Skip to content

fix: wrong es256 signature format #490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
arithmetic1728 merged 1 commit into from
Apr 21, 2020
Merged

fix: wrong es256 signature format #490

arithmetic1728 merged 1 commit into from
Apr 21, 2020

Conversation

@arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Apr 21, 2020
edited
Loading

es256 signature should have the raw format instead of asn1 encoded format. Raw format is base64url encoded bytes array (64 bytes) of two integers r, s (each contributes 32 bytes to the array).

Verified the fix works with iap issued id_token in PR: GoogleCloudPlatform/python-docs-samples#3444

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Apr 21, 2020
@busunkim96
Copy link
Contributor

busunkim96 commented Apr 21, 2020

@arithmetic1728 Thanks for fixing this!

Would you mind tweaking the PR title to be slightly more descriptive? The title is used directly in the changelog.

@arithmetic1728
fix: support es256 raw format signature
831b14a 
es256 signature in id_token has raw format, however, cryptography library verification/signing only works for asn1 encoded format. Therefore in verification/signing process, we need to convert between the ans1 encoded format and the raw format.
@arithmetic1728
Copy link
Contributor Author

arithmetic1728 commented Apr 21, 2020

@busunkim96 Updated the title and commit message to include more details.

@arithmetic1728 arithmetic1728 merged commit cf2c0a9 into master Apr 21, 2020
@arithmetic1728 arithmetic1728 deleted the sijun/es256 branch April 21, 2020 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@busunkim96 busunkim96 busunkim96 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arithmetic1728 @busunkim96 @googlebot