providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256

closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-04-11 20:05:58 +02:00
parent 9b6e47e6b8
commit 8be04cc013
11 changed files with 32 additions and 32 deletions

View file

@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices):
HS256 = "HS256", _("HS256 (Symmetric Encryption)") HS256 = "HS256", _("HS256 (Symmetric Encryption)")
RS256 = "RS256", _("RS256 (Asymmetric Encryption)") RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
EC256 = "EC256", _("EC256 (Asymmetric Encryption)") ES256 = "ES256", _("ES256 (Asymmetric Encryption)")
class ScopeMapping(PropertyMapping): class ScopeMapping(PropertyMapping):
@ -255,7 +255,7 @@ class OAuth2Provider(Provider):
if isinstance(private_key, RSAPrivateKey): if isinstance(private_key, RSAPrivateKey):
return key.key_data, JWTAlgorithms.RS256 return key.key_data, JWTAlgorithms.RS256
if isinstance(private_key, EllipticCurvePrivateKey): if isinstance(private_key, EllipticCurvePrivateKey):
return key.key_data, JWTAlgorithms.EC256 return key.key_data, JWTAlgorithms.ES256
raise Exception(f"Invalid private key type: {type(private_key)}") raise Exception(f"Invalid private key type: {type(private_key)}")
def get_issuer(self, request: HttpRequest) -> Optional[str]: def get_issuer(self, request: HttpRequest) -> Optional[str]:

View file

@ -55,7 +55,7 @@ class JWKSView(View):
response_data["keys"] = [ response_data["keys"] = [
{ {
"kty": "EC", "kty": "EC",
"alg": JWTAlgorithms.EC256, "alg": JWTAlgorithms.ES256,
"use": "sig", "use": "sig",
"kid": signing_key.kid, "kid": signing_key.kid,
"n": b64_enc(public_numbers.n), "n": b64_enc(public_numbers.n),

View file

@ -270,7 +270,7 @@ class TokenParams:
token = decode( token = decode(
assertion, assertion,
public_key, public_key,
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256], algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
options={ options={
"verify_aud": False, "verify_aud": False,
}, },

View file

@ -2,7 +2,7 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# Vri, 2021 # Vri, 2021
# Lars Lehmann <lars@lars-lehmann.net>, 2021 # Lars Lehmann <lars@lars-lehmann.net>, 2021
@ -11,7 +11,7 @@
# Rhea Alleen, 2021 # Rhea Alleen, 2021
# David <david@techniknews.net>, 2021 # David <david@techniknews.net>, 2021
# Steve Oswald, 2022 # Steve Oswald, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetrische Verschlüsselung)" msgstr "RS256 (Asymmetrische Verschlüsselung)"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetrische Verschlüsselung)" msgstr "RS256 (Asymmetrische Verschlüsselung)"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99

View file

@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "" msgstr ""
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "" msgstr ""
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99

View file

@ -2,10 +2,10 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# jcamat, 2022 # jcamat, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (cifrado asimétrico)" msgstr "RS256 (cifrado asimétrico)"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "EC256 (cifrado asimétrico)" msgstr "ES256 (cifrado asimétrico)"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client" msgid "Scope used by the client"

View file

@ -2,10 +2,10 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# Oktay Altunergil, 2022 # Oktay Altunergil, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asimetrik Şifreleme)" msgstr "RS256 (Asimetrik Şifreleme)"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "EC256 (Asimetrik Şifreleme)" msgstr "ES256 (Asimetrik Şifreleme)"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client" msgid "Scope used by the client"

View file

@ -2,11 +2,11 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# Chen Zhikai, 2022 # Chen Zhikai, 2022
# 刘松, 2022 # 刘松, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密" msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "EC256非对称加密" msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client" msgid "Scope used by the client"

View file

@ -2,11 +2,11 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# Chen Zhikai, 2022 # Chen Zhikai, 2022
# 刘松, 2022 # 刘松, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密" msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "EC256非对称加密" msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client" msgid "Scope used by the client"

View file

@ -2,12 +2,12 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# Chen Zhikai, 2022 # Chen Zhikai, 2022
# 刘松, 2022 # 刘松, 2022
# deluxghost, 2022 # deluxghost, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密" msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "EC256非对称加密" msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client" msgid "Scope used by the client"

View file

@ -2,11 +2,11 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package. # This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# #
# Translators: # Translators:
# Chen Zhikai, 2022 # Chen Zhikai, 2022
# 刘松, 2022 # 刘松, 2022
# #
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256非对称加密" msgstr "RS256非对称加密"
#: authentik/providers/oauth2/models.py:93 #: authentik/providers/oauth2/models.py:93
msgid "EC256 (Asymmetric Encryption)" msgid "ES256 (Asymmetric Encryption)"
msgstr "EC256非对称加密" msgstr "ES256非对称加密"
#: authentik/providers/oauth2/models.py:99 #: authentik/providers/oauth2/models.py:99
msgid "Scope used by the client" msgid "Scope used by the client"