diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go index 3df623c1072..ba0d045fe8c 100644 --- a/driver/configuration/provider_viper.go +++ b/driver/configuration/provider_viper.go @@ -97,7 +97,7 @@ func (v *ViperProvider) WellKnownKeys(include ...string) []string { } include = append(include, x.OpenIDConnectKeyName) - return append(viperx.GetStringSlice(v.l, ViperKeyWellKnownKeys, []string{}), include...) + return stringslice.Unique(append(viperx.GetStringSlice(v.l, ViperKeyWellKnownKeys, []string{}), include...)) } func (v *ViperProvider) ServesHTTPS() bool { diff --git a/driver/configuration/provider_viper_test.go b/driver/configuration/provider_viper_test.go index d375d33c64b..01c9723bb03 100644 --- a/driver/configuration/provider_viper_test.go +++ b/driver/configuration/provider_viper_test.go @@ -6,6 +6,8 @@ import ( "strings" "testing" + "github.com/ory/hydra/x" + "github.com/sirupsen/logrus" "github.com/spf13/viper" "github.com/stretchr/testify/assert" @@ -51,3 +53,8 @@ func TestSubjectTypesSupported(t *testing.T) { }) } } + +func TestWellKnownKeysUnique(t *testing.T) { + p := NewViperProvider(logrus.New(), false, nil) + assert.EqualValues(t, []string{x.OAuth2JWTKeyName, x.OpenIDConnectKeyName}, p.WellKnownKeys(x.OAuth2JWTKeyName, x.OpenIDConnectKeyName, x.OpenIDConnectKeyName)) +} diff --git a/jwk/handler.go b/jwk/handler.go index f255422138e..3adf355132f 100644 --- a/jwk/handler.go +++ b/jwk/handler.go @@ -25,6 +25,8 @@ import ( "fmt" "net/http" + "github.com/ory/x/stringslice" + "github.com/ory/hydra/x" "github.com/julienschmidt/httprouter" @@ -33,7 +35,6 @@ import ( ) const ( - IDTokenKeyName = "hydra.openid.id-token" KeyHandlerPath = "/keys" WellKnownKeysPath = "/.well-known/jwks.json" ) @@ -85,7 +86,7 @@ func (h *Handler) SetRoutes(admin *x.RouterAdmin, public *x.RouterPublic, corsMi func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request) { var jwks jose.JSONWebKeySet - for _, set := range h.c.WellKnownKeys() { + for _, set := range stringslice.Unique(h.c.WellKnownKeys()) { keys, err := h.r.KeyManager().GetKeySet(r.Context(), set) if err != nil { h.r.Writer().WriteError(w, r, err) diff --git a/jwk/handler_test.go b/jwk/handler_test.go index aa698c378a8..61830d69e59 100644 --- a/jwk/handler_test.go +++ b/jwk/handler_test.go @@ -27,6 +27,10 @@ import ( "net/http/httptest" "testing" + "github.com/spf13/viper" + + "github.com/ory/hydra/driver/configuration" + "github.com/ory/hydra/x" "github.com/ory/hydra/internal" @@ -34,19 +38,19 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gopkg.in/square/go-jose.v2" - - . "github.com/ory/hydra/jwk" ) func TestHandlerWellKnown(t *testing.T) { conf := internal.NewConfigurationWithDefaults() reg := internal.NewRegistry(conf) + viper.Set(configuration.ViperKeyWellKnownKeys, []string{x.OpenIDConnectKeyName, x.OpenIDConnectKeyName}) + router := x.NewRouterPublic() IDKS, _ := testGenerator.Generate("test-id", "sig") h := reg.KeyHandler() - require.NoError(t, reg.KeyManager().AddKeySet(context.TODO(), IDTokenKeyName, IDKS)) + require.NoError(t, reg.KeyManager().AddKeySet(context.TODO(), x.OpenIDConnectKeyName, IDKS)) h.SetRoutes(router.RouterAdmin(), router, func(h http.Handler) http.Handler { return h @@ -62,6 +66,8 @@ func TestHandlerWellKnown(t *testing.T) { err = json.NewDecoder(res.Body).Decode(&known) require.NoError(t, err, "problem in decoding response") + require.Len(t, known.Keys, 1) + resp := known.Key("public:test-id") require.NotNil(t, resp, "Could not find key public") assert.Equal(t, resp, IDKS.Key("public:test-id"))