willdot.net / cocoon
An atproto PDS written in Go
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

support jwks in metadata

Hailey a406d409 71d0a03d

+30 -18
+10 -2
oauth/client/manager.go
··· 57 57 } 58 58 59 59 var jwks jwk.Key 60 - if metadata.JWKS != nil { 60 + if metadata.JWKS != nil && len(metadata.JWKS.Keys) > 0 { 61 61 // TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to 62 62 // make sure we use the right one 63 - k, err := helpers.ParseJWKFromBytes((*metadata.JWKS)[0]) 63 + b, err := json.Marshal(metadata.JWKS.Keys[0]) 64 64 if err != nil { 65 65 return nil, err 66 66 } 67 + 68 + k, err := helpers.ParseJWKFromBytes(b) 69 + if err != nil { 70 + return nil, err 71 + } 72 + 67 73 jwks = k 68 74 } else if metadata.JWKSURI != nil { 69 75 maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI) ··· 72 78 } 73 79 74 80 jwks = maybeJwks 81 + } else { 82 + return nil, fmt.Errorf("no valid jwks found in oauth client metadata") 75 83 } 76 84 77 85 return &Client{
+20 -16
oauth/client/metadata.go
··· 1 1 package client 2 2 3 3 type Metadata struct { 4 - ClientID string `json:"client_id"` 5 - ClientName string `json:"client_name"` 6 - ClientURI string `json:"client_uri"` 7 - LogoURI string `json:"logo_uri"` 8 - TOSURI string `json:"tos_uri"` 9 - PolicyURI string `json:"policy_uri"` 10 - RedirectURIs []string `json:"redirect_uris"` 11 - GrantTypes []string `json:"grant_types"` 12 - ResponseTypes []string `json:"response_types"` 13 - ApplicationType string `json:"application_type"` 14 - DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"` 15 - JWKSURI *string `json:"jwks_uri,omitempty"` 16 - JWKS *[][]byte `json:"jwks,omitempty"` 17 - Scope string `json:"scope"` 18 - TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"` 19 - TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"` 4 + ClientID string `json:"client_id"` 5 + ClientName string `json:"client_name"` 6 + ClientURI string `json:"client_uri"` 7 + LogoURI string `json:"logo_uri"` 8 + TOSURI string `json:"tos_uri"` 9 + PolicyURI string `json:"policy_uri"` 10 + RedirectURIs []string `json:"redirect_uris"` 11 + GrantTypes []string `json:"grant_types"` 12 + ResponseTypes []string `json:"response_types"` 13 + ApplicationType string `json:"application_type"` 14 + DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"` 15 + JWKSURI *string `json:"jwks_uri,omitempty"` 16 + JWKS *MetadataJwks `json:"jwks,omitempty"` 17 + Scope string `json:"scope"` 18 + TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"` 19 + TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"` 20 + } 21 + 22 + type MetadataJwks struct { 23 + Keys []any `json:"keys"` 20 24 }