Readme Update
Repository, AGTs, ATs and READMEs updated to give more information about the proccess and protocol flow.
Long Term Flow
Long Term is now fully supported. A Proof of Possession Token must be provided by the client in case the Long Term flow is requested to be used. More info about the long term token and how to use it can be found in "server/agt_server/README".
AGT Server Changes
File agt_server.go includes these changes:
Use of assymetric signature for Access Grant Tokens generated. RS256 algorithm (RSA + SHA-256) used. Server generates the KeyPair on startup if no key is provided. Symmetric key signature was used previously.
TLS support using transportSec.json in "./server/transport_sec".
Declaration of constants to be used to specify the duration of tokens, cryptographic key files and long term policies.
Added CORS policies. PoP header is allowed. Allowed requests from any origin. This is useful for testing of the server, must be changed to increase security.
Included Long Term support. Proof of Possession Tokens are received in the header of the request. Caching of PoP tokens to reject them if reused supported. Generation of LT-AGT added.
AT Server Changes
File agt_server.go includes these changes:
Use of the public key of the AGTs to check the AGTs received. .
TLS support using transportSec.json in "./server/transport_sec".
Declaration of constants to be used to specify the duration of tokens, cryptographic key files and long term policies.
Added CORS policies. PoP header is allowed. Allowed requests from any origin. This is useful for testing of the server, must be changed to increase security.
Included Long Term support. Proof of Possession Token is provided in the body of the request using the claim "pop". Caching of PoP tokens to reject them if reused supported. Comparison of client key with the key in the AGT and signature check is performed.
Fixed token validation responses. AT validation requests received did not perform acordingly to what was expected. Fixed. Change of error codes to more friendly ones.
Error codes are described in the Access Token Server README.
Purpose List Added purposes to the purpose list for debugging.
VISS Server Changes
Added support for new errors in AT.
Support for AT Server using HTTPS.
Utils
Included different methods and object for an easier development.
Cryptoutils file: includes methods supporting key generation, PEM encoding and key importation and exportation.
A struct called JsonWebKey, with different functions, such as initialize from key, generate thumbprint, marshall...
Datatypes file: includes different methods and structs used to manage data in the protocol. JsonWebToken struct and ExtendedJwt struct are provided with different useful functions (sign, add claims, claim checking...).
Pull Request from NICSLab fork
Readme Update Repository, AGTs, ATs and READMEs updated to give more information about the proccess and protocol flow.
Long Term Flow Long Term is now fully supported. A Proof of Possession Token must be provided by the client in case the Long Term flow is requested to be used. More info about the long term token and how to use it can be found in "server/agt_server/README".
AGT Server Changes File agt_server.go includes these changes:
AT Server Changes File agt_server.go includes these changes:
Use of the public key of the AGTs to check the AGTs received. .
TLS support using transportSec.json in "./server/transport_sec".
Declaration of constants to be used to specify the duration of tokens, cryptographic key files and long term policies.
Added CORS policies. PoP header is allowed. Allowed requests from any origin. This is useful for testing of the server, must be changed to increase security.
Included Long Term support. Proof of Possession Token is provided in the body of the request using the claim "pop". Caching of PoP tokens to reject them if reused supported. Comparison of client key with the key in the AGT and signature check is performed.
Fixed token validation responses. AT validation requests received did not perform acordingly to what was expected. Fixed. Change of error codes to more friendly ones. Error codes are described in the Access Token Server README.
Purpose List Added purposes to the purpose list for debugging.
VISS Server Changes
Utils Included different methods and object for an easier development.