mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 10:56:28 +02:00
c1a522cd82
* proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
33 lines
997 B
Go
33 lines
997 B
Go
package handlers
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/go-jose/go-jose/v3"
|
|
"github.com/rs/cors"
|
|
|
|
"github.com/pomerium/pomerium/internal/httputil"
|
|
"github.com/pomerium/pomerium/pkg/cryptutil"
|
|
)
|
|
|
|
// JWKSHandler returns the /.well-known/pomerium/jwks.json handler.
|
|
func JWKSHandler(rawSigningKey string) http.Handler {
|
|
return cors.AllowAll().Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
|
|
var jwks jose.JSONWebKeySet
|
|
if rawSigningKey != "" {
|
|
decodedCert, err := base64.StdEncoding.DecodeString(rawSigningKey)
|
|
if err != nil {
|
|
return httputil.NewError(http.StatusInternalServerError, errors.New("bad base64 encoding for signing key"))
|
|
}
|
|
jwk, err := cryptutil.PublicJWKFromBytes(decodedCert)
|
|
if err != nil {
|
|
return httputil.NewError(http.StatusInternalServerError, errors.New("bad signing key"))
|
|
}
|
|
jwks.Keys = append(jwks.Keys, *jwk)
|
|
}
|
|
httputil.RenderJSON(w, http.StatusOK, jwks)
|
|
return nil
|
|
}))
|
|
}
|