canvas-lms

Commit Graph

Author	SHA1	Message	Date
Cody Cutrer	809904d8b6	add frozen_string_literal comment to migrations Change-Id: Idf4ddb29567c1dfab9f01b09c7a1056367ae7b44 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/261814 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Rob Orton <rob@instructure.com> Product-Review: Rob Orton <rob@instructure.com>	2021-03-30 18:14:36 +00:00
Jacob Fugal	2b3886c5f4	extend client_credentials oauth2 grants for CD2 refs SAS-1540 * adds an audience setting to developer keys, so a key can be set to target external audiences with its credentials grants * when a key with an external audience grants credentials, the token is signed with an asymmetric key instead of the internal symmetric key * external audiences can retrieve the corresponding public keys from /login/oauth2/jwks * credentials issued by developer keys with an account id include the account's guid in a custom claim includes a refactor of key storage and rotation in consul, which had already been done for LTI. but it wasn't really a feature of lti, just something used by LTI, and we needed the same for key management for this. moved it to be part of Canvas::Security Change-Id: Ie5c0fcee6fc21687f31c109389a3bcc1ed349c5d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/243606 QA-Review: Jonathan Featherstone <jfeatherstone@instructure.com> Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Product-Review: Jacob Fugal <jacob@instructure.com>	2020-08-13 18:52:47 +00:00

Author

SHA1

Message

Date

Cody Cutrer

809904d8b6

add frozen_string_literal comment to migrations

Change-Id: Idf4ddb29567c1dfab9f01b09c7a1056367ae7b44
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/261814
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>

2021-03-30 18:14:36 +00:00

Jacob Fugal

2b3886c5f4

extend client_credentials oauth2 grants for CD2

refs SAS-1540

* adds an audience setting to developer keys, so a key can be set to
  target external audiences with its credentials grants
* when a key with an external audience grants credentials, the token is
  signed with an asymmetric key instead of the internal symmetric key
* external audiences can retrieve the corresponding public keys from
  /login/oauth2/jwks
* credentials issued by developer keys with an account id include the
  account's guid in a custom claim

includes a refactor of key storage and rotation in consul, which had
already been done for LTI. but it wasn't really a feature of lti, just
something used by LTI, and we needed the same for key management for
this. moved it to be part of Canvas::Security

Change-Id: Ie5c0fcee6fc21687f31c109389a3bcc1ed349c5d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/243606
QA-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>

2020-08-13 18:52:47 +00:00

2 Commits