search

coupergateway / couper

Couper is a lightweight API gateway designed to support developers in building and operating API-driven Web projects
https://couper.io
MIT License
85 stars 15 forks source link

717 jwt dpop #763

Open johakoch opened 1 year ago

johakoch commented 1 year ago

Implement resource server part of OAuth2 DPoP

Reviewer checklist
  • Read PR description: a summary about the changes is required
  • Changelog updated
  • Documentation: docs/{Reference, Cli, ...}, Docker and cli help/usage
  • Pulled branch, manually tested
  • Verified requirements are met
  • Reviewed the code
  • Reviewed the related tests
johakoch commented 8 months ago

@malud https://codeclimate.com/github/coupergateway/couper/pull/763 codeclimate again :-( The DPoP proof JWT claims contain at least 4 claims that must be validated (1 error return each) (+ the regular return). That makes more than the allowed 4. Do I have to group them by 2, just to please codeclimate?

johakoch commented 5 months ago

I successfully checked the validation of a DPoP token obtained by okta-auth-js (which in version 7.7.0 supports DPoP) from an okta org authorization server and passed to a resource server protected by couper with this branch.