Ryan Richard
132d2aac72
add a code comment
2022-04-19 11:35:46 -07:00
hectorj2f
a3f7afaec4
oidc: add code challenge supported methods
...
Signed-off-by: hectorj2f <hectorf@vmware.com>
2022-04-19 01:21:39 +02:00
Ryan Richard
04b8f0b455
Extract Supervisor authorize endpoint string constants into apis pkg
2021-08-18 10:20:33 -07:00
Ryan Richard
96474b3d99
Extract Supervisor IDP discovery endpoint types into apis package
2021-08-17 15:23:03 -07:00
Matt Moyer
2823d4d1e3
Add "response_modes_supported" to Supervisor discovery response.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-09 12:08:43 -05:00
Ryan Richard
67dca688d7
Add an API version to the Supervisor IDP discovery endpoint
...
Also rename one of the new functional opts in login.go to more
accurately reflect the intention of the opt.
2021-05-13 10:05:56 -07:00
Ryan Richard
e25eb05450
Move Supervisor IDP discovery to its own new endpoint
2021-05-11 10:31:33 -07:00
Ryan Richard
4bd83add35
Add Supervisor upstream IDP discovery on the server-side
2021-04-28 13:14:21 -07:00
Monis Khan
d7edc41c24
oidc discovery: encode metadata once and reuse
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-03 13:37:43 -05:00
Ryan Richard
e1ae48f2e4
Discovery does not return token_endpoint_auth_signing_alg_values_supported
...
`token_endpoint_auth_signing_alg_values_supported` is only related to
private_key_jwt and client_secret_jwt client authentication methods
at the token endpoint, which we do not support. See
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
for more details.
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-07 14:15:31 -08:00
Andrew Keesler
fe2e2bdff1
Our ID token signing algorithm is ES256, not RS256
...
We are currently using EC keys to sign ID tokens, so we should reflect that in
our OIDC discovery metadata.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-03 07:46:07 -05:00
Ryan Richard
d9d76726c2
Implement per-issuer OIDC JWKS endpoint
2020-10-16 17:51:40 -07:00
