Comments (3)
aeneasr
commented on May 4, 2024
upstream square/go-jose#95
from hydra.
aeneasr
commented on May 4, 2024
Without support from go-jose, the library needs to be forked and the functionality added. the specification for x509 certificates is available at https://tools.ietf.org/html/rfc7517
Until that is implemented, the HTTPS TLS certificate is gob encoded and stored as a PSK in the JWK store. It should be documented that the JWK store does not support the x509 claims as of now.
This approach is okay because:
- There is no security impact. PSKs are encrypted using AES-GCM as well
- It is not trivial to add a new TLS certificate using the HTTP REST API. this could be documented somewhere. importing TLS certificates still works!
- Precomputed values are removed to reduce likelyhood of possible attack vector
- One draw back is that clients need to be able to decode gob streams. As the certificate will be used only internally in hydra, this is not an issue.
from hydra.
aeneasr
commented on May 4, 2024
There's not field for it in the struct right now, but it should be fairly simple to add. I can take a look at adding this next week maybe. Or if you want to take a shot at it, pull requests are welcome!
from hydra.
Related Issues (20)
- Internal Server Error when doing POST to /oauth2/token during Code Grant flow when exchanging Code on Token HOT 1
- `Dockerfile`: Remove `VOLUME` instruction
- `Dockerfile`: Remove `/etc/nsswitch.conf` workaround HOT 1
- Configure sensitive fields that should be redacted HOT 1
- Cannot sign up twice from the same client
- Reading cookie in cross-site context will be blocked in future Chrome versions HOT 7
- Add tracing headers (or cookies) to the "User login and consent flow" so login service and ui service can link their traces to hydra's traceparent HOT 1
- quickstart 5-min fails: permission denied
- cli: add access token strategy parameter HOT 1
- Calling end_session_endpoint with id_token_hint errors when JWK is rotated HOT 2
- UPGRADE.md is outdated and linked in release communications for 2.2
- Cannot exchange external OIDC ID token for Hydra access token due to `aud` claim handling in Hydra HOT 1
- cli: add `--id` parameter to the `create oauth2-client` command
- Assertions may be reused & dead lock
- Add `prompt=create` alias for `prompt=registration`
- Add scope strategy allowing different separator for prefixes, resources and verbs HOT 1
- Deletes are not getting committed on CockroachDB HOT 2
- Deletes are not respecting the time boundaries with CockroachDB HOT 1
- /admin/oauth2/auth/requests/login returns 200 instead of 410 for a used login_challenge HOT 1
- Not able to perform simultaneous auth flows with the same client
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hydra.