trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/proxy: remove deprecated rs256 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-16 09:57:47 +02:00
parent 341c58a722
commit 48ad3dccda
1 changed files with 1 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/outpost/proxyv2/application/application.go
View File

@ -1,7 +1,6 @@
package application package application
import ( import (
"context"
"crypto/tls" "crypto/tls"
"encoding/gob" "encoding/gob"
"net/http" "net/http"
@ -49,15 +48,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
log.WithError(err).Warning("Failed to parse URL, skipping provider") log.WithError(err).Warning("Failed to parse URL, skipping provider")
} }
// Support for RS256, new proxy providers will use HS256 but old ones ks := hs256.NewKeySet(*p.ClientSecret)
// might not, and this makes testing easier
var ks oidc.KeySet
if contains(p.OidcConfiguration.IdTokenSigningAlgValuesSupported, "HS256") {
ks = hs256.NewKeySet(*p.ClientSecret)
} else {
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, c)
oidc.NewRemoteKeySet(ctx, p.OidcConfiguration.JwksUri)
}
var verifier = oidc.NewVerifier(p.OidcConfiguration.Issuer, ks, &oidc.Config{ var verifier = oidc.NewVerifier(p.OidcConfiguration.Issuer, ks, &oidc.Config{
ClientID: *p.ClientId, ClientID: *p.ClientId,