TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-10-18 09:03:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: improve key rotation (#1107)

Browse Source 
* key rotation

* fix: rotate signing key

* cleanup

* introspect

* testingapplication key

* date

* client keys

* fix client keys

* fix client keys

* access tokens only for users

* AuthMethodPrivateKeyJWT

* client keys

* set introspection info correctly

* managae apis

* update oidc pkg

* cleanup

* merge msater

* set current sequence in migration

* set current sequence in migration

* set current sequence in migration

* ensure authn keys uptodate

* improve key rotation

* fix: return api config in ApplicationView

* fix mocks for tests

* fix(mock): corrected unit tests for updated mock package

Co-authored-by: Stefan Benz <stefan@caos.ch>
This commit is contained in:
Livio Amstutz
2021-02-23 15:07:42 +01:00
committed by GitHub
parent 16a47c6542
commit f60d200d5a
34 changed files with 590 additions and 433 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/api/oidc/auth_request.go
View File

@@ -116,8 +116,8 @@ func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID strin
return o.repo.SignOut(ctx, userAgentID)
}
func (o *OPStorage) GetSigningKey(ctx context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, timer <-chan time.Time) {
o.repo.GetSigningKey(ctx, keyCh, errCh, timer)
func (o *OPStorage) GetSigningKey(ctx context.Context, keyCh chan<- jose.SigningKey) {
o.repo.GetSigningKey(ctx, keyCh, o.signingKeyAlgorithm)
}
func (o *OPStorage) GetKeySet(ctx context.Context) (_ *jose.JSONWebKeySet, err error) {
@@ -126,10 +126,6 @@ func (o *OPStorage) GetKeySet(ctx context.Context) (_ *jose.JSONWebKeySet, err e
return o.repo.GetKeySet(ctx)
}
func (o *OPStorage) SaveNewKeyPair(ctx context.Context) error {
return o.repo.GenerateSigningKeyPair(ctx, o.signingKeyAlgorithm)
}
func (o *OPStorage) assertProjectRoleScopes(app *proj_model.ApplicationView, scopes []string) ([]string, error) {
if !app.ProjectRoleAssertion {
return scopes, nil

1
internal/api/oidc/op.go
View File

@@ -76,7 +76,6 @@ func NewProvider(ctx context.Context, config OPHandlerConfig, repo repository.Re
op.WithCustomUserinfoEndpoint(op.NewEndpointWithURL(config.Endpoints.Userinfo.Path, config.Endpoints.Userinfo.URL)),
op.WithCustomEndSessionEndpoint(op.NewEndpointWithURL(config.Endpoints.EndSession.Path, config.Endpoints.EndSession.URL)),
op.WithCustomKeysEndpoint(op.NewEndpointWithURL(config.Endpoints.Keys.Path, config.Endpoints.Keys.URL)),
op.WithRetry(3, time.Duration(30*time.Second)),
)
logging.Log("OIDC-asf13").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Panic("cannot create provider")
return provider