From ee2a2e07a32d2ee7d8bf3dbe66d0cf796cf31824 Mon Sep 17 00:00:00 2001
From: beltram <beltram.maldant@gmail.com>
Date: Wed, 22 Nov 2023 14:59:45 +0100
Subject: [PATCH] feat: update the protocol by including team & handle in the
 client dpop token, verifying the handle in the dpop challenge

---
 acme/challenge.go         | 2 ++
 docker/Dockerfile.step-ca | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/acme/challenge.go b/acme/challenge.go
index c7b4a4b50..bc21d0010 100644
--- a/acme/challenge.go
+++ b/acme/challenge.go
@@ -512,6 +512,8 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
 		"verify-access",
 		"--client-id",
 		challengeValues.ClientID,
+		"--handle",
+		challengeValues.Handle,
 		"--challenge",
 		ch.Token,
 		"--leeway",
diff --git a/docker/Dockerfile.step-ca b/docker/Dockerfile.step-ca
index a8211acd5..2d0d31aca 100644
--- a/docker/Dockerfile.step-ca
+++ b/docker/Dockerfile.step-ca
@@ -12,7 +12,7 @@ RUN make V=1 bin/step-ca
 FROM rust:alpine AS rustbuilder
 
 RUN apk add --no-cache git musl-dev perl
-RUN git clone https://github.com/wireapp/rusty-jwt-tools.git /src
+RUN git clone --branch feat/dpop-handle-teams https://github.com/wireapp/rusty-jwt-tools.git /src
 
 RUN cd /src && \
     cargo build --release --verbose