* feat: add support for specifying allowed OIDC JWT signing algorithms (#2753)
TODO:
- [X] update docs
- [X] add support in yaml (modern) config
- [X] add more test(s)?
Add (legacy for now) configuration flag "oidc-enabled-signing-alg" (cfg:
oidc_enabled_signing_algs) that allows setting what signing algorithms
are specified by provider in JWT header ("alg" header claim).
In particular useful when skip_oidc_discovery = true, as verifier
defaults to only accept "RS256" in alg field in such circumstances.
Signed-off-by: Jan Larwig <jan@larwig.com>
* doc: update changelog and alpha config
Signed-off-by: Jan Larwig <jan@larwig.com>
* feat: add signing algorithm intersection handling with oidc discovery and additional tests
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* fix: NewRemoteKeySet is not using DefaultHTTPClient
Signed-off-by: Jan Larwig <jan@larwig.com>
* doc: add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* feat: Replace default Go user-agent with oauth2-proxy and version
* Add to CHANGELOG
* Make userAgentTransport configurable and composable
* Use correct naming convention for DefaultHTTPClient
* Move version to own package and use named arguments
* Update version path in Makefile
* Fix import path in Makefile
* Change importpath in dist.sh
* Minor style issues
* update go-jose dependency by switching gopkg.in/square/go-jose.v2
with github.com/go-jose/go-jose/v3
* updated `CHANGELOG.md` with entry for PR #2356
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
andoks
Raúl Sampedro
axel7083
Koen van Zuijlen
Jacob Middag
Blue Falcon
darh
Terrell Russell
Joel Speed