authelia

Commit Graph

Author	SHA1	Message	Date
James Elliott	7cf907b23d	feat(oidc): client_secret_jwt authentication This adds the authentication machinery for the client_secret_jwt Default Client Authentication Strategy. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>	2023-05-11 20:42:13 +10:00
James Elliott	6810c91d34	feat(oidc): issuer jwk certificates (#3989 ) This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.	2022-10-02 13:07:40 +11:00
James Elliott	ef549f851d	feat(oidc): add additional config options, accurate token times, and refactoring (#1991 ) * This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes. * Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. * Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.	2021-07-04 09:44:30 +10:00

Author

SHA1

Message

Date

James Elliott

7cf907b23d

feat(oidc): client_secret_jwt authentication

This adds the authentication machinery for the client_secret_jwt Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

2023-05-11 20:42:13 +10:00

James Elliott

6810c91d34

feat(oidc): issuer jwk certificates (#3989 )

This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.

2022-10-02 13:07:40 +11:00

James Elliott

ef549f851d

feat(oidc): add additional config options, accurate token times, and refactoring (#1991 )

* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.

2021-07-04 09:44:30 +10:00

3 Commits (435d8e35fd80f3124507ca20d0dd5b56f4c153e1)