hectorj2f
a3f7afaec4
oidc: add code challenge supported methods
...
Signed-off-by: hectorj2f <hectorf@vmware.com>
2022-04-19 01:21:39 +02:00
Ryan Richard
04b8f0b455
Extract Supervisor authorize endpoint string constants into apis pkg
2021-08-18 10:20:33 -07:00
Ryan Richard
96474b3d99
Extract Supervisor IDP discovery endpoint types into apis package
2021-08-17 15:23:03 -07:00
Matt Moyer
2823d4d1e3
Add "response_modes_supported" to Supervisor discovery response.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-09 12:08:43 -05:00
Ryan Richard
67dca688d7
Add an API version to the Supervisor IDP discovery endpoint
...
Also rename one of the new functional opts in login.go to more
accurately reflect the intention of the opt.
2021-05-13 10:05:56 -07:00
Ryan Richard
e25eb05450
Move Supervisor IDP discovery to its own new endpoint
2021-05-11 10:31:33 -07:00
Ryan Richard
4bd83add35
Add Supervisor upstream IDP discovery on the server-side
2021-04-28 13:14:21 -07:00
Monis Khan
d7edc41c24
oidc discovery: encode metadata once and reuse
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-03 13:37:43 -05:00
Ryan Richard
e1ae48f2e4
Discovery does not return token_endpoint_auth_signing_alg_values_supported
...
`token_endpoint_auth_signing_alg_values_supported` is only related to
private_key_jwt and client_secret_jwt client authentication methods
at the token endpoint, which we do not support. See
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
for more details.
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-07 14:15:31 -08:00
Andrew Keesler
fe2e2bdff1
Our ID token signing algorithm is ES256, not RS256
...
We are currently using EC keys to sign ID tokens, so we should reflect that in
our OIDC discovery metadata.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-03 07:46:07 -05:00
Ryan Richard
d9d76726c2
Implement per-issuer OIDC JWKS endpoint
2020-10-16 17:51:40 -07:00
Ryan Richard
8b7d96f42c
Several small refactors related to OIDC providers
2020-10-08 11:28:21 -07:00
Ryan Richard
6b653fc663
Creation and deletion of OIDC Provider discovery endpoints from config
...
- The OIDCProviderConfigWatcherController synchronizes the
OIDCProviderConfig settings to dynamically mount and unmount the
OIDC discovery endpoints for each provider
- Integration test passes but unit tests need to be added still
2020-10-07 19:18:34 -07:00
Andrew Keesler
f48a4e445e
Fix linting and unit tests
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 11:48:21 -04:00
Andrew Keesler
c49ebf4b57
supervisor-oidc: int test passes, but impl needs refactor
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 11:33:50 -04:00
Andrew Keesler
019f44982c
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 10:54:56 -04:00
Andrew Keesler
fd6a7f5892
supervisor-oidc: hoist OIDC discovery handler for testing
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 11:16:57 -04:00