From 8be04cc013da8a42216992b1277159942c5d45d1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 11 Apr 2022 20:05:58 +0200 Subject: [PATCH] providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256 closes #2703 Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/models.py | 4 ++-- authentik/providers/oauth2/views/jwks.py | 2 +- authentik/providers/oauth2/views/token.py | 2 +- locale/de/LC_MESSAGES/django.po | 6 +++--- locale/en/LC_MESSAGES/django.po | 2 +- locale/es/LC_MESSAGES/django.po | 8 ++++---- locale/tr/LC_MESSAGES/django.po | 8 ++++---- locale/zh-Hans/LC_MESSAGES/django.po | 8 ++++---- locale/zh-Hant/LC_MESSAGES/django.po | 8 ++++---- locale/zh_CN/LC_MESSAGES/django.po | 8 ++++---- locale/zh_TW/LC_MESSAGES/django.po | 8 ++++---- 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index 7a93b1cbe..28a7ac91c 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices): HS256 = "HS256", _("HS256 (Symmetric Encryption)") RS256 = "RS256", _("RS256 (Asymmetric Encryption)") - EC256 = "EC256", _("EC256 (Asymmetric Encryption)") + ES256 = "ES256", _("ES256 (Asymmetric Encryption)") class ScopeMapping(PropertyMapping): @@ -255,7 +255,7 @@ class OAuth2Provider(Provider): if isinstance(private_key, RSAPrivateKey): return key.key_data, JWTAlgorithms.RS256 if isinstance(private_key, EllipticCurvePrivateKey): - return key.key_data, JWTAlgorithms.EC256 + return key.key_data, JWTAlgorithms.ES256 raise Exception(f"Invalid private key type: {type(private_key)}") def get_issuer(self, request: HttpRequest) -> Optional[str]: diff --git a/authentik/providers/oauth2/views/jwks.py b/authentik/providers/oauth2/views/jwks.py index 3b9ed0ec7..a350b95d8 100644 --- a/authentik/providers/oauth2/views/jwks.py +++ b/authentik/providers/oauth2/views/jwks.py @@ -55,7 +55,7 @@ class JWKSView(View): response_data["keys"] = [ { "kty": "EC", - "alg": JWTAlgorithms.EC256, + "alg": JWTAlgorithms.ES256, "use": "sig", "kid": signing_key.kid, "n": b64_enc(public_numbers.n), diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index bc8befc7b..9f0140a25 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -270,7 +270,7 @@ class TokenParams: token = decode( assertion, public_key, - algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256], + algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256], options={ "verify_aud": False, }, diff --git a/locale/de/LC_MESSAGES/django.po b/locale/de/LC_MESSAGES/django.po index 0e8c9da65..18265bb69 100644 --- a/locale/de/LC_MESSAGES/django.po +++ b/locale/de/LC_MESSAGES/django.po @@ -2,7 +2,7 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # Vri, 2021 # Lars Lehmann , 2021 @@ -11,7 +11,7 @@ # Rhea Alleen, 2021 # David , 2021 # Steve Oswald, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256 (Asymmetrische Verschlüsselung)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" +msgid "ES256 (Asymmetric Encryption)" msgstr "RS256 (Asymmetrische Verschlüsselung)" #: authentik/providers/oauth2/models.py:99 diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po index f68db8f8e..c06025d00 100644 --- a/locale/en/LC_MESSAGES/django.po +++ b/locale/en/LC_MESSAGES/django.po @@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" +msgid "ES256 (Asymmetric Encryption)" msgstr "" #: authentik/providers/oauth2/models.py:99 diff --git a/locale/es/LC_MESSAGES/django.po b/locale/es/LC_MESSAGES/django.po index 7cdea8de5..629944bb0 100644 --- a/locale/es/LC_MESSAGES/django.po +++ b/locale/es/LC_MESSAGES/django.po @@ -2,10 +2,10 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # jcamat, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256 (cifrado asimétrico)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" -msgstr "EC256 (cifrado asimétrico)" +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256 (cifrado asimétrico)" #: authentik/providers/oauth2/models.py:99 msgid "Scope used by the client" diff --git a/locale/tr/LC_MESSAGES/django.po b/locale/tr/LC_MESSAGES/django.po index ec9d343e8..d2cfa9588 100644 --- a/locale/tr/LC_MESSAGES/django.po +++ b/locale/tr/LC_MESSAGES/django.po @@ -2,10 +2,10 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # Oktay Altunergil, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256 (Asimetrik Şifreleme)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" -msgstr "EC256 (Asimetrik Şifreleme)" +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256 (Asimetrik Şifreleme)" #: authentik/providers/oauth2/models.py:99 msgid "Scope used by the client" diff --git a/locale/zh-Hans/LC_MESSAGES/django.po b/locale/zh-Hans/LC_MESSAGES/django.po index 38766d0e5..3c925f3de 100644 --- a/locale/zh-Hans/LC_MESSAGES/django.po +++ b/locale/zh-Hans/LC_MESSAGES/django.po @@ -2,11 +2,11 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # Chen Zhikai, 2022 # 刘松, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256(非对称加密)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" -msgstr "EC256(非对称加密)" +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256(非对称加密)" #: authentik/providers/oauth2/models.py:99 msgid "Scope used by the client" diff --git a/locale/zh-Hant/LC_MESSAGES/django.po b/locale/zh-Hant/LC_MESSAGES/django.po index 349959c18..3ff42cf79 100644 --- a/locale/zh-Hant/LC_MESSAGES/django.po +++ b/locale/zh-Hant/LC_MESSAGES/django.po @@ -2,11 +2,11 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # Chen Zhikai, 2022 # 刘松, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256(非对称加密)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" -msgstr "EC256(非对称加密)" +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256(非对称加密)" #: authentik/providers/oauth2/models.py:99 msgid "Scope used by the client" diff --git a/locale/zh_CN/LC_MESSAGES/django.po b/locale/zh_CN/LC_MESSAGES/django.po index 34c64e88d..1bc1fd9ef 100644 --- a/locale/zh_CN/LC_MESSAGES/django.po +++ b/locale/zh_CN/LC_MESSAGES/django.po @@ -2,12 +2,12 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # Chen Zhikai, 2022 # 刘松, 2022 # deluxghost, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256(非对称加密)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" -msgstr "EC256(非对称加密)" +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256(非对称加密)" #: authentik/providers/oauth2/models.py:99 msgid "Scope used by the client" diff --git a/locale/zh_TW/LC_MESSAGES/django.po b/locale/zh_TW/LC_MESSAGES/django.po index ce391c3e1..186af589b 100644 --- a/locale/zh_TW/LC_MESSAGES/django.po +++ b/locale/zh_TW/LC_MESSAGES/django.po @@ -2,11 +2,11 @@ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. -# +# # Translators: # Chen Zhikai, 2022 # 刘松, 2022 -# +# #, fuzzy msgid "" msgstr "" @@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)" msgstr "RS256(非对称加密)" #: authentik/providers/oauth2/models.py:93 -msgid "EC256 (Asymmetric Encryption)" -msgstr "EC256(非对称加密)" +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256(非对称加密)" #: authentik/providers/oauth2/models.py:99 msgid "Scope used by the client"