Eric Chiang
Eric Chiang
The current clockwork dependency is used in exactly one place. ```go type ValidationContext struct { CertificateStore X509CertificateStore IdAttribute string Clock *Clock } ``` This can easily be replaced with a...
github.com/coreos/go-oidc has never used gopkg.in, and we may break this soon when we add a go.mod file (https://github.com/coreos/go-oidc/pull/228). Just a heads up that you'll need to use the correct import...
When using self-signed etcd certs, the CA private key is generated in memory but never rendered. Once terraform exits the content is discarded. Internal bug can be found here: https://jira.coreos.com/browse/INST-1027...
Right now we 404 which is a bad UX for users of dex. Maybe we could provide a default redirect?
Spun out of https://github.com/coreos/dex/issues/968 and to address https://github.com/coreos/dex/pull/943 Currently we let parts of dex config reference environment variables: ```yaml storage: - type: postgres config: password: $PASSWORD ``` We restrict this...
Based off my testing, releasing the transaction wipes the PIN.
WIP: do not merge, do not review Updates: #82
https://developers.yubico.com/yubikey-piv-manager/PIN_and_Management_Key.html
Different smart cards can implement different algorithm sets. See if YubiKey's PIV implementation supports algorithm discovery: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf#page=61
Currently we're assuming > 4.3.0 since I only have a v4.3.7 and v3.4.9 key to test with https://github.com/go-piv/piv-go/blob/2184bb6b48d35daef927bc6e5a8330d3e2b877fd/piv/piv_test.go#L137-L152 If someone can confirm that that test passes with an older version...