Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 8f129a6ced
         Add test for `wireDPOP01Validate` Herman Slatman 2024-01-15 22:36:31 +0100
  • d84abac4df
         Add test for `wireOIDC01Validate` Herman Slatman 2024-01-15 21:59:20 +0100
  • a2304c8498
         Add tests for Wire ID parsing Herman Slatman 2024-01-15 20:27:56 +0100
  • c46434f6e0
         Make the example Wire handle consistent Herman Slatman 2024-01-15 19:44:02 +0100
  • bca179d611
         Make the Wire API integration test a bit more like the real flow Herman Slatman 2024-01-15 19:15:15 +0100
  • 3a840bf605
         Merge pull request #1676 from smallstep/dependabot/go_modules/google.golang.org/api-0.156.0 v0.25.3-rc2 github-actions[bot] 2024-01-15 18:03:02 +0100
  • 5b35f5c2d7
         Bump google.golang.org/api from 0.155.0 to 0.156.0 dependabot[bot] 2024-01-15 15:42:13 +0000
  • ff7e2f9c2d
         Merge pull request #1675 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.41.0 github-actions[bot] 2024-01-15 16:39:27 +0100
  • 2efd1f682d
         Fix expected error type check Herman Slatman 2024-01-15 16:31:00 +0100
  • b2c434a94b
         Bump golang.org/x/net from 0.19.0 to 0.20.0 dependabot[bot] 2024-01-15 15:27:43 +0000
  • ee4f51a7af
         Bump go.step.sm/crypto from 0.40.0 to 0.41.0 dependabot[bot] 2024-01-15 15:27:23 +0000
  • 43e66821a7
         Bump golang.org/x/crypto from 0.17.0 to 0.18.0 dependabot[bot] 2024-01-15 15:27:10 +0000
  • 7d5a79190d
         Add tests for Wire `OIDC` and `DPoP` token persistence Herman Slatman 2024-01-15 16:25:53 +0100
  • 768a08965d
         Store transformed OIDC token Herman Slatman 2024-01-15 13:47:44 +0100
  • 29202eff26
         Add support for functions in OIDC token transformation template Herman Slatman 2024-01-15 13:17:44 +0100
  • d5b0d92bce
         Fix Wire ID token test comment Herman Slatman 2024-01-12 17:03:55 +0100
  • 0ad381b092
         Add OIDC token template transformation Herman Slatman 2024-01-12 16:48:21 +0100
  • 2c27e865cb
         Fix linting issue Herman Slatman 2024-01-12 12:04:04 +0100
  • 231f03ae28
         Use a struct for the Wire DPoP token herman/wire-dpop-struct Herman Slatman 2024-01-12 11:46:25 +0100
  • 9bb1b24bf1
         Change `kid` and `dpop` validation Herman Slatman 2024-01-12 10:44:49 +0100
  • 3f37feae78
         Merge pull request #1671 from smallstep/herman/wire-configuration-refactor Herman Slatman 2024-01-12 10:26:14 +0100
  • c8160caacd
         Fix test; reworded error message Herman Slatman 2024-01-12 10:22:25 +0100
  • 24795720e1
         Perform initialization of DPoP and OIDC options once Herman Slatman 2024-01-12 10:16:02 +0100
  • 79739e5073
         Change signature algorithm property name Herman Slatman 2024-01-12 09:48:49 +0100
  • 7eacb68361
         Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor Herman Slatman 2024-01-11 21:29:15 +0100
  • 44721a7d58
         Remove debug err print Herman Slatman 2024-01-11 21:24:39 +0100
  • 348363abce
         Add Wire `DPoP` proof claims verification Herman Slatman 2024-01-11 21:19:24 +0100
  • 1bf807add3
         Use base64 encoded signing key format Herman Slatman 2024-01-11 17:04:08 +0100
  • 1f5f756fce
         Make Wire options more robust Herman Slatman 2024-01-11 16:14:53 +0100
  • 6ef64b6ed6
         Refactor the `Wire` option configuration Herman Slatman 2024-01-11 15:08:44 +0100
  • b6fc0005d5
         Add verification of maximum expiry time for Wire tokens Herman Slatman 2024-01-11 14:24:34 +0100
  • b964c97750
         Add validation of `handle` and `token` to Wire verification Herman Slatman 2024-01-11 13:47:17 +0100
  • acad227b25
         Put Wire options in lower level `wire` struct Herman Slatman 2024-01-11 13:18:43 +0100
