djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Discovery does not return token_endpoint_auth_signing_alg_values_supported

Browse Source 
`token_endpoint_auth_signing_alg_values_supported` is only related to
private_key_jwt and client_secret_jwt client authentication methods
at the token endpoint, which we do not support. See
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
for more details.

Signed-off-by: Aram Price <pricear@vmware.com>
This commit is contained in:
Ryan Richard 2020-12-07 14:15:31 -08:00 committed by Aram Price
parent 648fa4b9ba
commit e1ae48f2e4
3 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
internal/oidc/discovery/discovery_handler.go
View File

@ -31,10 +31,9 @@ type Metadata struct {
// vvv Optional vvv // vvv Optional vvv
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgoValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"` ScopesSupported []string `json:"scopes_supported"`
ScopesSupported []string `json:"scopes_supported"` ClaimsSupported []string `json:"claims_supported"`
ClaimsSupported []string `json:"claims_supported"`
// ^^^ Optional ^^^ // ^^^ Optional ^^^
} }
@ -58,9 +57,8 @@ func NewHandler(issuerURL string) http.Handler {
SubjectTypesSupported: []string{"public"}, SubjectTypesSupported: []string{"public"},
IDTokenSigningAlgValuesSupported: []string{"ES256"}, IDTokenSigningAlgValuesSupported: []string{"ES256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"}, ScopesSupported: []string{"openid", "offline"},
ScopesSupported: []string{"openid", "offline"}, ClaimsSupported: []string{"groups"},
ClaimsSupported: []string{"groups"},
} }
if err := json.NewEncoder(w).Encode(&oidcConfig); err != nil { if err := json.NewEncoder(w).Encode(&oidcConfig); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)

5
internal/oidc/discovery/discovery_handler_test.go
View File

@ -43,9 +43,8 @@ func TestDiscovery(t *testing.T) {
SubjectTypesSupported: []string{"public"}, SubjectTypesSupported: []string{"public"},
IDTokenSigningAlgValuesSupported: []string{"ES256"}, IDTokenSigningAlgValuesSupported: []string{"ES256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"}, ScopesSupported: []string{"openid", "offline"},
ScopesSupported: []string{"openid", "offline"}, ClaimsSupported: []string{"groups"},
ClaimsSupported: []string{"groups"},
}, },
}, },
{ {

1
test/integration/supervisor_discovery_test.go
View File

@ -472,7 +472,6 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso
"authorization_endpoint": "%s/oauth2/authorize", "authorization_endpoint": "%s/oauth2/authorize",
"token_endpoint": "%s/oauth2/token", "token_endpoint": "%s/oauth2/token",
"token_endpoint_auth_methods_supported": ["client_secret_basic"], "token_endpoint_auth_methods_supported": ["client_secret_basic"],
"token_endpoint_auth_signing_alg_values_supported": ["RS256"],
"jwks_uri": "%s/jwks.json", "jwks_uri": "%s/jwks.json",
"scopes_supported": ["openid", "offline"], "scopes_supported": ["openid", "offline"],
"response_types_supported": ["code"], "response_types_supported": ["code"],