ContainerImage.Pinniped

djpbessems/ContainerImage.Pinniped

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Richard	d9d76726c2	Implement per-issuer OIDC JWKS endpoint	2020-10-16 17:51:40 -07:00
Andrew Keesler	e05213f9dd	supervisor-generate-key: use EC keys intead of RSA EC keys are smaller and take less time to generate. Our integration tests were super flakey because generating an RSA key would take up to 10 seconds gasp. The main token verifier that we care about is Kubernetes, which supports P256, so hopefully it won't be that much of an issue that our default signing key type is EC. The OIDC spec seems kinda squirmy when it comes to using non-RSA signing algorithms... Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-10-15 11:33:08 -04:00
Andrew Keesler	c030551af0	supervisor-generate-key: unit and integration tests Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-10-14 16:41:16 -04:00

Author

SHA1

Message

Date

Ryan Richard

d9d76726c2

Implement per-issuer OIDC JWKS endpoint

2020-10-16 17:51:40 -07:00

Andrew Keesler

e05213f9dd

supervisor-generate-key: use EC keys intead of RSA

EC keys are smaller and take less time to generate. Our integration
tests were super flakey because generating an RSA key would take up to
10 seconds *gasp*. The main token verifier that we care about is
Kubernetes, which supports P256, so hopefully it won't be that much of
an issue that our default signing key type is EC. The OIDC spec seems
kinda squirmy when it comes to using non-RSA signing algorithms...

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

2020-10-15 11:33:08 -04:00

Andrew Keesler

c030551af0

supervisor-generate-key: unit and integration tests

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

2020-10-14 16:41:16 -04:00

3 Commits