TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-08 19:17:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: use issuer for jwt profile check on system api (#3741)

Browse Source
This commit is contained in:
Livio Amstutz 2022-05-31 13:11:49 +02:00 committed by GitHub
parent 1655656f99
commit 81c0ca3337
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/admin/start/start.go
View File

@ -29,6 +29,7 @@ import (
"github.com/zitadel/zitadel/internal/api/grpc/auth" "github.com/zitadel/zitadel/internal/api/grpc/auth"
"github.com/zitadel/zitadel/internal/api/grpc/management" "github.com/zitadel/zitadel/internal/api/grpc/management"
"github.com/zitadel/zitadel/internal/api/grpc/system" "github.com/zitadel/zitadel/internal/api/grpc/system"
http_util "github.com/zitadel/zitadel/internal/api/http"
"github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/api/http/middleware"
"github.com/zitadel/zitadel/internal/api/oidc" "github.com/zitadel/zitadel/internal/api/oidc"
"github.com/zitadel/zitadel/internal/api/ui/console" "github.com/zitadel/zitadel/internal/api/ui/console"
@ -150,7 +151,7 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
authZRepo, authZRepo,
queries, queries,
} }
verifier := internal_authz.Start(repo, config.ExternalDomain, systemAPIKeys) verifier := internal_authz.Start(repo, http_util.BuildHTTP(config.ExternalDomain, config.ExternalPort, config.ExternalSecure)+oidc.HandlerPrefix, systemAPIKeys)
apis := api.New(config.Port, router, queries, verifier, config.InternalAuthZ, config.ExternalSecure, config.HTTP2HostHeader) apis := api.New(config.Port, router, queries, verifier, config.InternalAuthZ, config.ExternalSecure, config.HTTP2HostHeader)
authRepo, err := auth_es.Start(config.Auth, config.SystemDefaults, commands, queries, dbClient, keys.OIDC, keys.User) authRepo, err := auth_es.Start(config.Auth, config.SystemDefaults, commands, queries, dbClient, keys.OIDC, keys.User)

4
internal/api/authz/token.go
View File

@ -35,7 +35,7 @@ type authZRepo interface {
ExistsOrg(ctx context.Context, orgID string) error ExistsOrg(ctx context.Context, orgID string) error
} }
func Start(authZRepo authZRepo, systemAPI string, keys map[string]*SystemAPIUser) (v *TokenVerifier) { func Start(authZRepo authZRepo, issuer string, keys map[string]*SystemAPIUser) (v *TokenVerifier) {
return &TokenVerifier{ return &TokenVerifier{
authZRepo: authZRepo, authZRepo: authZRepo,
systemJWTProfile: op.NewJWTProfileVerifier( systemJWTProfile: op.NewJWTProfileVerifier(
@ -43,7 +43,7 @@ func Start(authZRepo authZRepo, systemAPI string, keys map[string]*SystemAPIUser
keys: keys, keys: keys,
cachedKeys: make(map[string]*rsa.PublicKey), cachedKeys: make(map[string]*rsa.PublicKey),
}, },
systemAPI, issuer,
1*time.Hour, 1*time.Hour,
time.Second, time.Second,
), ),