Use OIDC nonce as the reuse key.

This commit is contained in:
Mariano Cano 2019-03-12 15:47:18 -07:00
parent 3e234427ed
commit 07cdc1021c

View file

@ -61,8 +61,15 @@ func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error) {
} }
// Store the token to protect against reuse. // Store the token to protect against reuse.
if p.GetType() == provisioner.TypeJWK && claims.ID != "" { var reuseKey string
if _, ok := a.ottMap.LoadOrStore(claims.ID, &idUsed{ switch p.GetType() {
case provisioner.TypeJWK:
reuseKey = claims.ID
case provisioner.TypeOIDC:
reuseKey = claims.Nonce
}
if reuseKey != "" {
if _, ok := a.ottMap.LoadOrStore(reuseKey, &idUsed{
UsedAt: time.Now().Unix(), UsedAt: time.Now().Unix(),
Subject: claims.Subject, Subject: claims.Subject,
}); ok { }); ok {