feat: add support for saml encrypted assertions

supabase / auth

A JWT based API for managing users and issuing JWT tokens

MIT License

1.55k stars 375 forks source link

By setting the GOTRUE_SAML_ALLOW_ENCRYPTED_ASSERTIONS to true the SAML private key will be advertised as usable with encryption too.

Encrypted assertions are fairly rare these days because:

They make it very hard to debug what's going on.
HTTPS is the default protocol on the web for over 10 years, including in intranets.

Why not use a separate key?

The underlying library does not support it and there are no significant cryptological issues using the same RSA key for signatures and encryption, especially in a limited setting like this.

Pull Request Test Coverage Report for Build 10663458667

Details

3 of 5 (60.0%) changed or added relevant lines in 2 files are covered.

No unchanged relevant lines lost coverage.

Overall coverage decreased (-0.002%) to 57.867%

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/conf/saml.go	1	3	33.33%
<!--	Total:	3	5	60.0%	-->

Changes Missing Coverage

Covered Lines

Changed/Added Lines

internal/conf/saml.go

33.33%

<!--

Total:

60.0%

-->

Totals
Change from base Build 10605980831:	-0.002%
Covered Lines:	9125
Relevant Lines:	15769

Totals

Change from base Build 10605980831:

-0.002%

Covered Lines:

9125

Relevant Lines:

15769

supabase / auth

feat: add support for saml encrypted assertions #1752

Pull Request Test Coverage Report for Build 10663458667

Details

💛 - Coveralls