Skip to content

Commit

Permalink
use regular URI ctx functions for AWS ALB so caching is supported
Browse files Browse the repository at this point in the history 
Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
@zandbelt
zandbelt committed Feb 10, 2025
1 parent 18c86ac commit c60e148
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
2 changes: 1 addition & 1 deletion ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
02/10/2025
- add skeleton for updated AWS ALB JWK retrieval which supports key rotation
- add updated AWS ALB JWKs retrieval supporting new "signer"/"region" logic and key rotation
see: https://github.com/OpenIDC/mod_oauth2/issues/73

01/02/2024
Expand Down
13 changes: 9 additions & 4 deletions src/jose.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -740,6 +740,7 @@ _oauth2_jose_jwks_provider_init(oauth2_log_t *log,
provider->resolve = oauth2_jose_jwks_eckey_url_resolve;
break;
case OAUTH2_JOSE_JWKS_PROVIDER_AWS_ALB:
provider->jwks_uri = oauth2_uri_ctx_init(log);
provider->resolve = oauth2_jose_jwks_aws_alb_resolve;
provider->alb_arn = NULL;
provider->alb_base_url = NULL;
Expand Down Expand Up @@ -773,6 +774,7 @@ _oauth2_jose_jwks_provider_clone(oauth2_log_t *log,
dst->jwks_uri = oauth2_uri_ctx_clone(log, src->jwks_uri);
break;
case OAUTH2_JOSE_JWKS_PROVIDER_AWS_ALB:
dst->jwks_uri = oauth2_uri_ctx_clone(log, src->jwks_uri);
dst->alb_arn = oauth2_strdup(src->alb_arn);
dst->alb_base_url = oauth2_strdup(src->alb_base_url);
break;
Expand Down Expand Up @@ -802,6 +804,8 @@ _oauth2_jose_jwks_provider_free(oauth2_log_t *log,
oauth2_uri_ctx_free(log, provider->jwks_uri);
break;
case OAUTH2_JOSE_JWKS_PROVIDER_AWS_ALB:
if (provider->jwks_uri)
oauth2_uri_ctx_free(log, provider->jwks_uri);
if (provider->alb_arn)
oauth2_mem_free(provider->alb_arn);
if (provider->alb_base_url)
Expand Down Expand Up @@ -1890,6 +1894,9 @@ _OAUTH_CFG_CTX_CALLBACK(oauth2_jose_verify_options_jwk_set_aws_alb)
ptr->jwks_provider->alb_base_url = oauth2_strdup(alb_base_url);
}

rv = oauth2_jose_options_uri_ctx(
log, value, params, ptr->jwks_provider->jwks_uri, "aws_alb");

end:

oauth2_debug(log, "leave: %s", rv);
Expand Down Expand Up @@ -2313,15 +2320,13 @@ oauth2_jose_jwks_aws_alb_resolve(oauth2_log_t *log,
}
oauth2_debug(log, "constructed ALB JWKs URL: %s", url);

provider->jwks_uri = oauth2_uri_ctx_init(log);
oauth2_jose_options_uri_ctx(log, url, NULL, provider->jwks_uri, NULL);
provider->jwks_uri->endpoint->url = url;

oauth2_jose_jwk_list_t *result = _oauth2_jose_jwks_resolve_from_uri(
log, provider, refresh,
_oauth2_jose_jwks_eckey_url_resolve_response_callback);

oauth2_uri_ctx_free(log, provider->jwks_uri);
provider->jwks_uri = NULL;
provider->jwks_uri->endpoint->url = NULL;
oauth2_mem_free(url);

return result;
Expand Down

0 comments on commit c60e148

Please sign in to comment.