canvas-lms

History

Keith T. Garner dd5bcacba6 add ability to not encrypt asymmetric jwts Adds a boolean paramater to the jwt controller's create method called canvas_audience. If the jwt is for canvas itself, it can continue to encrypt the asymettric jwt. However, if the consumer wishes to use the token for a downstream service that isn't canvas, it will not encrypt it. This parameter defaults to true. flags=none test plan: - With an authenticate user, hit the /api/v1/jwts endpoint with a POST request and set the canvas_audience parameter to false. - In a jwt tester like jwt.io confirm that the jwt is not encrypted. - With an authenticate user, hit the /api/v1/jwts endpoint with a POST request. - In a jwt tester like jwt.io confirm that the jwt is encrypted. - With an authenticate user, hit the /api/v1/jwts endpoint with a POST request and set the anvas_audience parameter to true. - In a jwt tester like jwt.io confirm that the jwt is encrypted. Change-Id: I690b520ed7360aeb253608cd6787ac1ab80a7435 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/348831 Reviewed-by: Weston Dransfield <wdransfield@instructure.com> QA-Review: Keith Garner <kgarner@instructure.com> Product-Review: Keith Garner <kgarner@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>	2024-05-31 17:29:39 +00:00
..
canvas_security	add ability to not encrypt asymmetric jwts	2024-05-31 17:29:39 +00:00
canvas_security.rb	bundle update faraday	2023-08-22 23:35:15 +00:00

Keith T. Garner dd5bcacba6 add ability to not encrypt asymmetric jwts

Adds a boolean paramater to the jwt controller's create method called
canvas_audience. If the jwt is for canvas itself, it can continue to
encrypt the asymettric jwt. However, if the consumer wishes to use the
token for a downstream service that isn't canvas, it will not encrypt
it. This parameter defaults to true.

flags=none

test plan:
 - With an authenticate user, hit the /api/v1/jwts endpoint with a POST
   request and set the canvas_audience parameter to false.
 - In a jwt tester like jwt.io confirm that the jwt is not encrypted.
 - With an authenticate user, hit the /api/v1/jwts endpoint with a POST
   request.
 - In a jwt tester like jwt.io confirm that the jwt is encrypted.
 - With an authenticate user, hit the /api/v1/jwts endpoint with a POST
   request and set the anvas_audience parameter to true.
 - In a jwt tester like jwt.io confirm that the jwt is encrypted.

Change-Id: I690b520ed7360aeb253608cd6787ac1ab80a7435
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/348831
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Keith Garner <kgarner@instructure.com>
Product-Review: Keith Garner <kgarner@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>

2024-05-31 17:29:39 +00:00

canvas_security

add ability to not encrypt asymmetric jwts

2024-05-31 17:29:39 +00:00

canvas_security.rb

bundle update faraday

2023-08-22 23:35:15 +00:00