smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-11-19 09:25:37 +00:00

Author	SHA1	Message	Date
Herman Slatman	b9254744a2	Fix validations for DPoP client ID, nonce and issuer	2024-01-17 11:33:50 +01:00
Herman Slatman	0a7fe6ebe9	Comment DPoP token checks that fail e2e test (currently)	2024-01-17 00:47:34 +01:00
Herman Slatman	0f0f060149	Improve access and dpop token validation	2024-01-17 00:09:24 +01:00
Herman Slatman	99934ec9a3	Improve test coverage for `wireOIDC01Validate`	2024-01-16 16:24:54 +01:00
Herman Slatman	7520736f5b	Improve test coverage for `wireDPOP01Validate`	2024-01-16 14:01:48 +01:00
Herman Slatman	d84abac4df	Add test for `wireOIDC01Validate`	2024-01-15 21:59:20 +01:00
Herman Slatman	768a08965d	Store transformed OIDC token	2024-01-15 13:47:44 +01:00
Herman Slatman	0ad381b092	Add OIDC token template transformation	2024-01-12 16:48:21 +01:00
Herman Slatman	9bb1b24bf1	Change `kid` and `dpop` validation	2024-01-12 10:44:49 +01:00
Herman Slatman	79739e5073	Change signature algorithm property name	2024-01-12 09:48:49 +01:00
Herman Slatman	7eacb68361	Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor	2024-01-11 21:29:15 +01:00
Herman Slatman	44721a7d58	Remove debug err print	2024-01-11 21:24:39 +01:00
Herman Slatman	348363abce	Add Wire `DPoP` proof claims verification	2024-01-11 21:19:24 +01:00
Herman Slatman	1bf807add3	Use base64 encoded signing key format	2024-01-11 17:04:08 +01:00
Herman Slatman	1f5f756fce	Make Wire options more robust	2024-01-11 16:14:53 +01:00
Herman Slatman	6ef64b6ed6	Refactor the `Wire` option configuration	2024-01-11 15:08:44 +01:00
Herman Slatman	b6fc0005d5	Add verification of maximum expiry time for Wire tokens	2024-01-11 14:24:34 +01:00
Herman Slatman	b964c97750	Add validation of `handle` and `token` to Wire verification	2024-01-11 13:47:17 +01:00
Herman Slatman	acad227b25	Put Wire options in lower level `wire` struct	2024-01-11 13:18:43 +01:00
Herman Slatman	cd9480ab14	Fix test for `parseAndVerifyWireAccessToken`	2024-01-11 12:45:29 +01:00
Herman Slatman	897688a831	Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli	2024-01-11 12:03:52 +01:00
Herman Slatman	70a2f431fa	Address review remarks	2024-01-11 11:06:39 +01:00
Herman Slatman	033aef9f9d	Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli	2024-01-10 18:57:51 +01:00
Herman Slatman	8faf26c593	Change `KeyAuth` back to old behavior (for now)	2024-01-10 18:32:18 +01:00
beltram	bf5f1201ea	fix: keyauth was not bound to the id token	2024-01-10 17:15:54 +01:00
Herman Slatman	29fa6621b1	Remove the Wire CLI invocatation	2024-01-10 15:12:28 +01:00
Herman Slatman	776a839a42	Fix linter issues and improve error handling	2024-01-09 21:31:19 +01:00
Herman Slatman	01169b2483	Make the `Target` optional in `Challenge` object This is a non-standard property in the ACME challenge response, so we shouldn't return it if it's not set. Also made it an optional field in the DB.	2024-01-09 16:43:18 +01:00
Herman Slatman	c1a7acc306	Make it compile with Go 1.20 again	2024-01-08 22:21:27 +01:00
beltram	90b5347887	feat: try using the new ClientId & Handle format (i.e. plain URIs)	2024-01-08 22:11:37 +01:00
beltram	d6ceebba94	feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge	2024-01-08 22:09:51 +01:00
beltram	6ffd913e28	feat: remove custom hardcoded OIDC challenge for Google	2024-01-08 22:08:37 +01:00
beltram	2be77385f6	fix: same issue as with oidc challenge	2024-01-08 22:07:59 +01:00
beltram	ff07fdc0fd	fix: oups	2024-01-08 22:07:43 +01:00
beltram	13df461e97	fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable	2024-01-08 22:07:29 +01:00
beltram	83f76433a8	b64 encode the kid since apparently it wasn't	2024-01-08 22:06:52 +01:00
beltram	8fd0192da3	print kid for debugging	2024-01-08 22:06:42 +01:00
beltram	4d028f7813	client jwk was there the whole time	2024-01-08 22:05:58 +01:00
beltram	ed2bce9a3c	fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key	2024-01-08 22:05:29 +01:00
beltram	9d5c974f44	fix: PR review	2024-01-08 22:02:48 +01:00
beltram	7b5740153d	support for oidc id token	2024-01-08 22:00:29 +01:00
beltram	f5b346ee36	i'm tired	2024-01-08 21:53:08 +01:00
beltram	613e6cae6e	wip	2024-01-08 21:50:49 +01:00
beltram	abe86002ee	try by storing everything in db	2024-01-08 21:33:53 +01:00
beltram	a32bb66e47	trying to pass access token to template	2024-01-08 21:22:50 +01:00
beltram	ff41a1193d	fix deviceId computing in dpop challenge	2024-01-08 21:21:01 +01:00
Stefan Berthold	83ba0bdc51	Replace field access by accessor functions	2024-01-08 21:17:57 +01:00
beltram	c4fb19d01f	passing expected issuer to rusty-jwt-cli	2024-01-08 21:15:30 +01:00
beltram	d32a3e23f0	wip	2024-01-08 21:08:34 +01:00
beltram	7c9f8020d5	fix: add URI prefix to handle	2024-01-08 21:04:23 +01:00

1 2 3 4

166 Commits