forked from baron/baron-sso
feat(headless-login): add jwks cache visibility and refresh flow
- replace inline headless jwks support with jwksUri-only validation - add cached jwks refresh worker, manual refresh/revoke endpoints, and parsed key summaries - expose allowed algorithms and key previews in DevFront with regression coverage
This commit is contained in:
Lectom C Han
@@ -402,11 +402,19 @@ guide_step_1 = "Generate a key pair on the RP server and keep the private key on
|
||||
guide_step_2 = "Expose the public key from the RP backend through a JWKS (JSON Web Key Set) endpoint."
|
||||
guide_step_3 = "Enter a URL such as https://rp.example.com/.well-known/jwks.json in DevFront."
|
||||
headless_help = "You can design your own login UI within the application. While the UI is yours, the actual identity verification and security checks are handled in the background via Baron's API."
|
||||
jwks_inline_help = "Prefer the SSH-RSA public key format first. If you paste an 'ssh-rsa AAA...' key, Baron converts it to OIDC-standard JWKS (JSON) before saving."
|
||||
jwks_uri_help = "Enter the public key endpoint URL exposed by the RP backend. Example: https://rp.example.com/.well-known/jwks.json"
|
||||
request_object_alg_help = "Specify the JAR (Request Object) signing algorithm used for headless login."
|
||||
source_help = "Register the JWKS URI served by the RP so Baron can verify the public key."
|
||||
allowed_algorithms_help = "Headless login JAR verification accepts only the algorithms listed below."
|
||||
subtitle = "Manage the public key and headless login settings required for Headless Login evaluation."
|
||||
cache_empty = "No cached JWKS exists yet. Use Refresh to ask the backend to verify and cache the key."
|
||||
cache_help = "Shows the last JWKS verification state stored by the backend."
|
||||
cache_parsed_keys_help = "Raw JWKS stays hidden. Only parsed key metadata is shown here."
|
||||
cache_parsed_keys_empty = "No parsed JWKS keys are available yet."
|
||||
cache_refresh_failed = "Failed to refresh the JWKS cache: {{error}}"
|
||||
cache_refreshed = "JWKS cache refreshed."
|
||||
cache_revoke_confirm = "Deleting the JWKS cache means the backend must fetch and verify it again before the next use. Continue?"
|
||||
cache_revoke_failed = "Failed to delete the JWKS cache: {{error}}"
|
||||
cache_revoked = "JWKS cache deleted."
|
||||
|
||||
[msg.dev.clients.general.public_key.validation]
|
||||
headless_requires_alg = "Headless login requires a Request Object Signing Algorithm."
|
||||
@@ -1407,16 +1415,25 @@ guide_toggle = "JWKS URI Setup Guide"
|
||||
headless_disabled = "Headless Disabled"
|
||||
headless_enabled = "Headless Enabled"
|
||||
headless_toggle = "Headless Login"
|
||||
jwks_inline = "SSH-RSA or JWKS Public Key"
|
||||
jwks_inline_placeholder = "Paste an 'ssh-rsa AAA...' public key first. JWKS (JSON) is also accepted if needed."
|
||||
jwks_uri = "JWKS URI"
|
||||
jwks_uri_placeholder = "https://rp.example.com/.well-known/jwks.json"
|
||||
request_object_alg = "Request Object Signing Algorithm"
|
||||
request_object_alg_placeholder = "RS256"
|
||||
source = "Public Key Source"
|
||||
source_uri = "JWKS URI"
|
||||
allowed_algorithms = "Allowed Algorithms"
|
||||
title = "Public Key Registration"
|
||||
validation_title = "Check before saving"
|
||||
cache_error = "Last Error"
|
||||
cache_cached_at = "Cached At"
|
||||
cache_expires_at = "Expires At"
|
||||
cache_failures = "Consecutive Failures"
|
||||
cache_kids = "Cached KIDs"
|
||||
cache_last_checked_at = "Last Checked"
|
||||
cache_last_success = "Last Successful Verification"
|
||||
cache_parsed_keys = "Parsed Keys"
|
||||
cache_parsed_key_n = "n Preview"
|
||||
cache_status = "Status"
|
||||
cache_uri = "JWKS URI"
|
||||
revoke_cache = "Revoke Cache"
|
||||
|
||||
[ui.dev.clients.help]
|
||||
docs_body = "Includes PKCE, client_secret_basic, redirect URI validation tips."
|
||||
|
||||
Reference in New Issue
Block a user