providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256

closes #2703 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00 · 2022-04-11 20:05:58 +02:00 · 8be04cc013
parent 9b6e47e6b8
commit 8be04cc013
11 changed files with 32 additions and 32 deletions
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices):

    HS256 = "HS256", _("HS256 (Symmetric Encryption)")
    RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
-    EC256 = "EC256", _("EC256 (Asymmetric Encryption)")
+    ES256 = "ES256", _("ES256 (Asymmetric Encryption)")


 class ScopeMapping(PropertyMapping):
@ -255,7 +255,7 @@ class OAuth2Provider(Provider):
        if isinstance(private_key, RSAPrivateKey):
            return key.key_data, JWTAlgorithms.RS256
        if isinstance(private_key, EllipticCurvePrivateKey):
-            return key.key_data, JWTAlgorithms.EC256
+            return key.key_data, JWTAlgorithms.ES256
        raise Exception(f"Invalid private key type: {type(private_key)}")

    def get_issuer(self, request: HttpRequest) -> Optional[str]:
--- a/authentik/providers/oauth2/views/jwks.py
+++ b/authentik/providers/oauth2/views/jwks.py
@ -55,7 +55,7 @@ class JWKSView(View):
                response_data["keys"] = [
                    {
                        "kty": "EC",
-                        "alg": JWTAlgorithms.EC256,
+                        "alg": JWTAlgorithms.ES256,
                        "use": "sig",
                        "kid": signing_key.kid,
                        "n": b64_enc(public_numbers.n),
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@ -270,7 +270,7 @@ class TokenParams:
                token = decode(
                    assertion,
                    public_key,
-                    algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256],
+                    algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
                    options={
                        "verify_aud": False,
                    },
--- a/locale/de/LC_MESSAGES/django.po
+++ b/locale/de/LC_MESSAGES/django.po
@ -2,7 +2,7 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # Vri, 2021
 # Lars Lehmann <lars@lars-lehmann.net>, 2021
@ -11,7 +11,7 @@
 # Rhea Alleen, 2021
 # David <david@techniknews.net>, 2021
 # Steve Oswald, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (Asymmetrische Verschlüsselung)"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
 msgstr "RS256 (Asymmetrische Verschlüsselung)"

 #: authentik/providers/oauth2/models.py:99
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr ""

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
 msgstr ""

 #: authentik/providers/oauth2/models.py:99
--- a/locale/es/LC_MESSAGES/django.po
+++ b/locale/es/LC_MESSAGES/django.po
@ -2,10 +2,10 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # jcamat, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (cifrado asimétrico)"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
-msgstr "EC256 (cifrado asimétrico)"
+msgid "ES256 (Asymmetric Encryption)"
+msgstr "ES256 (cifrado asimétrico)"

 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/tr/LC_MESSAGES/django.po
+++ b/locale/tr/LC_MESSAGES/django.po
@ -2,10 +2,10 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # Oktay Altunergil, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (Asimetrik Şifreleme)"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
-msgstr "EC256 (Asimetrik Şifreleme)"
+msgid "ES256 (Asymmetric Encryption)"
+msgstr "ES256 (Asimetrik Şifreleme)"

 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh-Hans/LC_MESSAGES/django.po
+++ b/locale/zh-Hans/LC_MESSAGES/django.po
@ -2,11 +2,11 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgid "ES256 (Asymmetric Encryption)"
+msgstr "ES256（非对称加密）"

 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh-Hant/LC_MESSAGES/django.po
+++ b/locale/zh-Hant/LC_MESSAGES/django.po
@ -2,11 +2,11 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgid "ES256 (Asymmetric Encryption)"
+msgstr "ES256（非对称加密）"

 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh_CN/LC_MESSAGES/django.po
+++ b/locale/zh_CN/LC_MESSAGES/django.po
@ -2,12 +2,12 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
 # deluxghost, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgid "ES256 (Asymmetric Encryption)"
+msgstr "ES256（非对称加密）"

 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh_TW/LC_MESSAGES/django.po
+++ b/locale/zh_TW/LC_MESSAGES/django.po
@ -2,11 +2,11 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
-# 
+#
 #, fuzzy
 msgid ""
 msgstr ""
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"

 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgid "ES256 (Asymmetric Encryption)"
+msgstr "ES256（非对称加密）"

 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"