providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
closes #2703 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
9b6e47e6b8
commit
8be04cc013
|
@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices):
|
||||||
|
|
||||||
HS256 = "HS256", _("HS256 (Symmetric Encryption)")
|
HS256 = "HS256", _("HS256 (Symmetric Encryption)")
|
||||||
RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
|
RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
|
||||||
EC256 = "EC256", _("EC256 (Asymmetric Encryption)")
|
ES256 = "ES256", _("ES256 (Asymmetric Encryption)")
|
||||||
|
|
||||||
|
|
||||||
class ScopeMapping(PropertyMapping):
|
class ScopeMapping(PropertyMapping):
|
||||||
|
@ -255,7 +255,7 @@ class OAuth2Provider(Provider):
|
||||||
if isinstance(private_key, RSAPrivateKey):
|
if isinstance(private_key, RSAPrivateKey):
|
||||||
return key.key_data, JWTAlgorithms.RS256
|
return key.key_data, JWTAlgorithms.RS256
|
||||||
if isinstance(private_key, EllipticCurvePrivateKey):
|
if isinstance(private_key, EllipticCurvePrivateKey):
|
||||||
return key.key_data, JWTAlgorithms.EC256
|
return key.key_data, JWTAlgorithms.ES256
|
||||||
raise Exception(f"Invalid private key type: {type(private_key)}")
|
raise Exception(f"Invalid private key type: {type(private_key)}")
|
||||||
|
|
||||||
def get_issuer(self, request: HttpRequest) -> Optional[str]:
|
def get_issuer(self, request: HttpRequest) -> Optional[str]:
|
||||||
|
|
|
@ -55,7 +55,7 @@ class JWKSView(View):
|
||||||
response_data["keys"] = [
|
response_data["keys"] = [
|
||||||
{
|
{
|
||||||
"kty": "EC",
|
"kty": "EC",
|
||||||
"alg": JWTAlgorithms.EC256,
|
"alg": JWTAlgorithms.ES256,
|
||||||
"use": "sig",
|
"use": "sig",
|
||||||
"kid": signing_key.kid,
|
"kid": signing_key.kid,
|
||||||
"n": b64_enc(public_numbers.n),
|
"n": b64_enc(public_numbers.n),
|
||||||
|
|
|
@ -270,7 +270,7 @@ class TokenParams:
|
||||||
token = decode(
|
token = decode(
|
||||||
assertion,
|
assertion,
|
||||||
public_key,
|
public_key,
|
||||||
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256],
|
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
|
||||||
options={
|
options={
|
||||||
"verify_aud": False,
|
"verify_aud": False,
|
||||||
},
|
},
|
||||||
|
|
|
@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256 (Asymmetrische Verschlüsselung)"
|
msgstr "RS256 (Asymmetrische Verschlüsselung)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256 (Asymmetrische Verschlüsselung)"
|
msgstr "RS256 (Asymmetrische Verschlüsselung)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
|
|
|
@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
|
|
|
@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256 (cifrado asimétrico)"
|
msgstr "RS256 (cifrado asimétrico)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "EC256 (cifrado asimétrico)"
|
msgstr "ES256 (cifrado asimétrico)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
msgid "Scope used by the client"
|
msgid "Scope used by the client"
|
||||||
|
|
|
@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256 (Asimetrik Şifreleme)"
|
msgstr "RS256 (Asimetrik Şifreleme)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "EC256 (Asimetrik Şifreleme)"
|
msgstr "ES256 (Asimetrik Şifreleme)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
msgid "Scope used by the client"
|
msgid "Scope used by the client"
|
||||||
|
|
|
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256(非对称加密)"
|
msgstr "RS256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "EC256(非对称加密)"
|
msgstr "ES256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
msgid "Scope used by the client"
|
msgid "Scope used by the client"
|
||||||
|
|
|
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256(非对称加密)"
|
msgstr "RS256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "EC256(非对称加密)"
|
msgstr "ES256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
msgid "Scope used by the client"
|
msgid "Scope used by the client"
|
||||||
|
|
|
@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256(非对称加密)"
|
msgstr "RS256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "EC256(非对称加密)"
|
msgstr "ES256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
msgid "Scope used by the client"
|
msgid "Scope used by the client"
|
||||||
|
|
|
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
||||||
msgstr "RS256(非对称加密)"
|
msgstr "RS256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:93
|
#: authentik/providers/oauth2/models.py:93
|
||||||
msgid "EC256 (Asymmetric Encryption)"
|
msgid "ES256 (Asymmetric Encryption)"
|
||||||
msgstr "EC256(非对称加密)"
|
msgstr "ES256(非对称加密)"
|
||||||
|
|
||||||
#: authentik/providers/oauth2/models.py:99
|
#: authentik/providers/oauth2/models.py:99
|
||||||
msgid "Scope used by the client"
|
msgid "Scope used by the client"
|
||||||
|
|
Reference in a new issue