flagr
flagr copied to clipboard
openflagr
Oidc key discovery support
Adding support for validating JWTs from OAuth2 providers using OIDC key discovery.
Description
A very popular way of getting JWTs to authenticate users are to get them from OAuth2 providers, and many use OIDC these days. OIDC is a protocol to discover the public signing keys for a JWT so that they can rotate/remove signing keys should they become compromised. This update extends the validation key getter methods to do this key discovery, per the instructions from the root package.
Motivation and Context
Allows JWTs issued by OAuth2 providers that use OIDC to be used and validated by Flagr.
How Has This Been Tested?
I have tested this using Azure Active Directory issued JWTs, and with Okta, a very popular OAuth2 provider used by companies to internally lock down access.
Types of changes
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
Checklist:
- [ ] My code follows the code style of this project. (I'm unsure about this, I'm relatively new to Go)
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [ ] I have added tests to cover my changes. (I'm not sure how to unit test this since any statically created JWT would have it's signing key potentially removed over time)
- [x] All new and existing tests passed.
I appreciate the comments, go's not my primary language. I considered using the package that you provided, but ultimately all I wanted was the verify part since Flagr's only validating a token's signing, not performing its own sign in flows.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}