make public keys for encrypted access tokens available for OAuth

fixes #74
OpenIDC · Jun 19, 2015 · f7468e6 · f7468e6
1 parent 1a78034
commit f7468e6
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+6/19/2015
+- make public keys for encrypted access tokens available in OAuth-only configurations; fixes #74
+
 6/15/2015
 - add a complete JWT sample that includes validation of "exp" and "iat" to the test suite
 

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
@@ -1769,7 +1769,7 @@ static int oidc_handle_logout(request_rec *r, oidc_cfg *c, session_rec *session)
 /*
  * handle request for JWKs
  */
-static int oidc_handle_jwks(request_rec *r, oidc_cfg *c) {
+int oidc_handle_jwks(request_rec *r, oidc_cfg *c) {
 
 	/* pickup requested JWKs type */
 	//	char *jwks_type = NULL;

diff --git a/src/mod_auth_openidc.h b/src/mod_auth_openidc.h
@@ -325,6 +325,7 @@ int oidc_auth_checker(request_rec *r);
 #endif
 void oidc_request_state_set(request_rec *r, const char *key, const char *value);
 const char*oidc_request_state_get(request_rec *r, const char *key);
+int oidc_handle_jwks(request_rec *r, oidc_cfg *c);
 
 // oidc_oauth
 int oidc_oauth_check_userid(request_rec *r, oidc_cfg *c);

diff --git a/src/oauth.c b/src/oauth.c
@@ -461,6 +461,16 @@ int oidc_oauth_check_userid(request_rec *r, oidc_cfg *c) {
 
 			return OK;
 		}
+
+	/* check if this is a request for the public (encryption) keys */
+	} else if ((c->redirect_uri != NULL) && (oidc_util_request_matches_url(r, c->redirect_uri))) {
+
+		if (oidc_util_request_has_parameter(r, "jwks")) {
+
+			return oidc_handle_jwks(r, c);
+
+		}
+
 	}
 
 	/* we don't have a session yet */