New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token Exchange and Elliptic Curve public key #8817
Comments
Eric commented: Need to be tested using RSA & EC certificate.
{noformat}openssl ecparam -name prime256v1 -genkey -noout -out ec-prime256v1-key.pem How to test: create an ExtensionGrant plugin!image-20230118-162241.png|width=1289,height=752!
!image-20230118-162428.png|width=1253,height=869! !image-20230118-162443.png|width=1304,height=714!
!image-20230118-163009.png|width=1240,height=694!
{noformat}curl -X POST \ http://localhost:8092/domain/oauth/token \ -H 'Authorization: Basic PUT_HERE_BASE64(clientid:clientsecret)' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=PUT_HERE_YOUR_ACCESS_TOKEN'{noformat} You should get a new access_token with the same claims as the one present in the one received at step 4 (excepted for claims jit, iat, exp) |
Sagar Chauhan commented: CC [~accountid:62b02ba1a58208122d9f6329] Given an incorrect public key is defined in the Extension Grant, if a user authenticates using app1 access_token into the second oauth/token call, then the user Is presented with Status 500 Internal Server Error without any specific error. !Screenshot 2023-01-24 at 18.28.57.png|width=1316,height=513! |
Ashraful Hasan commented: [~accountid:634e874659c794184bc7f1e7] , I think we can create a bug to fix it in the future release [not this week scheduled release]. This is a blocking feature for the customer and tt is very unlikely that someone will provide a wrong public key. [~accountid:624eebd3f6a269006961b268] may have another view. |
Sagar Chauhan commented: [~accountid:62b02ba1a58208122d9f6329] I agree with you. I will create a bug. Thank you. |
Sagar Chauhan commented: Environment 3.18.x Testing complete (/) |
When implementing a token exchange on an applications in Gravitee AM, the public key used to signed the token is an Elliptic Curve one but on the configuration only ssh-rsa and ssh-dsa keys are accepted.
The text was updated successfully, but these errors were encountered: