providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256

closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-04-11 20:05:58 +02:00
parent 9b6e47e6b8
commit 8be04cc013
11 changed files with 32 additions and 32 deletions

View File

@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices):
HS256 = "HS256", _("HS256 (Symmetric Encryption)")
RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
EC256 = "EC256", _("EC256 (Asymmetric Encryption)")
ES256 = "ES256", _("ES256 (Asymmetric Encryption)")
class ScopeMapping(PropertyMapping):
@ -255,7 +255,7 @@ class OAuth2Provider(Provider):
if isinstance(private_key, RSAPrivateKey):
return key.key_data, JWTAlgorithms.RS256
if isinstance(private_key, EllipticCurvePrivateKey):
return key.key_data, JWTAlgorithms.EC256
return key.key_data, JWTAlgorithms.ES256
raise Exception(f"Invalid private key type: {type(private_key)}")
def get_issuer(self, request: HttpRequest) -> Optional[str]:

View File

@ -55,7 +55,7 @@ class JWKSView(View):
response_data["keys"] = [
{
"kty": "EC",
"alg": JWTAlgorithms.EC256,
"alg": JWTAlgorithms.ES256,
"use": "sig",
"kid": signing_key.kid,
"n": b64_enc(public_numbers.n),

View File

@ -270,7 +270,7 @@ class TokenParams:
token = decode(
assertion,
public_key,
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256],
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
options={
"verify_aud": False,
},

View File

@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetrische Verschlüsselung)"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgid "ES256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetrische Verschlüsselung)"
#: authentik/providers/oauth2/models.py:99

View File

@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr ""
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgid "ES256 (Asymmetric Encryption)"
msgstr ""
#: authentik/providers/oauth2/models.py:99

View File

@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (cifrado asimétrico)"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgstr "EC256 (cifrado asimétrico)"
msgid "ES256 (Asymmetric Encryption)"
msgstr "ES256 (cifrado asimétrico)"
#: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client"

View File

@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asimetrik Şifreleme)"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgstr "EC256 (Asimetrik Şifreleme)"
msgid "ES256 (Asymmetric Encryption)"
msgstr "ES256 (Asimetrik Şifreleme)"
#: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client"

View File

@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgstr "EC256非对称加密"
msgid "ES256 (Asymmetric Encryption)"
msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client"

View File

@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgstr "EC256非对称加密"
msgid "ES256 (Asymmetric Encryption)"
msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client"

View File

@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgstr "EC256非对称加密"
msgid "ES256 (Asymmetric Encryption)"
msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client"

View File

@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)"
msgstr "EC256非对称加密"
msgid "ES256 (Asymmetric Encryption)"
msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client"