Mariano Cano
8a05cdde52
Add audience in the error v2
2019-03-18 10:59:36 -07:00
Mariano Cano
f8fba4df6b
Add audience in error.
2019-03-18 10:57:29 -07:00
Mariano Cano
23e6de57a2
Address comments in code review.
2019-03-13 11:26:18 -07:00
Mariano Cano
07cdc1021c
Use OIDC nonce as the reuse key.
2019-03-12 15:47:18 -07:00
Mariano Cano
ef4d809ee6
Move matchesAudience and stripPort tests to provisioner package.
2019-03-11 15:47:57 -07:00
Mariano Cano
af9688c419
Fix some testing errors.
2019-03-08 18:05:11 -08:00
Mariano Cano
2d00cd0933
Validate audiences in the default provisioner.
2019-03-06 18:32:56 -08:00
Mariano Cano
57b705f6cf
Use provisioner sign options.
2019-03-06 17:37:49 -08:00
Mariano Cano
602a42813c
Re-enable replay protection for JWK provisioner.
2019-03-06 17:00:45 -08:00
Mariano Cano
ab1cca03d7
Use new provisioners in authorize methods.
2019-03-06 15:04:28 -08:00
max furman
3415a1fef8
move SplitSANs to cli
2019-02-05 19:32:01 -08:00
max furman
6937bfea7b
claims.SANS -> claims.SANs
2019-02-04 20:22:02 -08:00
max furman
93f39c64a0
backwards compat only when SANS empty
2019-02-04 20:02:56 -08:00
max furman
fe8c8614b2
SANS backwards compat when token missing sujbect SAN
2019-02-01 12:18:10 -06:00
max furman
f0683c2e0a
Enable signing certificates with custom SANs
...
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Mariano Cano
7e95fc0e45
Strip ports on audience check.
...
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
d6cad2a7f3
Add provisioner option to disable renewal.
...
Fixes smallstep/ca-component#108
2018-11-01 15:43:24 -07:00
max furman
0d9dd2d14b
provisioner issuer -> name
2018-10-29 18:00:30 -07:00
max furman
a4a461466b
withProvisionerOID and unit test
2018-10-25 23:49:23 -07:00
max furman
283dc42904
add unit tests for MatchOne (token audience) and Authority.New
2018-10-25 15:17:22 -07:00
max furman
ee7db4006a
change sign + authorize authority api | add provisioners
...
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
2018-10-18 22:26:39 -07:00
Mariano Cano
1c1ac1b3fb
Add disableIssuedAt check functionality
...
Fixes #86
2018-10-24 18:59:48 -07:00
Mariano Cano
69da47a727
Set audience using the sign url.
2018-10-19 18:25:59 -07:00
max furman
0b5f6487e1
change provisioners api
...
* /provisioners -> /provisioners/jwk-set-by-issuer
* /provisioners now returns a list of Provisioners
2018-10-11 23:03:00 -07:00
max furman
c284a2c0ab
first commit
2018-10-05 21:48:36 +00:00