coolaj86/issuer.rest.walnut.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

allowing issuer's public key to be retrieved for any user

Browse Source
This commit is contained in:
tigerbot 2017-07-20 11:34:33 -06:00
parent c03f380e8d
commit 3c548e4a38
2 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -21,7 +21,7 @@ api: api.:hostname
authorization_dialog #/authorization_dialog
logout #/logout
create_jwk: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub
jwks: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub/:kid.json
retrieve_jwk: :scheme//:hostname/api/issuer@oauth3.org/jwks/:sub/:kid.json
grants: :scheme//:hostname/api/issuer@oauth3.org/grants/:sub/:azp?
credential_meta: :scheme//:hostname/api/issuer@oauth3.org/logins/meta/:type/:id
credential_otp: :scheme//:hostname/api/issuer@oauth3.org/otp

13
rest.js
View File

@ -92,13 +92,14 @@ module.exports.create = function (bigconf, deps, app) {
};
Jwks.restful.get = function (req, res) {
var store;
// The sub in params is the 3rd party PPID, but the keys are stored by the issuer PPID, so
// we need to look up the issuer PPID using the 3rd party PPID.
var promise = req.getSiteStore().then(function (_store) {
store = _store;
return store.IssuerOauth3OrgGrants.find({ azpSub: req.params.sub });
}).then(function (results) {
var promise = req.getSiteStore().then(function (store) {
if (req.params.kid === req.experienceId) {
return store.IssuerOauth3OrgPrivateKeys.get(req.experienceId);
}
return store.IssuerOauth3OrgGrants.find({ azpSub: req.params.sub }).then(function (results) {
if (!results.length) {
throw new Error("unknown PPID '"+req.params.sub+"'");
}
@ -110,6 +111,7 @@ module.exports.create = function (bigconf, deps, app) {
}
return store.IssuerOauth3OrgJwks.get(results[0].sub+'/'+req.params.kid);
});
}).then(function (jwk) {
if (!jwk) {
throw new Error("no keys stored with kid '"+req.params.kid+"' for PPID "+req.params.sub);
@ -272,6 +274,7 @@ module.exports.create = function (bigconf, deps, app) {
};
app.get( '/jwks/:sub/:kid.json', Jwks.restful.get);
app.get( '/jwks/:sub/:kid', Jwks.restful.get);
// Everything but getting keys is only for the issuer
app.use( '/jwks/:sub', authorizeIssuer, attachSiteStore.bind(null, 'IssuerOauth3OrgJwks'));
app.post( '/jwks/:sub', Jwks.restful.saveNew);