Compare commits
12 commits
main
...
webkey-tes
| Author | SHA1 | Date | |
|---|---|---|---|
|
214a899ddd | ||
|
|
07d4268b89 | ||
|
|
0df1caff1b | ||
|
|
6fd74f21d3 | ||
|
|
248df8c1f1 | ||
|
|
0e6aafa16c | ||
|
|
f5cd665097 | ||
|
|
2a3e87afff | ||
|
|
eb249c4c70 | ||
|
|
7e1846e6e2 | ||
|
|
fa73f36780 | ||
|
|
f2545780c8 |
5 changed files with 26 additions and 11 deletions
|
|
@ -56,6 +56,7 @@ func main() {
|
||||||
rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
|
rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
|
||||||
rp.WithHTTPClient(client),
|
rp.WithHTTPClient(client),
|
||||||
rp.WithLogger(logger),
|
rp.WithLogger(logger),
|
||||||
|
rp.WithSigningAlgsFromDiscovery(),
|
||||||
}
|
}
|
||||||
if clientSecret == "" {
|
if clientSecret == "" {
|
||||||
options = append(options, rp.WithPKCE(cookieHandler))
|
options = append(options, rp.WithPKCE(cookieHandler))
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,14 @@ func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) {
|
||||||
return sha512.New384(), nil
|
return sha512.New384(), nil
|
||||||
case jose.RS512, jose.ES512, jose.PS512:
|
case jose.RS512, jose.ES512, jose.PS512:
|
||||||
return sha512.New(), nil
|
return sha512.New(), nil
|
||||||
|
|
||||||
|
// There is no published spec for this yet, but we have confirmation it will get published.
|
||||||
|
// There is consensus here: https://bitbucket.org/openid/connect/issues/1125/_hash-algorithm-for-eddsa-id-tokens
|
||||||
|
// Currently Go and go-jose only supports the ed25519 curve key for EdDSA, so we can safely assume sha512 here.
|
||||||
|
// It is unlikely ed448 will ever be supported: https://github.com/golang/go/issues/29390
|
||||||
|
case jose.EdDSA:
|
||||||
|
return sha512.New(), nil
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("%w: %q", ErrUnsupportedAlgorithm, sigAlgorithm)
|
return nil, fmt.Errorf("%w: %q", ErrUnsupportedAlgorithm, sigAlgorithm)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"crypto/ed25519"
|
"crypto/ed25519"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"errors"
|
"errors"
|
||||||
|
"strings"
|
||||||
|
|
||||||
jose "github.com/go-jose/go-jose/v4"
|
jose "github.com/go-jose/go-jose/v4"
|
||||||
)
|
)
|
||||||
|
|
@ -92,17 +93,17 @@ func FindMatchingKey(keyID, use, expectedAlg string, keys ...jose.JSONWebKey) (k
|
||||||
}
|
}
|
||||||
|
|
||||||
func algToKeyType(key any, alg string) bool {
|
func algToKeyType(key any, alg string) bool {
|
||||||
switch alg[0] {
|
if strings.HasPrefix(alg, "RS") || strings.HasPrefix(alg, "PS") {
|
||||||
case 'R', 'P':
|
|
||||||
_, ok := key.(*rsa.PublicKey)
|
_, ok := key.(*rsa.PublicKey)
|
||||||
return ok
|
return ok
|
||||||
case 'E':
|
}
|
||||||
|
if strings.HasPrefix(alg, "ES") {
|
||||||
_, ok := key.(*ecdsa.PublicKey)
|
_, ok := key.(*ecdsa.PublicKey)
|
||||||
return ok
|
return ok
|
||||||
case 'O':
|
}
|
||||||
_, ok := key.(*ed25519.PublicKey)
|
if alg == string(jose.EdDSA) {
|
||||||
|
_, ok := key.(ed25519.PublicKey)
|
||||||
return ok
|
return ok
|
||||||
default:
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -428,6 +428,7 @@ func TestTryErrorRedirect(t *testing.T) {
|
||||||
parent: oidc.ErrInteractionRequired().WithDescription("sign in"),
|
parent: oidc.ErrInteractionRequired().WithDescription("sign in"),
|
||||||
},
|
},
|
||||||
want: &Redirect{
|
want: &Redirect{
|
||||||
|
Header: make(http.Header),
|
||||||
URL: "http://example.com/callback?error=interaction_required&error_description=sign+in&state=state1",
|
URL: "http://example.com/callback?error=interaction_required&error_description=sign+in&state=state1",
|
||||||
},
|
},
|
||||||
wantLog: `{
|
wantLog: `{
|
||||||
|
|
|
||||||
|
|
@ -218,6 +218,7 @@ type Response struct {
|
||||||
// without custom headers.
|
// without custom headers.
|
||||||
func NewResponse(data any) *Response {
|
func NewResponse(data any) *Response {
|
||||||
return &Response{
|
return &Response{
|
||||||
|
Header: make(http.Header),
|
||||||
Data: data,
|
Data: data,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -242,7 +243,10 @@ type Redirect struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewRedirect(url string) *Redirect {
|
func NewRedirect(url string) *Redirect {
|
||||||
return &Redirect{URL: url}
|
return &Redirect{
|
||||||
|
Header: make(http.Header),
|
||||||
|
URL: url,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (red *Redirect) writeOut(w http.ResponseWriter, r *http.Request) {
|
func (red *Redirect) writeOut(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue