Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added callback-based request ID checking #581

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Conversation

wz2b
Copy link

@wz2b wz2b commented Nov 29, 2024

The main purpose of this PR is to add the ability to specify authorized IDs by passing in a checking function. This allows you to do more than just check that the ID is in a list - for example you can put expirations on the ID tokens.

For backward compatibility, I left the public-facing functions the same and added new ones with a 2 in the name, mostly because go doesn't support polymorphic function signatures.

The other small change I made was adding the ability to recognize the 2009 spec OAEP decryption that my current shibboleth feeds out. in the long run it might be better to allow users to specify allowed algorithms, if they wish.

wz2b added 5 commits November 29, 2024 20:34
…r own request ID check functions. This allows you to check IDs more carefully than you could with just an array - for example to do things like add timeouts to the validity of the auth id.

For backward compatibility, I left the original functions in place.

Also added an additional XML type for OAEP as current shibboleth returns a different type string

old: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
new: http://www.w3.org/2009/xmlenc11#rsa-oaep

For backward compatibility, I left the original functions the same.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant