Duende Software
OidcClient.Extensions: ProofTokenMessageHandler doesn't allow keys backed by platform crypto providers #163
Replies: 2 comments 1 reply
-
|
Thank you for bringing this up. This is a very good point. I've created an internal issue that proposes better support for this in the future. For other readers: if this is needed, please upvote. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks to your team for getting this in 7.0.0. I'm trying the prereleases now. |
Beta Was this translation helpful? Give feedback.
-
|
Added in version 7.0.0; closing. Thank you! https://github.com/DuendeSoftware/foss/releases/tag/imoc-7.0.0 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I am working on a DPoP client implementation that stores its signing keys in the platform crypto provider, i.e. Cng for Windows clients. In cases where the provider is backed by a TPM, the private key part is not exportable and therefore cannot be represented as a signing-capable Json Web Key for the
JsonWebKeyconstructor in the Factory. I'd like to be able to either:DPoPProofTokenFactoryfor this purpose, orSigningCredentialsfor the Factory, i.e. through someIDPoPSigningCredentialsFactory.Currently my option is to copy-paste and reimplement
ProofTokenMessageHandler, the Factory, and theConfigureDPoPregistration convenience method.Relevant sources:
https://github.com/DuendeSoftware/foss/blob/41fb3a3fcdf13cf36241326e04ff308139111333/identity-model-oidc-client/src/IdentityModel.OidcClient.Extensions/DPoP/OidcClientExtensions.cs#L23
https://github.com/DuendeSoftware/foss/blob/41fb3a3fcdf13cf36241326e04ff308139111333/identity-model-oidc-client/src/IdentityModel.OidcClient.Extensions/DPoP/DPoPProofTokenFactory.cs#L24
Beta Was this translation helpful? Give feedback.
All reactions