  • cd9480ab14
         Fix test for `parseAndVerifyWireAccessToken` Herman Slatman 2024-01-11 12:42:43 +0100
  • 897688a831
         Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli Herman Slatman 2024-01-11 12:03:52 +0100
  • ca8855767d
         Fix and add more tests to Wire order identifier validation Herman Slatman 2024-01-11 11:47:06 +0100
  • 70a2f431fa
         Address review remarks Herman Slatman 2024-01-11 11:06:39 +0100
  • f1c54d6852
         Merge pull request #1665 from smallstep/herman/fix-error-msg-csr-validation Herman Slatman 2024-01-11 09:51:02 +0100
  • de25740567
         Change name of test for Wire Order Herman Slatman 2024-01-10 21:16:04 +0100
  • c7892e9cd3
         Remove the `rusty-jwt-cli` configuration Herman Slatman 2024-01-10 20:51:19 +0100
  • a423151207
         Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli Herman Slatman 2024-01-10 20:48:55 +0100
  • ffd887f8cc
         Fix tests for ACME Wire provisioner Herman Slatman 2024-01-10 20:23:01 +0100
  • 8997ce1a1e
         Disable `wire-dpop-01` and `wire-oidc-01` by default Herman Slatman 2024-01-10 20:06:02 +0100
  • bf8c17e3ec
         Remove the Wire `oidc` and `dpop` from attestation formats Herman Slatman 2024-01-10 19:12:22 +0100
  • 033aef9f9d
         Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli Herman Slatman 2024-01-10 18:57:51 +0100
  • 6a98fea1f3
         Fix linter issues Herman Slatman 2024-01-10 18:36:24 +0100
  • 8faf26c593
         Change `KeyAuth` back to old behavior (for now) Herman Slatman 2024-01-10 18:32:18 +0100
  • bf5f1201ea
         fix: keyauth was not bound to the id token beltram 2024-01-09 14:38:17 +0100
  • e2a2e00526
         Make template use `DeviceId` for now Herman Slatman 2024-01-10 17:08:29 +0100
  • 29fa6621b1
         Remove the Wire CLI invocatation Herman Slatman 2024-01-10 15:12:28 +0100
  • 7a464cdb17
         Use `require` to check for errors in Wire integration test Herman Slatman 2024-01-09 21:52:00 +0100
  • 776a839a42
         Fix linter issues and improve error handling Herman Slatman 2024-01-09 21:31:10 +0100
  • f5a2f436df
         Fix missing `DPoP` and `OIDC` tokens for Wire integration test Herman Slatman 2024-01-09 18:24:37 +0100
  • eb9893bd21
         Refactor logic for processing `WireID` identifiers in Order Herman Slatman 2024-01-09 18:22:21 +0100
  • 40668ae09e
         Refactor `WireID` target processing a bit Herman Slatman 2024-01-09 16:52:09 +0100
  • 01169b2483
         Make the `Target` optional in `Challenge` object Herman Slatman 2024-01-09 16:43:18 +0100
  • 85309bb8ec
         Fix the integration test Herman Slatman 2024-01-09 00:33:01 +0100
  • fdea5e7db3
         Fix tests for new ACME orders with Wire IDs Herman Slatman 2024-01-08 23:16:31 +0100
  • c1a7acc306
         Make it compile with Go 1.20 again Herman Slatman 2024-01-08 22:21:27 +0100
  • 84e9682476
         feat: change the separator between user-id & device-id in a client-id. Use '!' instead of ':' beltram 2024-01-05 09:56:34 +0100
  • 90b5347887
         feat: try using the new ClientId & Handle format (i.e. plain URIs) beltram 2024-01-02 14:38:41 +0100
  • 39bf889925
         feat: remove query parameters from OIDC issuerUrl so that it allows us to use it to carry the OAuth ClientId in the Challenge.target field without at the same time undermining the idToken verification which relies on a issuer (iss) claim without this query parameter beltram 2023-12-15 15:17:17 +0100
  • d6ceebba94
         feat: update the protocol by including team & handle in the client dpop token, verifying the handle in the dpop challenge beltram 2023-11-22 14:59:45 +0100
  • 6ffd913e28
