cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon smallstep

In 'step ca revoke' remove options for provisioners that won't have serial number as subject in generated token.

Open dopey opened this issue 4 years ago • 2 comments

For example, the OIDC provisioner does not return a token with serial number as subject.

So, either parse different types of tokens correctly, or remove provisioners from list that generate the wrong type of token.

dopey avatar Dec 08 '21 20:12 dopey

We may want to have another look at this.

This issue makes the path to revocation on Certificate Manager more involved, because I can't just revoke using the admin OIDC provisioner, I have to create a JWK provisioner, make a token with step ca token --provisioner jwk, then revoke the token with step ca revoke --token.

tashian avatar Feb 02 '23 00:02 tashian

Ref: https://smallstep.freshdesk.com/support/solutions/articles/73000603239-limitations-of-revocation-via-oidc-provisioner

tashian avatar Feb 02 '23 00:02 tashian