Skip to content

Commit c60e148

Browse files
zandbeltzandbelt
committed
use regular URI ctx functions for AWS ALB so caching is supported
Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
1 parent 18c86ac commit c60e148

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

ChangeLog

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
02/10/2025
2-
- add skeleton for updated AWS ALB JWK retrieval which supports key rotation
2+
- add updated AWS ALB JWKs retrieval supporting new "signer"/"region" logic and key rotation
33
see: https://github.com/OpenIDC/mod_oauth2/issues/73
44

55
01/02/2024

src/jose.c

+9-4
Original file line numberDiff line numberDiff line change
@@ -740,6 +740,7 @@ _oauth2_jose_jwks_provider_init(oauth2_log_t *log,
740740
provider->resolve = oauth2_jose_jwks_eckey_url_resolve;
741741
break;
742742
case OAUTH2_JOSE_JWKS_PROVIDER_AWS_ALB:
743+
provider->jwks_uri = oauth2_uri_ctx_init(log);
743744
provider->resolve = oauth2_jose_jwks_aws_alb_resolve;
744745
provider->alb_arn = NULL;
745746
provider->alb_base_url = NULL;
@@ -773,6 +774,7 @@ _oauth2_jose_jwks_provider_clone(oauth2_log_t *log,
773774
dst->jwks_uri = oauth2_uri_ctx_clone(log, src->jwks_uri);
774775
break;
775776
case OAUTH2_JOSE_JWKS_PROVIDER_AWS_ALB:
777+
dst->jwks_uri = oauth2_uri_ctx_clone(log, src->jwks_uri);
776778
dst->alb_arn = oauth2_strdup(src->alb_arn);
777779
dst->alb_base_url = oauth2_strdup(src->alb_base_url);
778780
break;
@@ -802,6 +804,8 @@ _oauth2_jose_jwks_provider_free(oauth2_log_t *log,
802804
oauth2_uri_ctx_free(log, provider->jwks_uri);
803805
break;
804806
case OAUTH2_JOSE_JWKS_PROVIDER_AWS_ALB:
807+
if (provider->jwks_uri)
808+
oauth2_uri_ctx_free(log, provider->jwks_uri);
805809
if (provider->alb_arn)
806810
oauth2_mem_free(provider->alb_arn);
807811
if (provider->alb_base_url)
@@ -1890,6 +1894,9 @@ _OAUTH_CFG_CTX_CALLBACK(oauth2_jose_verify_options_jwk_set_aws_alb)
18901894
ptr->jwks_provider->alb_base_url = oauth2_strdup(alb_base_url);
18911895
}
18921896

1897+
rv = oauth2_jose_options_uri_ctx(
1898+
log, value, params, ptr->jwks_provider->jwks_uri, "aws_alb");
1899+
18931900
end:
18941901

18951902
oauth2_debug(log, "leave: %s", rv);
@@ -2313,15 +2320,13 @@ oauth2_jose_jwks_aws_alb_resolve(oauth2_log_t *log,
23132320
}
23142321
oauth2_debug(log, "constructed ALB JWKs URL: %s", url);
23152322

2316-
provider->jwks_uri = oauth2_uri_ctx_init(log);
2317-
oauth2_jose_options_uri_ctx(log, url, NULL, provider->jwks_uri, NULL);
2323+
provider->jwks_uri->endpoint->url = url;
23182324

23192325
oauth2_jose_jwk_list_t *result = _oauth2_jose_jwks_resolve_from_uri(
23202326
log, provider, refresh,
23212327
_oauth2_jose_jwks_eckey_url_resolve_response_callback);
23222328

2323-
oauth2_uri_ctx_free(log, provider->jwks_uri);
2324-
provider->jwks_uri = NULL;
2329+
provider->jwks_uri->endpoint->url = NULL;
23252330
oauth2_mem_free(url);
23262331

23272332
return result;

0 commit comments

Comments
 (0)