         feat: remove custom hardcoded OIDC challenge for Google beltram 2023-11-20 11:33:08 +0100
  • 2be77385f6
         fix: same issue as with oidc challenge beltram 2023-09-12 17:12:25 +0200
  • ff07fdc0fd
         fix: oups beltram 2023-09-12 16:00:53 +0200
  • 13df461e97
         fix: could not reuse a signing key otherwise it would create in accounts & orders and fail the OIDC challenge. The OIDC challenge was not retryable beltram 2023-09-12 14:15:24 +0200
  • 83f76433a8
         b64 encode the kid since apparently it wasn't beltram 2023-07-28 16:47:11 +0200
  • 8fd0192da3
         print kid for debugging beltram 2023-07-28 16:19:12 +0200
  • 4d028f7813
         client jwk was there the whole time beltram 2023-07-28 15:59:18 +0200
  • ed2bce9a3c
         fix: access token verification in DPoP challenge. Was previously verifying 'cnf.kid' against backend key whereas it must be against client's key beltram 2023-07-28 15:16:59 +0200
  • 5fdf036a4d
         fix: invalid OID for display name in CSR beltram 2023-06-06 13:52:20 +0200
  • 9d5c974f44
         fix: PR review beltram 2023-05-26 10:23:24 +0200
  • 1b32957ff6
         fix: verify custom display_name extension is present beltram 2023-05-23 17:19:12 +0200
  • ab9e1ddb28
         Make `MockDB` implement `acme.DB` interface again Herman Slatman 2024-01-08 22:00:50 +0100
  • 7b5740153d
         support for oidc id token beltram 2023-05-22 15:51:02 +0200
  • f5b346ee36
         i'm tired beltram 2023-05-22 15:12:47 +0200
  • 03dbd91418
         fix dpop token json serialization to db beltram 2023-05-22 14:33:32 +0200
  • 613e6cae6e
         wip beltram 2023-05-22 12:37:36 +0200
  • 0b68e1bbcf
         Add `GetAllOrdersByAccountID` to `MockDB` Herman Slatman 2024-01-08 21:44:10 +0100
  • 8888262e45
         cheat by allowing also looking up for ready orders beltram 2023-05-22 12:15:08 +0200
  • 0bc530c98e
         log more things beltram 2023-05-22 11:51:33 +0200
  • 2e128056dc
         have updateOrder also update the update joint table [order by account] beltram 2023-05-17 17:29:38 +0200
  • 1a711e1b91
         Add new Wire DB methods to `acme.DB` interface Herman Slatman 2024-01-08 21:34:01 +0100
  • abe86002ee
         try by storing everything in db beltram 2023-05-16 14:33:11 +0200
  • 76dfcb00e4
         try silencing template data for dichotomies beltram 2023-05-15 10:36:43 +0200
  • a32bb66e47
         trying to pass access token to template beltram 2023-05-12 16:12:20 +0200
  • ff41a1193d
         fix deviceId computing in dpop challenge beltram 2023-05-05 15:39:40 +0200
  • 5ceed08ae0
         Reorganize parsing target Stefan Berthold 2023-05-05 12:45:04 +0200
  • 83ba0bdc51
         Replace field access by accessor functions Stefan Berthold 2023-05-05 11:40:47 +0200
  • c4fb19d01f
         passing expected issuer to rusty-jwt-cli beltram 2023-05-04 17:29:19 +0200
  • 2b1223a080
         simpler beltram 2023-05-04 14:47:54 +0200
  • 036a144e09
         add oidc target beltram 2023-05-04 14:39:45 +0200
  • 97002040a5
         fix: challenge target field was not mapped to db entity beltram 2023-05-04 10:57:49 +0200
  • d32a3e23f0
         wip beltram 2023-05-03 17:31:26 +0200
  • b58de27675
         fix: do not convert URIs to lowercase for comparison purpose beltram 2023-04-04 16:33:35 +0200
  • 7c9f8020d5
         fix: add URI prefix to handle beltram 2023-04-03 17:09:59 +0200
  • 680b6ea08f
         adapt google demo for wire's special handle format "{firstname}_wire" beltram 2023-03-30 14:33:04 +0200
  • a97991aa83
         infer domain from google email address beltram 2023-03-29 15:40:50 +0200
  • 49ad2d9967
         fix google id token matching in oidc challenge beltram 2023-03-29 14:49:29 +0200