providers/oauth2: add initial JWE support (#11344)

* providers/oauth2: add initial JWE support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-migrate, only set id_token_encryption_* when encryption key is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add jwks test with encryption Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-10-17 14:04:19 +02:00
parent fc1f146049
commit 47206d3328
18 changed files with 329 additions and 35 deletions
--- a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
@ -205,6 +205,15 @@ export class OAuth2ProviderFormPage extends BaseProviderForm<OAuth2Provider> {
                        ></ak-crypto-certificate-search>
                        <p class="pf-c-form__helper-text">${msg("Key used to sign the tokens.")}</p>
                    </ak-form-element-horizontal>
+                    <ak-form-element-horizontal label=${msg("Encryption Key")} name="encryptionKey">
+                        <!-- NOTE: 'null' cast to 'undefined' on encryptionKey to satisfy Lit requirements -->
+                        <ak-crypto-certificate-search
+                            certificate=${ifDefined(this.instance?.encryptionKey ?? undefined)}
+                        ></ak-crypto-certificate-search>
+                        <p class="pf-c-form__helper-text">
+                            ${msg("Key used to encrypt the tokens.")}
+                        </p>
+                    </ak-form-element-horizontal>
                </div>
            </ak-form-group>