providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256

closes #2703 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00 · 2022-04-11 20:05:58 +02:00 · 8be04cc013
parent 9b6e47e6b8
commit 8be04cc013
11 changed files with 32 additions and 32 deletions
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices):
    HS256 = "HS256", _("HS256 (Symmetric Encryption)")
    RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
-    EC256 = "EC256", _("EC256 (Asymmetric Encryption)")
+    ES256 = "ES256", _("ES256 (Asymmetric Encryption)")
 class ScopeMapping(PropertyMapping):
@ -255,7 +255,7 @@ class OAuth2Provider(Provider):
        if isinstance(private_key, RSAPrivateKey):
            return key.key_data, JWTAlgorithms.RS256
        if isinstance(private_key, EllipticCurvePrivateKey):
-            return key.key_data, JWTAlgorithms.EC256
+            return key.key_data, JWTAlgorithms.ES256
        raise Exception(f"Invalid private key type: {type(private_key)}")
    def get_issuer(self, request: HttpRequest) -> Optional[str]:
--- a/authentik/providers/oauth2/views/jwks.py
+++ b/authentik/providers/oauth2/views/jwks.py
@ -55,7 +55,7 @@ class JWKSView(View):
                response_data["keys"] = [
                    {
                        "kty": "EC",
-                        "alg": JWTAlgorithms.EC256,
+                        "alg": JWTAlgorithms.ES256,
                        "use": "sig",
                        "kid": signing_key.kid,
                        "n": b64_enc(public_numbers.n),
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@ -270,7 +270,7 @@ class TokenParams:
                token = decode(
                    assertion,
                    public_key,
-                    algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256],
+                    algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
                    options={
                        "verify_aud": False,
                    },
--- a/locale/de/LC_MESSAGES/django.po
+++ b/locale/de/LC_MESSAGES/django.po
@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (Asymmetrische Verschlüsselung)"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
 msgstr "RS256 (Asymmetrische Verschlüsselung)"
 #: authentik/providers/oauth2/models.py:99
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr ""
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
 msgstr ""
 #: authentik/providers/oauth2/models.py:99
--- a/locale/es/LC_MESSAGES/django.po
+++ b/locale/es/LC_MESSAGES/django.po
@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (cifrado asimétrico)"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
-msgstr "EC256 (cifrado asimétrico)"
+msgstr "ES256 (cifrado asimétrico)"
 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/tr/LC_MESSAGES/django.po
+++ b/locale/tr/LC_MESSAGES/django.po
@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (Asimetrik Şifreleme)"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
-msgstr "EC256 (Asimetrik Şifreleme)"
+msgstr "ES256 (Asimetrik Şifreleme)"
 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh-Hans/LC_MESSAGES/django.po
+++ b/locale/zh-Hans/LC_MESSAGES/django.po
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgstr "ES256（非对称加密）"
 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh-Hant/LC_MESSAGES/django.po
+++ b/locale/zh-Hant/LC_MESSAGES/django.po
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgstr "ES256（非对称加密）"
 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh_CN/LC_MESSAGES/django.po
+++ b/locale/zh_CN/LC_MESSAGES/django.po
@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgstr "ES256（非对称加密）"
 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"
--- a/locale/zh_TW/LC_MESSAGES/django.po
+++ b/locale/zh_TW/LC_MESSAGES/django.po
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256（非对称加密）"
 #: authentik/providers/oauth2/models.py:93
-msgid "EC256 (Asymmetric Encryption)"
+msgid "ES256 (Asymmetric Encryption)"
-msgstr "EC256（非对称加密）"
+msgstr "ES256（非对称加密）"
 #: authentik/providers/oauth2/models.py:99
 msgid "Scope used by the client"