barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-05-17 09:40:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: ensure public key pairs with private key in oidc service

Browse Source
This commit is contained in:
Stavros
2026-05-16 20:43:50 +03:00
parent 482ba9d99f
commit 8932f2ad46
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/service/oidc_service.go
+13 -3
View File
@@ -239,6 +239,16 @@ func NewOIDCService(
} }
} }
rPublicKey, ok := publicKey.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("public key is not an rsa public key")
}
if rPublicKey.N.Cmp(privateKey.N) != 0 || rPublicKey.E != privateKey.E {
return nil, fmt.Errorf("public key does not pair with private key")
}
// We will reorganize the client into a map with the client ID as the key // We will reorganize the client into a map with the client ID as the key
clients := make(map[string]model.OIDCClientConfig) clients := make(map[string]model.OIDCClientConfig)
@@ -271,7 +281,7 @@ func NewOIDCService(
clients: clients, clients: clients,
privateKey: privateKey, privateKey: privateKey,
publicKey: publicKey.(*rsa.PublicKey), publicKey: rPublicKey,
issuer: issuer, issuer: issuer,
} }
@@ -822,13 +832,13 @@ func (service *OIDCService) GetJWK() ([]byte, error) {
hasher.Write(der) hasher.Write(der)
jwk := jose.JSONWebKey{ jwk := jose.JSONWebKey{
Key: service.privateKey, Key: service.publicKey,
Algorithm: string(jose.RS256), Algorithm: string(jose.RS256),
Use: "sig", Use: "sig",
KeyID: base64.URLEncoding.EncodeToString(hasher.Sum(nil)), KeyID: base64.URLEncoding.EncodeToString(hasher.Sum(nil)),
} }
return jwk.Public().MarshalJSON() return jwk.MarshalJSON()
} }
func (service *OIDCService) ValidatePKCE(codeChallenge string, codeVerifier string) bool { func (service *OIDCService) ValidatePKCE(codeChallenge string, codeVerifier string) bool {