Closed develrulez closed 3 years ago
we can confirm this behaviour.
Webauthn supports this. I'll refactor oauth2 to also support it.
Wonderful, would it also be possible to create a fix for the 3.9.x stream? Because I don't know if the Quarkus people are ready for a major release change of 3.9.x to 4.x in the near future.
I can't promise anything on that field as webauthn is a 4.0 feature, it all depends on how hard is to backport.
The main branch for 4.0.0 was already supporting chains, I've ensured that the validation is consistent (and performed the same way across all handlers)
@dirien I've pushed to the 3.9 branch of vertx-auth
a fix to allows certificate chains in JWKs endpoints. Can you run some tests on your side?
Hi @pmlopes, please excuse the late response. I've missed your hint for the fix. It works perfectly well with the version 3.9.5-SNAPSHOT. Thanks a lot! When can we expect a release of this version and more important an update of vertx-auth
in a new Quarkus version?
Hi @develrulez releases are managed by @vietj , maybe he may give an estimate on a date
Hi, as stated in https://vertx.io/docs/apidocs/io/vertx/ext/jwt/JWK.html, the certificate chains (x5c) in a JWK only allow a single element chain. Why so? Our company's OIDC compliant server has a certificate chain with all the CAs embedded. But the class io.vertx.ext.jwt.JWK throws an exception in this case...
Couldn't it just pick the first certificate ignoring the others in the chain and try to validate the token against that? Right now we're trying to test io.quarkus:quarkus-oidc:1.6.1.Final which includes io.vertx:vertx-auth-oauth2:3.9.1.