mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Maksim Nabokikh	6d9ca8de49	fix: Do not use connector data from the refresh token field (#2729 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	3 years ago
m.nabokikh	4b5f1d5289	fix: refresh token only once for all concurrent requests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Bob Callaway	793bcc4b61	address review comments Signed-off-by: Bob Callaway <bcallaway@google.com>	4 years ago
Bob Callaway	fcfbb1ecb0	Add HMAC protection on /approval endpoint Signed-off-by: Bob Callaway <bcallaway@google.com>	4 years ago
Bob Callaway	83e2df821e	add PKCE support to device code flow (#2575 ) Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>	4 years ago
Shivansh Vij	65592d0b5a	Updating test cases Fixes https://github.com/dexidp/dex/issues/2537 Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>	4 years ago
Shivansh Vij	cbf158bcc0	Fixes https://github.com/dexidp/dex/issues/2537 Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>	4 years ago
m.nabokikh	bdfb10137a	Add the comment about groups request notification Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	3d5a3befb4	fix: prevent cross-site scripting for the device flow Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	ad89e01676	fix: log only errors on refreshing Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	57e9611ff6	fix: Implicit Grant discovery Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Mark Sagi-Kazar	79721196a8	fix(server): wrap credentials in the correct Dial option Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	4 years ago
Stephen Augustus	243661155e	server: grpc.WithInsecure is now insecure.NewCredentials() Signed-off-by: Stephen Augustus <foo@auggie.dev>	4 years ago
Maksim Nabokikh	ca615f7ad7	Update server/refreshhandlers.go Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	578cb05f7b	fix: return invalid_grant error on claiming token of another client Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Joshua Winters	9284ffb8c0	Add generic oauth connector Co-authored-by: Shash Reddy <sreddy@pivotal.io> Signed-off-by: Joshua Winters <jwinters@pivotal.io>	4 years ago
copperyp	5854dd192d	using path.Join replace filepath.Join Signed-off-by: copperyp <copperyp@gmail.com>	4 years ago
copperyp	a1c1076137	fix web static file path slash error for win platform Signed-off-by: copperyp <copperyp@gmail.com>	4 years ago
m.nabokikh	9fad0602ec	fix: do not update offlinesession lastUsed field if refresh token was not change Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Bob Callaway	2e0041f95f	ensure template does not double-escape URL Signed-off-by: Bob Callaway <bob.callaway@gmail.com>	5 years ago
ariary	7bc966217d	sort grant type supported Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
Bob Callaway	8fd69c16f5	correctly handle path escaping for connector IDs Signed-off-by: Bob Callaway <bob.callaway@gmail.com>	5 years ago
Eng Zer Jun	f0186ff265	refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	5 years ago
ariary	c6f6dd69e9	lint comment Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
kali	1497e70225	Add parametrization of grant type supported in discovery endpoint Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
Monis Khan	3009ae3b5d	Return valid JWT access token from password grant This change updates the password grant handler to issue a valid JWT access token instead of just returning a random value as the access token. This makes it possible to use the access token against the user info endpoint. Signed-off-by: Monis Khan <i@monis.app>	5 years ago
Tomasz Kleczek	4ffaa60d21	Improve auth flow error handling Signed-off-by: Tomasz Kleczek <tomasz.kleczek@gmail.com>	5 years ago
Henning	138364ceeb	handlePasswordGrant: insert connectorData into OfflineSession (#2199 ) * handlePasswordGrant: insert connectorData into OfflineSession This change will insert the ConnectorData from the initial Login into the OfflineSession, as already done in handlePasswordLogin. Signed-off-by: Henning Surmeier <h.surmeier@mittwald.de>	5 years ago
Mark Sagi-Kazar	ceb4324c18	test: quick fix flaky test Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
m.nabokikh	21a01ee811	Add sprig v3 functions to web templates Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	4b54433ec2	Bump golag-ci lint version to 1.40.1 Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Mark Sagi-Kazar	0bef10ef80	chore(deps): update gosundheit Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
m.nabokikh	dea1d3383c	Deprecation warning log message Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Alastair Houghton	cd0c24ec4d	fix: add an extra endpoint to avoid refresh generating AuthRequests. By adding an extra endpoint and a redirect, we can avoid a situation where it's trivially easy to generate a large number of AuthRequests by hitting F5/refresh in the browser. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Alastair Houghton	030a6459d6	fix: reinstate TestHandleAuthCode. Reinstating this test as it shouldn't have been removed. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Alastair Houghton	88025b3d7c	fix: remove some additional dependencies. Accidentally added some of these back during merge. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Alastair Houghton	0284a4c3c9	fix: back link on password page needs to be explicit. The back link on the password page was using Javascript to tell the browser to navigate back, which won't work if the user has entered a set of incorrect log-in details. Fix this by using an explicit URL instead. Fixes #1851 Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Alastair Houghton	cdbb5dd94d	fix: defer creation of auth request. Rather than creating the auth request when the user hits /auth, pass the arguments through to /auth/{connector} and have the auth request created there. This prevents a database error when using the "Select another login method" link, and also avoids a few other error cases. Fixes #1849, #646. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Maksim Nabokikh	20875c972e	Discard package "version" (#2107 ) * Discard package "version" Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Inject api version Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Pass version arg to the dex API Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Rui Yang	fe8085b886	remove client secret encryption option constant time compare for client secret verification will be kept Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Rui Yang	ecea593ddd	fix a bug in hash comparison function the client secret coming in should be hashed and the one in storage is the one in plaintext Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Mark Sagi-Kazar	95796b04a3	chore(deps): upgrade protobuf and grpc Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Mark Sagi-Kazar	d25051c867	chore(deps): upgrade protobuf in server/internal package Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Mark Sagi-Kazar	d1e8b085e2	feat: use embedded assets by default Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Rui Yang	2f28fc7451	default to ./web when Dir and WebFS are not set	5 years ago
Rui Yang	4e569024fd	use go 1.16 new package io/fs Unify the interface for reading web statics. Now it could read an OS directory or get the content on live One could use //go:embed static var webFiles embed.FS anywhere and config dex server to take the file system by setting WebConfig{WebFS: webFiles} Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	5 years ago
Rui Yang	7b50cbf0ac	use pkger for embedding static contents Co-authored-by: Vikram Yadav <vyadav@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Rui Yang	1eab25f89f	use web host url for asset hosting	5 years ago
Rui Yang	10e9054811	Use http.FileSystem for web assets	5 years ago
Rui Yang	d658c24e8f	add dex config flag for enabling client secret encryption * if enabled, it will make sure client secret is bcrypted correctly * if not, it falls back to old behaviour that allowing empty client secret and comparing plain text, though now it will do ConstantTimeCompare to avoid a timing attack. So in either way it should provide more secure of client secret verification. Co-authored-by: Alex Surraci <suraci.alex@gmail.com> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago

1 2 3 4 5 ...

331 Commits (artifact-workflow)