Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support RS256 JWTs #177

Merged
merged 26 commits into from
Oct 5, 2024
Merged

Support RS256 JWTs #177

merged 26 commits into from
Oct 5, 2024

Commits on Nov 11, 2023

  1. cargo fmt

    @cole-h
    cole-h committed Nov 11, 2023
    Configuration menu
    Copy the full SHA
    9001fa5 View commit details
    Browse the repository at this point in the history

  2. Migrate to jsonwebtoken

    @grahamc @cole-h
    grahamc authored and cole-h committed Nov 11, 2023
    Configuration menu
    Copy the full SHA
    3e0b65a View commit details
    Browse the repository at this point in the history

  3. server: HS256 -> RS256 secrets

    @grahamc @cole-h
    grahamc authored and cole-h committed Nov 11, 2023
    Configuration menu
    Copy the full SHA
    9511afd View commit details
    Browse the repository at this point in the history

  4. Make the nix flake check tests pass

    @grahamc @cole-h
    grahamc authored and cole-h committed Nov 11, 2023
    Configuration menu
    Copy the full SHA
    d49cd33 View commit details
    Browse the repository at this point in the history

  5. Cargo.toml: set resolver = 2 

    There are some 2021-edition crates that Cargo was warning about.
    @cole-h
    cole-h committed Nov 11, 2023
    Configuration menu
    Copy the full SHA
    936e5c4 View commit details
    Browse the repository at this point in the history

  6. server: rename RS256 secret stuff to note that it's base64 encoded 

    So it's Base64<PEM bytes>, not just PEM bytes.
    @cole-h
    cole-h committed Nov 11, 2023
    Configuration menu
    Copy the full SHA
    d0dfdde View commit details
    Browse the repository at this point in the history

Commits on Nov 12, 2023

  1. token: aud claim is a list-or-string

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    7ed3f92 View commit details
    Browse the repository at this point in the history

  2. server: support configuring the iss, aud claim validation 

    The JWT spec [1] basically says that JWTs must validate the `aud` claim
if its specified:

> If the principal
> processing the claim does not identify itself with a value in the
> "aud" claim when this claim is present, then the JWT MUST be
> rejected.

[1]: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    20e0a2b View commit details
    Browse the repository at this point in the history

  3. cargo fmt

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    17b2ed7 View commit details
    Browse the repository at this point in the history

  4. integration tests: fixup config

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    fcc0494 View commit details
    Browse the repository at this point in the history

  5. token: fixup JWT creation 

    Since we now validate the `sub` and `nbf` claims, they need to be set
when atticadm generates them.
    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    9e23916 View commit details
    Browse the repository at this point in the history

  6. book: fixup docs

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    ba9f3f5 View commit details
    Browse the repository at this point in the history

  7. attic: nix_store tests: original_file -> _original_file

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    dcd7d7f View commit details
    Browse the repository at this point in the history

  8. server: support HS256, RS256 JWT secrets

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    427ae45 View commit details
    Browse the repository at this point in the history

  9. attic-token: use Not trait instead of is_false function for skipping … 

    …serializing `false` permissions
    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    bd30211 View commit details
    Browse the repository at this point in the history

  10. book: update nixos config example

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    d0c726d View commit details
    Browse the repository at this point in the history

  11. server: fixup oobe random secret generation

    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    32e6d85 View commit details
    Browse the repository at this point in the history

  12. Move back to jwt_simple 

    This effectively reverts commit 3e0b65a.

Because jwt_simple doesn't have a unified type / trait that allows
signature and verification, I had to add a SignatureType enum to
approximate that.
    @cole-h
    cole-h committed Nov 12, 2023
    Configuration menu
    Copy the full SHA
    0a9d493 View commit details
    Browse the repository at this point in the history

Commits on Feb 26, 2024

  1. Support pubkey-only JWT configuration

    @cole-h
    cole-h committed Feb 26, 2024
    Configuration menu
    Copy the full SHA
    756fef8 View commit details
    Browse the repository at this point in the history

  2. Merge remote-tracking branch 'upstream/main' into rs256-support

    @cole-h
    cole-h committed Feb 26, 2024
    Configuration menu
    Copy the full SHA
    41b42b6 View commit details
    Browse the repository at this point in the history

  3. fixup: missing field

    @cole-h
    cole-h committed Feb 26, 2024
    Configuration menu
    Copy the full SHA
    c943b52 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2024

  1. Merge remote-tracking branch 'upstream/main' into rs256-support

    @cole-h
    cole-h committed Jul 26, 2024
    Configuration menu
    Copy the full SHA
    858e5be View commit details
    Browse the repository at this point in the history

  2. fixup: regenerate test token

    @cole-h
    cole-h committed Jul 26, 2024
    Configuration menu
    Copy the full SHA
    119598d View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2024

  1. Merge branch 'main' into HEAD

    @zhaofengli
    zhaofengli committed Oct 5, 2024
    Configuration menu
    Copy the full SHA
    5d6560e View commit details
    Browse the repository at this point in the history

  2. token: Bring back HS256 test 

    This does make it decode the keys every iteration in the stability
test, which isn't too much of an issue and can be fixed later.
    @zhaofengli
    zhaofengli committed Oct 5, 2024
    Configuration menu
    Copy the full SHA
    0d2b200 View commit details
    Browse the repository at this point in the history

  3. server/config: Provide instructions for the user to migrate their HS2… 

    …56 config
    @zhaofengli
    zhaofengli committed Oct 5, 2024
    Configuration menu
    Copy the full SHA
    d2363b5 View commit details
    Browse the repository at this point in the history