Eric Chiang

icon indicating a website link https://ericchiang.github.io icon indicating an email [email protected]

icon company @oblique-security icon location San Francisco icon location @oblique-security (prev: @google, @coreos)

Results 121 comments of Eric Chiang

Don't remove main packages explicitly declared in glide.yaml

Ah thanks. I think the `--use-lock-file` works for us for now! We've used a dummy go file in the past but it's a pain to have a file that doesn't...

Figure out a strategy for handling Azure

@raggi thanks so much for the details! https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#fetch-the-openid-connect-metadata-document ``` $ curl -s https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration | jq .issuer "https://login.microsoftonline.com/{tenantid}/v2.0" $ curl -s https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration | jq .issuer "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0" $ curl -s https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration |...

well-known URLs not accessible from `Provider`

Would you mind showing an example of what you're trying to do? Are you trying to serialize the state of a Provider instance?

Error in parsing remoteKeySet endpoint

Hey @s1ovac, it looks like this is was caused by upgrading https://github.com/go-jose/go-jose #421 , which does the serialization for these types. I don't believe the key you posted is a...

Support for multiple client IDs in the verifier

Some previous links: https://github.com/coreos/go-oidc/issues/334#issuecomment-1122913378 https://github.com/coreos/go-oidc/issues/355#issuecomment-1287435457 Kubernetes should be able to do all of this without changes to go-oidc using the SkipClientIDCheck. So I don't believe we're blocking your KEP. If...

Verify azp claim

There's not a strong reason. I've only seen azp used in relatively niche scenarios where you still want to verify the audience rather than authorizing party. Do you have a...

Verify azp claim

Today you can pull the 'azp' claim out of the IDToken with the Claims() method and do your validation on that. https://pkg.go.dev/github.com/coreos/go-oidc/v3/oidc#IDToken.Claims It does appear that the azp claim is...

Verify azp claim

Another thought is that we could have a method like: ``` func (v *IDTokenVerifier) VerifyToken(ctx context.Context, token *oauth2.Token) (*IDToken, error) ``` That did the right thing with the authorizing party...

`RemoteKeySet` stores and reuses initial context

Thanks! Sorry for taking a bit to get back. Been a busy week. The main motivation for using the NewRemoteKeySet context rather than the Verify context is because many Verify...

`RemoteKeySet` stores and reuses initial context

Apologies for the delay here. I've gone ahead and made the context ignore cancellation. It's hacky, but I think that'll at least fix your issue. https://github.com/coreos/go-oidc/releases/tag/v3.11.0