providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
closes #2703 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
9b6e47e6b8
commit
8be04cc013
|
@ -97,7 +97,7 @@ class JWTAlgorithms(models.TextChoices):
|
|||
|
||||
HS256 = "HS256", _("HS256 (Symmetric Encryption)")
|
||||
RS256 = "RS256", _("RS256 (Asymmetric Encryption)")
|
||||
EC256 = "EC256", _("EC256 (Asymmetric Encryption)")
|
||||
ES256 = "ES256", _("ES256 (Asymmetric Encryption)")
|
||||
|
||||
|
||||
class ScopeMapping(PropertyMapping):
|
||||
|
@ -255,7 +255,7 @@ class OAuth2Provider(Provider):
|
|||
if isinstance(private_key, RSAPrivateKey):
|
||||
return key.key_data, JWTAlgorithms.RS256
|
||||
if isinstance(private_key, EllipticCurvePrivateKey):
|
||||
return key.key_data, JWTAlgorithms.EC256
|
||||
return key.key_data, JWTAlgorithms.ES256
|
||||
raise Exception(f"Invalid private key type: {type(private_key)}")
|
||||
|
||||
def get_issuer(self, request: HttpRequest) -> Optional[str]:
|
||||
|
|
|
@ -55,7 +55,7 @@ class JWKSView(View):
|
|||
response_data["keys"] = [
|
||||
{
|
||||
"kty": "EC",
|
||||
"alg": JWTAlgorithms.EC256,
|
||||
"alg": JWTAlgorithms.ES256,
|
||||
"use": "sig",
|
||||
"kid": signing_key.kid,
|
||||
"n": b64_enc(public_numbers.n),
|
||||
|
|
|
@ -270,7 +270,7 @@ class TokenParams:
|
|||
token = decode(
|
||||
assertion,
|
||||
public_key,
|
||||
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.EC256],
|
||||
algorithms=[JWTAlgorithms.RS256, JWTAlgorithms.ES256],
|
||||
options={
|
||||
"verify_aud": False,
|
||||
},
|
||||
|
|
|
@ -734,7 +734,7 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256 (Asymmetrische Verschlüsselung)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "RS256 (Asymmetrische Verschlüsselung)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
|
|
|
@ -678,7 +678,7 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
|
|
|
@ -726,8 +726,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256 (cifrado asimétrico)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgstr "EC256 (cifrado asimétrico)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "ES256 (cifrado asimétrico)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
msgid "Scope used by the client"
|
||||
|
|
|
@ -719,8 +719,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256 (Asimetrik Şifreleme)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgstr "EC256 (Asimetrik Şifreleme)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "ES256 (Asimetrik Şifreleme)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
msgid "Scope used by the client"
|
||||
|
|
|
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgstr "EC256(非对称加密)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "ES256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
msgid "Scope used by the client"
|
||||
|
|
|
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgstr "EC256(非对称加密)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "ES256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
msgid "Scope used by the client"
|
||||
|
|
|
@ -697,8 +697,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgstr "EC256(非对称加密)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "ES256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
msgid "Scope used by the client"
|
||||
|
|
|
@ -696,8 +696,8 @@ msgid "RS256 (Asymmetric Encryption)"
|
|||
msgstr "RS256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:93
|
||||
msgid "EC256 (Asymmetric Encryption)"
|
||||
msgstr "EC256(非对称加密)"
|
||||
msgid "ES256 (Asymmetric Encryption)"
|
||||
msgstr "ES256(非对称加密)"
|
||||
|
||||
#: authentik/providers/oauth2/models.py:99
|
||||
msgid "Scope used by the client"
|
||||
|
|
Reference in New Issue