outposts/proxy: re-add rs256 support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-02 15:17:32 +01:00
parent 66c530ea06
commit 85a417d22e
2 changed files with 18 additions and 2 deletions

View file

@ -1,6 +1,7 @@
package application
import (
"context"
"crypto/tls"
"encoding/gob"
"fmt"
@ -52,11 +53,17 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
return nil, fmt.Errorf("failed to parse URL, skipping provider")
}
ks := hs256.NewKeySet(*p.ClientSecret)
var ks oidc.KeySet
if contains(p.OidcConfiguration.IdTokenSigningAlgValuesSupported, "HS256") {
ks = hs256.NewKeySet(*p.ClientSecret)
} else {
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, c)
ks = oidc.NewRemoteKeySet(ctx, p.OidcConfiguration.JwksUri)
}
var verifier = oidc.NewVerifier(p.OidcConfiguration.Issuer, ks, &oidc.Config{
ClientID: *p.ClientId,
SupportedSigningAlgs: []string{"HS256"},
SupportedSigningAlgs: []string{"RS256", "HS256"},
})
// Configure an OpenID Connect aware OAuth2 client.

View file

@ -56,3 +56,12 @@ func toString(in interface{}) string {
}
return ""
}
func contains(s []string, e string) bool {
for _, a := range s {
if a == e {
return true
}
}
return false
}