providers/oauth2: fix error when requesting jwks keys with no rs256 aet

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:31 +02:00 · 2021-07-29 21:22:31 +02:00 · 8495ff9fc0
parent 309cd90c43
commit 8495ff9fc0
2 changed files with 55 additions and 1 deletions
--- a/authentik/providers/oauth2/tests/test_jwks.py
+++ b/authentik/providers/oauth2/tests/test_jwks.py
@ -0,0 +1,54 @@
+"""JWKS tests"""
+import json
+
+from django.test import RequestFactory
+from django.urls.base import reverse
+from django.utils.encoding import force_str
+
+from authentik.core.models import Application
+from authentik.crypto.models import CertificateKeyPair
+from authentik.flows.models import Flow
+from authentik.providers.oauth2.models import OAuth2Provider
+from authentik.providers.oauth2.tests.utils import OAuthTestCase
+
+
+class TestJWKS(OAuthTestCase):
+    """Test JWKS view"""
+
+    def setUp(self) -> None:
+        super().setUp()
+        self.factory = RequestFactory()
+
+    def test_rs256(self):
+        """Test JWKS request with RS256"""
+        provider = OAuth2Provider.objects.create(
+            name="test",
+            client_id="test",
+            authorization_flow=Flow.objects.first(),
+            redirect_uris="http://local.invalid",
+            rsa_key=CertificateKeyPair.objects.first(),
+        )
+        app = Application.objects.create(name="test", slug="test", provider=provider)
+        response = self.client.get(
+            reverse(
+                "authentik_providers_oauth2:jwks", kwargs={"application_slug": app.slug}
+            )
+        )
+        body = json.loads(force_str(response.content))
+        self.assertEqual(len(body["keys"]), 1)
+
+    def test_hs256(self):
+        """Test JWKS request with HS256"""
+        provider = OAuth2Provider.objects.create(
+            name="test",
+            client_id="test",
+            authorization_flow=Flow.objects.first(),
+            redirect_uris="http://local.invalid",
+        )
+        app = Application.objects.create(name="test", slug="test", provider=provider)
+        response = self.client.get(
+            reverse(
+                "authentik_providers_oauth2:jwks", kwargs={"application_slug": app.slug}
+            )
+        )
+        self.assertJSONEqual(force_str(response.content), {})
--- a/authentik/providers/oauth2/views/jwks.py
+++ b/authentik/providers/oauth2/views/jwks.py
@ -30,7 +30,7 @@ class JWKSView(View):

        response_data = {}

-        if provider.jwt_alg == JWTAlgorithms.RS256:
+        if provider.jwt_alg == JWTAlgorithms.RS256 and provider.rsa_key:
            public_key: RSAPublicKey = provider.rsa_key.private_key.public_key()
            public_numbers = public_key.public_numbers()
            response_data["keys"] = [