Trusted publishing: ensure aud _only_ contains our audience.
#13887
Assignees
Labels
Comments
|
xref jpadilla/pyjwt#894 for a potential upstream API change that would enable this. |
|
Upstream change: jpadilla/pyjwt#902 Once that's accepted/in a release, I can tackle the fix here. |
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This was raised as a result of CircleCI's OIDC implementation and related discussion here: sigstore/fulcio#591 (comment).
Currently we accept OIDC tokens for which the
audclaim contains our required audiences (pypiortestpypirespectively), however this doesn't preclude theaudclaim from containing other audiences, because PyJWT will verify any token that simply contains the requested audience: https://github.com/jpadilla/pyjwt/blob/master/jwt/api_jwt.py#L335-L336.The potential issue is that for a provider like CircleCI, the OIDC token could be shared across multiple 3rd party services with multiple audiences. This means that a CircleCI use that wants to use a token for both
aud=pypiandaud=some_other_provideronly gets a single token that would be valid for either audience, which means the other provider technically gains the ability to publish to PyPI as a result.To mitigate this, we should restrict our verification of OIDC tokens to those that only specify our audience for the
audclaim.(While we're at it, we should also update the tests around our JWT verification to do less mocking/stubbing of the 3P library we're using here)
The text was updated successfully, but these errors were encountered: