behavior (for now)
|
2024-01-10 18:32:18 +01:00 |
|
beltram
|
bf5f1201ea
|
fix: keyauth was not bound to the id token
|
2024-01-10 17:15:54 +01:00 |
|
Herman Slatman
|
e2a2e00526
|
Make template use DeviceId for now
|
2024-01-10 17:15:03 +01:00 |
|
Herman Slatman
|
7a464cdb17
|
Use require to check for errors in Wire integration test
|
2024-01-09 21:52:00 +01:00 |
|
Herman Slatman
|
776a839a42
|
Fix linter issues and improve error handling
|
2024-01-09 21:31:19 +01:00 |
|
Herman Slatman
|
f5a2f436df
|
Fix missing DPoP and OIDC tokens for Wire integration test
|
2024-01-09 18:24:37 +01:00 |
|
Herman Slatman
|
eb9893bd21
|
Refactor logic for processing WireID identifiers in Order
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
|
2024-01-09 18:22:21 +01:00 |
|
Herman Slatman
|
40668ae09e
|
Refactor WireID target processing a bit
|
2024-01-09 16:52:09 +01:00 |
|
Herman Slatman
|
01169b2483
|
Make the Target optional in Challenge object
This is a non-standard property in the ACME challenge response, so
we shouldn't return it if it's not set. Also made it an optional
field in the DB.
|
2024-01-09 16:43:18 +01:00 |
|
Herman Slatman
|
85309bb8ec
|
Fix the integration test
|
2024-01-09 00:33:01 +01:00 |
|
Herman Slatman
|
fdea5e7db3
|
Fix tests for new ACME orders with Wire IDs
|
2024-01-08 23:16:31 +01:00 |
|
Herman Slatman
|
c1a7acc306
|
Make it compile with Go 1.20 again
|
2024-01-08 22:21:27 +01:00 |
|
beltram
|
84e9682476
|
feat: change the separator between user-id & device-id in a client-id. Use '!' instead of ':'
|
2024-01-08 22:12:13 +01:00 |
|
beltram
|
90b5347887
|
feat: try using the new ClientId & Handle format (i.e. plain URIs)
|
2024-01-08 22:11:37 +01:00 |
|
beltram
|
39bf889925
|
feat: remove query parameters from OIDC issuerUrl so that it allows us to use it to carry the OAuth ClientId in the Challenge.target field without at the same time undermining the idToken verification which relies on a issuer (iss) claim without this query parameter
|
2024-01-08 22:10:49 +01:00 |
|
beltram
|
d6ceebba94
|
feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge
|
2024-01-08 22:09:51 +01:00 |
|
beltram
|
6ffd913e28
|
feat: remove custom hardcoded OIDC challenge for Google
|
2024-01-08 22:08:37 +01:00 |
|
beltram
|
2be77385f6
|
fix: same issue as with oidc challenge
|
2024-01-08 22:07:59 +01:00 |
|
beltram
|
ff07fdc0fd
|
fix: oups
|
2024-01-08 22:07:43 +01:00 |
|
beltram
|
13df461e97
|
fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable
|
2024-01-08 22:07:29 +01:00 |
|
beltram
|
83f76433a8
|
b64 encode the kid since apparently it wasn't
|
2024-01-08 22:06:52 +01:00 |
|
beltram
|
8fd0192da3
|
print kid for debugging
|
2024-01-08 22:06:42 +01:00 |
|
beltram
|
4d028f7813
|
client jwk was there the whole time
|
2024-01-08 22:05:58 +01:00 |
|
beltram
|
ed2bce9a3c
|
fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key
|
2024-01-08 22:05:29 +01:00 |
|
beltram
|
5fdf036a4d
|
fix: invalid OID for display name in CSR
|
2024-01-08 22:03:03 +01:00 |
|
beltram
|
9d5c974f44
|
fix: PR review
|
2024-01-08 22:02:48 +01:00 |
|
beltram
|
1b32957ff6
|
fix: verify custom display_name extension is present
|
2024-01-08 22:02:16 +01:00 |
|
Herman Slatman
|
ab9e1ddb28
|
Make MockDB implement acme.DB interface again
|
2024-01-08 22:00:50 +01:00 |
|
beltram
|
7b5740153d
|
support for oidc id token
|
2024-01-08 22:00:29 +01:00 |
|
beltram
|
f5b346ee36
|
i'm tired
|
2024-01-08 21:53:08 +01:00 |
|
beltram
|
03dbd91418
|
fix dpop token json serialization to db
|
2024-01-08 21:52:28 +01:00 |
|
beltram
|
613e6cae6e
|
wip
|
2024-01-08 21:50:49 +01:00 |
|
Herman Slatman
|
0b68e1bbcf
|
Add GetAllOrdersByAccountID to MockDB
|
2024-01-08 21:44:10 +01:00 |
|
beltram
|
8888262e45
|
cheat by allowing also looking up for ready orders
|
2024-01-08 21:43:43 +01:00 |
|
beltram
|
0bc530c98e
|
log more things
|
2024-01-08 21:36:50 +01:00 |
|
beltram
|
2e128056dc
|
have updateOrder also update the update joint table [order by account]
|
2024-01-08 21:35:54 +01:00 |
|
Herman Slatman
|
1a711e1b91
|
Add new Wire DB methods to acme.DB interface
|
2024-01-08 21:34:01 +01:00 |
|
beltram
|
abe86002ee
|
try by storing everything in db
|
2024-01-08 21:33:53 +01:00 |
|
beltram
|
76dfcb00e4
|
try silencing template data for dichotomies
|
2024-01-08 21:23:09 +01:00 |
|
beltram
|
a32bb66e47
|
trying to pass access token to template
|
2024-01-08 21:22:50 +01:00 |
|
beltram
|
ff41a1193d
|
fix deviceId computing in dpop challenge
|
2024-01-08 21:21:01 +01:00 |
|
Stefan Berthold
|
5ceed08ae0
|
Reorganize parsing target
|
2024-01-08 21:19:54 +01:00 |
|
Stefan Berthold
|
83ba0bdc51
|
Replace field access by accessor functions
|
2024-01-08 21:17:57 +01:00 |
|
beltram
|
c4fb19d01f
|
passing expected issuer to rusty-jwt-cli
|
2024-01-08 21:15:30 +01:00 |
|
beltram
|
2b1223a080
|
simpler
|
2024-01-08 21:14:17 +01:00 |
|
beltram
|
036a144e09
|
add oidc target
|
2024-01-08 21:10:46 +01:00 |
|
beltram
|
97002040a5
|
fix: challenge target field was not mapped to db entity
|
2024-01-08 21:09:07 +01:00 |
|