coolaj86/issuer.rest.walnut.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

allowing issuer's public key to be retrieved for any user

Browse Source
This commit is contained in:
tigerbot 2017-07-20 11:34:33 -06:00
parent c03f380e8d
commit 3c548e4a38
2 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -21,7 +21,7 @@ api: api.:hostname
authorization_dialog #/authorization_dialog authorization_dialog #/authorization_dialog
logout #/logout logout #/logout
create_jwk: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub create_jwk: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub
jwks: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub/:kid.json retrieve_jwk: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub/:kid.json
grants: :scheme//:hostname/api/issuer@oauth3.org/grants/:sub/:azp? grants: :scheme//:hostname/api/issuer@oauth3.org/grants/:sub/:azp?
credential_meta: :scheme//:hostname/api/issuer@oauth3.org/logins/meta/:type/:id credential_meta: :scheme//:hostname/api/issuer@oauth3.org/logins/meta/:type/:id
credential_otp: :scheme//:hostname/api/issuer@oauth3.org/otp credential_otp: :scheme//:hostname/api/issuer@oauth3.org/otp

31
rest.js
View File

@ -92,24 +92,26 @@ module.exports.create = function (bigconf, deps, app) {
}; };
Jwks.restful.get = function (req, res) { Jwks.restful.get = function (req, res) {
var store;
// The sub in params is the 3rd party PPID, but the keys are stored by the issuer PPID, so // The sub in params is the 3rd party PPID, but the keys are stored by the issuer PPID, so
// we need to look up the issuer PPID using the 3rd party PPID. // we need to look up the issuer PPID using the 3rd party PPID.
var promise = req.getSiteStore().then(function (_store) { var promise = req.getSiteStore().then(function (store) {
store = _store; if (req.params.kid === req.experienceId) {
return store.IssuerOauth3OrgGrants.find({ azpSub: req.params.sub }); return store.IssuerOauth3OrgPrivateKeys.get(req.experienceId);
}).then(function (results) {
if (!results.length) {
throw new Error("unknown PPID '"+req.params.sub+"'");
}
if (results.length > 1) {
// This should not ever happen since there is a check for PPID collisions when saving
// grants, but it's probably better to have this check anyway just incase something
// happens that isn't currently accounted for.
throw new Error('PPID collision - unable to safely retrieve keys');
} }
return store.IssuerOauth3OrgJwks.get(results[0].sub+'/'+req.params.kid); return store.IssuerOauth3OrgGrants.find({ azpSub: req.params.sub }).then(function (results) {
if (!results.length) {
throw new Error("unknown PPID '"+req.params.sub+"'");
}
if (results.length > 1) {
// This should not ever happen since there is a check for PPID collisions when saving
// grants, but it's probably better to have this check anyway just incase something
// happens that isn't currently accounted for.
throw new Error('PPID collision - unable to safely retrieve keys');
}
return store.IssuerOauth3OrgJwks.get(results[0].sub+'/'+req.params.kid);
});
}).then(function (jwk) { }).then(function (jwk) {
if (!jwk) { if (!jwk) {
throw new Error("no keys stored with kid '"+req.params.kid+"' for PPID "+req.params.sub); throw new Error("no keys stored with kid '"+req.params.kid+"' for PPID "+req.params.sub);
@ -272,6 +274,7 @@ module.exports.create = function (bigconf, deps, app) {
}; };
app.get( '/jwks/:sub/:kid.json', Jwks.restful.get); app.get( '/jwks/:sub/:kid.json', Jwks.restful.get);
app.get( '/jwks/:sub/:kid', Jwks.restful.get);
// Everything but getting keys is only for the issuer // Everything but getting keys is only for the issuer
app.use( '/jwks/:sub', authorizeIssuer, attachSiteStore.bind(null, 'IssuerOauth3OrgJwks')); app.use( '/jwks/:sub', authorizeIssuer, attachSiteStore.bind(null, 'IssuerOauth3OrgJwks'));
app.post( '/jwks/:sub', Jwks.restful.saveNew); app.post( '/jwks/:sub', Jwks.restful.saveNew);