Comments (4)
Ahhhh, i missed that one 😁
For reference, for others https://discord.com/channels/927474939156643850/1031827610902204458
from oidc.
The solution was as described here:
#140 (comment)
Quick and dirty:
func (s *Storage) GetKeySet(ctx context.Context) (*jose.JSONWebKeySet, error) {
cert, err := testCert(s.signingKey.Key)
if err != nil {
return nil, err
}
sha := sha256.New()
sha.Write(cert.Raw)
s1 := sha.Sum(nil)
sha11 := sha1.New()
sha11.Write(cert.Raw)
s2 := sha11.Sum(nil)
// as mentioned above, this example only has a single signing key without key rotation,
// so it will directly use its public key
//
// when using key rotation you typically would store the public keys alongside the private keys in your database
// and give both of them an expiration date, with the public key having a longer lifetime (e.g. rotate private key every
return &jose.JSONWebKeySet{
Keys: []jose.JSONWebKey{
{
Certificates: []*x509.Certificate{cert},
CertificateThumbprintSHA1: s2,
CertificateThumbprintSHA256: s1,
KeyID: s.signingKey.ID,
Algorithm: s.signingKey.Algorithm,
Use: oidc.KeyUseSignature,
Key: &s.signingKey.Key.PublicKey,
},
},
}, nil
}
from oidc.
Hey @braginini sorry for not responding in time 😢 we where quiet in a rush to get some stuff done.
from oidc.
Hey @braginini sorry for not responding in time cry we where quiet in a rush to get some stuff done.
You did great, I used Discord and your folks helped there.
from oidc.
Related Issues (20)
- Can't revoke token HOT 1
- allow to set audiences for device authorization
- return an ID token with Device Authorizaiton HOT 1
- [Spike]: OpenID Conformance testing suite
- Need to add a "typ":"JWT" header to my tokens HOT 1
- proposal(op): new server interface to replace storage HOT 8
- state always returned in access token response HOT 2
- JWT Assertion payload does not match RFC example when generated with OIDC relying party HOT 8
- [Bug]: Client Assertion token request includes basic auth header HOT 3
- PKCE support is not enough HOT 1
- use trace id of external service HOT 2
- Allow custom forwarded header HOT 2
- [Bug]: client invalid signature when OIDC server is restarted HOT 2
- The automated release is failing 🚨
- [Bug]: nil pointer dereference in `crypto.BytesToPrivateKey` HOT 3
- Access to auto discovery configuration HOT 3
- Allow empty nonce from ID Tokens issued from Refresh Tokens HOT 10
- Support form_post OIDC response mode HOT 4
- Do not ignore all JWKS parsing errors HOT 1
- [Bug]: nil pointer dereference when not setting unauthorized handler HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oidc.