providers/oauth2: more x5c and ecdsa x/y tests (#4463)

* add option to exclude x5* Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4082 * cleanup jwks, add flaky test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add workaround based on https://github.com/jpadilla/pyjwt/issues/709 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't rstrip hashes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keycloak seems to strip equals Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 19:11:36 +01:00
parent f09305a444
commit e390f5b2d1
3 changed files with 100 additions and 27 deletions
--- a/website/integrations/services/apache-guacamole/index.mdx
+++ b/website/integrations/services/apache-guacamole/index.mdx
@ -52,7 +52,7 @@ import TabItem from "@theme/TabItem";
 OPENID_AUTHORIZATION_ENDPOINT: https://authentik.company/application/o/authorize/
 OPENID_CLIENT_ID: # client ID from above
 OPENID_ISSUER: https://authentik.company/application/o/*Slug of the application from above*/
-OPENID_JWKS_ENDPOINT: https://authentik.company/application/o/*Slug of the application from above*/jwks/
+OPENID_JWKS_ENDPOINT: https://authentik.company/application/o/*Slug of the application from above*/jwks/?exclude_x5
 OPENID_REDIRECT_URI: https://guacamole.company/ # This must match the redirect URI above
 ```

@ -64,7 +64,7 @@ OPENID_REDIRECT_URI: https://guacamole.company/ # This must match the redirect U
 openid-authorization-endpoint=https://authentik.company/application/o/authorize/
 openid-client-id=# client ID from above
 openid-issuer=https://authentik.company/application/o/*Slug of the application from above*/
-openid-jwks-endpoint=https://authentik.company/application/o/*Slug of the application from above*/jwks/
+openid-jwks-endpoint=https://authentik.company/application/o/*Slug of the application from above*/jwks/?exclude_x5
 openid-redirect-uri=https://guacamole.company/ # This must match the redirect URI above
 ```