smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00

Author	SHA1	Message	Date
Herman Slatman	033aef9f9d	Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli	2024-01-10 18:57:51 +01:00
Herman Slatman	8faf26c593	Change `KeyAuth` back to old behavior (for now)	2024-01-10 18:32:18 +01:00
beltram	bf5f1201ea	fix: keyauth was not bound to the id token	2024-01-10 17:15:54 +01:00
Herman Slatman	29fa6621b1	Remove the Wire CLI invocatation	2024-01-10 15:12:28 +01:00
Herman Slatman	776a839a42	Fix linter issues and improve error handling	2024-01-09 21:31:19 +01:00
Herman Slatman	01169b2483	Make the `Target` optional in `Challenge` object This is a non-standard property in the ACME challenge response, so we shouldn't return it if it's not set. Also made it an optional field in the DB.	2024-01-09 16:43:18 +01:00
Herman Slatman	c1a7acc306	Make it compile with Go 1.20 again	2024-01-08 22:21:27 +01:00
beltram	90b5347887	feat: try using the new ClientId & Handle format (i.e. plain URIs)	2024-01-08 22:11:37 +01:00
beltram	d6ceebba94	feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge	2024-01-08 22:09:51 +01:00
beltram	6ffd913e28	feat: remove custom hardcoded OIDC challenge for Google	2024-01-08 22:08:37 +01:00
beltram	2be77385f6	fix: same issue as with oidc challenge	2024-01-08 22:07:59 +01:00
beltram	ff07fdc0fd	fix: oups	2024-01-08 22:07:43 +01:00
beltram	13df461e97	fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable	2024-01-08 22:07:29 +01:00
beltram	83f76433a8	b64 encode the kid since apparently it wasn't	2024-01-08 22:06:52 +01:00
beltram	8fd0192da3	print kid for debugging	2024-01-08 22:06:42 +01:00
beltram	4d028f7813	client jwk was there the whole time	2024-01-08 22:05:58 +01:00
beltram	ed2bce9a3c	fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key	2024-01-08 22:05:29 +01:00
beltram	9d5c974f44	fix: PR review	2024-01-08 22:02:48 +01:00
beltram	7b5740153d	support for oidc id token	2024-01-08 22:00:29 +01:00
beltram	f5b346ee36	i'm tired	2024-01-08 21:53:08 +01:00
beltram	613e6cae6e	wip	2024-01-08 21:50:49 +01:00
beltram	abe86002ee	try by storing everything in db	2024-01-08 21:33:53 +01:00
beltram	a32bb66e47	trying to pass access token to template	2024-01-08 21:22:50 +01:00
beltram	ff41a1193d	fix deviceId computing in dpop challenge	2024-01-08 21:21:01 +01:00
Stefan Berthold	83ba0bdc51	Replace field access by accessor functions	2024-01-08 21:17:57 +01:00
beltram	c4fb19d01f	passing expected issuer to rusty-jwt-cli	2024-01-08 21:15:30 +01:00
beltram	d32a3e23f0	wip	2024-01-08 21:08:34 +01:00
beltram	7c9f8020d5	fix: add URI prefix to handle	2024-01-08 21:04:23 +01:00
beltram	680b6ea08f	adapt google demo for wire's special handle format "{firstname}_wire"	2024-01-08 21:03:54 +01:00
beltram	a97991aa83	infer domain from google email address	2024-01-08 21:01:50 +01:00
beltram	49ad2d9967	fix google id token matching in oidc challenge	2024-01-08 21:01:30 +01:00
beltram	a49966f4c9	try using google oidc for demo purpose	2024-01-08 20:59:09 +01:00
beltram	b6ec4422b4	feat: adapt to dex and pass the 'keyauth' in payload instead of in id_token. Also have a different mapping for id_token claims name	2024-01-08 20:54:54 +01:00
beltram	b3dd169190	cleanup my mess	2024-01-08 20:52:32 +01:00
beltram	ca01c74333	avoid manipulating the key PEM format and take a plain PEM key as input	2024-01-08 20:42:52 +01:00
beltram	74ddad69dc	fix: challenge is '.token' and not '.id'	2024-01-08 20:39:27 +01:00
beltram	83f6be1f58	print oidc options	2024-01-08 20:38:26 +01:00
beltram	1fe61bee7b	better observability	2024-01-08 20:36:37 +01:00
Stefan Berthold	e6dd211637	acquire DPoP signing key from provisioner	2024-01-08 20:34:58 +01:00
beltram	227e932624	use json struct for challenge request payload otherwise it's a hell to craft from client side	2024-01-08 20:33:46 +01:00
Stefan Berthold	5ca744567c	simplify OIDC verification	2024-01-08 20:32:44 +01:00
Stefan Berthold	da1e64aa53	update wire challenges' status on happy end	2024-01-08 20:28:37 +01:00
Stefan Berthold	8e0e35532c	Add Wire authz and challenges (OIDC+DPOP)	2024-01-08 20:27:16 +01:00
Herman Slatman	e52836f0ab	Add `RS1` support for ACME `device-attest-01`	2024-01-07 21:25:36 +01:00
Herman Slatman	f2993c4c3b	Use the legacy `tpm2` package import	2023-09-19 12:11:46 +02:00
Herman Slatman	c952e9fc9d	Use `NewDetailedError` instead	2023-08-04 11:24:22 +02:00
Herman Slatman	f3c24fe875	Change how multiple identifiers are printed in errors	2023-08-03 14:45:00 +02:00
Herman Slatman	9a52675865	Return descriptive error when using unsupported format	2023-07-31 12:29:07 +02:00
Herman Slatman	0d3338ff3a	Return consistent ACME error types for specific cases	2023-07-31 12:11:50 +02:00
Herman Slatman	df22b8a303	Cleanup some leftover TODOs	2023-07-31 11:59:26 +02:00

1 2 3

144 Commits