ipsilon

Clone
Source Code
GIT

#170 Fix requesting unsigned responses
Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.
puiterwijk/ipsilon ticket-241  into  master

file modified
+9 -4 
@@ -319,14 +319,19 @@ 
 

              return self._respond_error('invalid_request',
 

                                         'No userinfo for token')
 

  

-         if 'userinfo_signed_response_alg' in self.api_client:
 

+         if self.api_client.get('userinfo_signed_response_alg'):
 

              cherrypy.response.headers.update({
 

                  'Content-Type': 'application/jwt'
 

              })
 

  

-             sig = JWT(header={'alg': 'RS256',
 

-                               'kid': self.cfg.idp_sig_key_id},
 

-                       claims=info)
 

+             if self.api_client.get('userinfo_signed_response_alg') == 'RS256':
 

+                 sig = JWT(header={'alg': 'RS256',
 

+                                   'kid': self.cfg.idp_sig_key_id},
 

+                           claims=info)
 

+             else:
 

+                 return self._respond_error(
 

+                     'unsupported_response_type',
 

+                     'Requested signing mech not supported')
 

              # FIXME: Maybe add other algorithms in the future
 

              sig.make_signed_token(self.cfg.keyset.get_key(
 

                  self.cfg.idp_sig_key_id))

Ticket: #241
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com

+1, LGTM

Commit cbcadfd fixes this pull-request

Pull-Request has been merged by puiterwijk@redhat.com
7 years ago
Metadata
None
No Tags
Flags
jenkins
success (100%)
Build successful
7 years ago
Changes Summary 1
+9 -4
file changed
ipsilon/providers/openidc/api.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.