gitpod

archive-gh-me/gitpod

Fork 0

mirror of https://github.com/gitpod-io/gitpod.git synced 2025-12-08 17:36:30 +00:00

Commit Graph

Author	SHA1	Message	Date
Milan Pavlik	d9ccc1d141	[papi] OIDC service signs state with HS256, reusing signing PK - WEB-206 (#17328 ) * [papi] OIDC service signs state with RSA256 * Fix * retest * fix * add test	2023-04-24 17:14:45 +08:00
Milan Pavlik	4f55ce16da	[public-api] JWT Signer & Verifier WEB-101 (#17308 ) * [public-api] JWT Signer & Verifier * upgrade other to v5	2023-04-21 17:32:42 +08:00
Alex Tugarev	80dc959279	[oidc] encode and validate state params Using JWT tokens for encoding/decoding/validation of state params carried throughout the OIDC/OAuth2 flow. Validating of integrity is crucial, as this piece of information contains the ID of the OIDC client to continue with when Gitpod receives the callback from a 3rd party. Tests should show that expiration time is checked and signature validation is effective.	2023-02-15 18:55:20 +01:00

Author

SHA1

Message

Date

Milan Pavlik

d9ccc1d141

[papi] OIDC service signs state with HS256, reusing signing PK - WEB-206 (#17328 )

* [papi] OIDC service signs state with RSA256

* Fix

* retest

* fix

* add test

2023-04-24 17:14:45 +08:00

Milan Pavlik

4f55ce16da

[public-api] JWT Signer & Verifier WEB-101 (#17308 )

* [public-api] JWT Signer & Verifier

* upgrade other to v5

2023-04-21 17:32:42 +08:00

Alex Tugarev

80dc959279

[oidc] encode and validate state params

Using JWT tokens for encoding/decoding/validation of state params carried throughout the OIDC/OAuth2 flow.

Validating of integrity is crucial, as this piece of information contains the ID of the OIDC client to continue with when Gitpod receives the callback from a 3rd party. Tests should show that expiration time is checked and signature validation is effective.

2023-02-15 18:55:20 +01:00

3 Commits