alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Use OIDC nonce as the reuse key.

Browse source
This commit is contained in:
Mariano Cano 2019-03-12 15:47:18 -07:00
parent 3e234427ed
commit 07cdc1021c
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
authority/authorize.go
View file

@ -61,8 +61,15 @@ func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error) {
} }
// Store the token to protect against reuse. // Store the token to protect against reuse.
if p.GetType() == provisioner.TypeJWK && claims.ID != "" { var reuseKey string
if _, ok := a.ottMap.LoadOrStore(claims.ID, &idUsed{ switch p.GetType() {
case provisioner.TypeJWK:
reuseKey = claims.ID
case provisioner.TypeOIDC:
reuseKey = claims.Nonce
}
if reuseKey != "" {
if _, ok := a.ottMap.LoadOrStore(reuseKey, &idUsed{
UsedAt: time.Now().Unix(), UsedAt: time.Now().Unix(),
Subject: claims.Subject, Subject: claims.Subject,
}); ok { }); ok {