djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,260 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Ryan Richard 96474b3d99 Extract Supervisor IDP discovery endpoint types into apis package 2021-08-17 15:23:03 -07:00
Matt Moyer 2823d4d1e3
Add "response_modes_supported" to Supervisor discovery response. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-07-09 12:08:43 -05:00
Ryan Richard 67dca688d7 Add an API version to the Supervisor IDP discovery endpoint 
Also rename one of the new functional opts in login.go to more
accurately reflect the intention of the opt.
 2021-05-13 10:05:56 -07:00
Ryan Richard e25eb05450 Move Supervisor IDP discovery to its own new endpoint 2021-05-11 10:31:33 -07:00
Ryan Richard 4bd83add35 Add Supervisor upstream IDP discovery on the server-side 2021-04-28 13:14:21 -07:00
Monis Khan d7edc41c24
oidc discovery: encode metadata once and reuse 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-03 13:37:43 -05:00
Ryan Richard e1ae48f2e4 Discovery does not return `token_endpoint_auth_signing_alg_values_supported` 
`token_endpoint_auth_signing_alg_values_supported` is only related to
private_key_jwt and client_secret_jwt client authentication methods
at the token endpoint, which we do not support. See
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
for more details.

Signed-off-by: Aram Price <pricear@vmware.com>
 2020-12-07 14:15:31 -08:00
Andrew Keesler fe2e2bdff1
Our ID token signing algorithm is ES256, not RS256 
We are currently using EC keys to sign ID tokens, so we should reflect that in
our OIDC discovery metadata.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-03 07:46:07 -05:00
Ryan Richard d9d76726c2 Implement per-issuer OIDC JWKS endpoint 2020-10-16 17:51:40 -07:00