mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
m.nabokikh	57e9611ff6	fix: Implicit Grant discovery Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Joshua Winters	9284ffb8c0	Add generic oauth connector Co-authored-by: Shash Reddy <sreddy@pivotal.io> Signed-off-by: Joshua Winters <jwinters@pivotal.io>	4 years ago
ariary	7bc966217d	sort grant type supported Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
Bob Callaway	8fd69c16f5	correctly handle path escaping for connector IDs Signed-off-by: Bob Callaway <bob.callaway@gmail.com>	5 years ago
ariary	c6f6dd69e9	lint comment Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
kali	1497e70225	Add parametrization of grant type supported in discovery endpoint Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
Alastair Houghton	cd0c24ec4d	fix: add an extra endpoint to avoid refresh generating AuthRequests. By adding an extra endpoint and a redirect, we can avoid a situation where it's trivially easy to generate a large number of AuthRequests by hitting F5/refresh in the browser. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Rui Yang	fe8085b886	remove client secret encryption option constant time compare for client secret verification will be kept Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Mark Sagi-Kazar	d1e8b085e2	feat: use embedded assets by default Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Rui Yang	2f28fc7451	default to ./web when Dir and WebFS are not set	5 years ago
Rui Yang	4e569024fd	use go 1.16 new package io/fs Unify the interface for reading web statics. Now it could read an OS directory or get the content on live One could use //go:embed static var webFiles embed.FS anywhere and config dex server to take the file system by setting WebConfig{WebFS: webFiles} Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	5 years ago
Rui Yang	7b50cbf0ac	use pkger for embedding static contents Co-authored-by: Vikram Yadav <vyadav@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Rui Yang	1eab25f89f	use web host url for asset hosting	5 years ago
Rui Yang	10e9054811	Use http.FileSystem for web assets	5 years ago
Rui Yang	d658c24e8f	add dex config flag for enabling client secret encryption * if enabled, it will make sure client secret is bcrypted correctly * if not, it falls back to old behaviour that allowing empty client secret and comparing plain text, though now it will do ConstantTimeCompare to avoid a timing attack. So in either way it should provide more secure of client secret verification. Co-authored-by: Alex Surraci <suraci.alex@gmail.com> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
m.nabokikh	3bd0e91a68	Make /device/token deprecation warning more concise Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	9ed5cc00cf	Add deprecation warning for /device/token endpoint Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	1211a86d58	fix: use /token endpoint to get tokens with device flow Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Mark Sagi-Kazar	316da70545	refactor: use new health checker Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
m.nabokikh	91de99d57e	feat: Add refresh token expiration and rotation settings Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	b2e9f67edc	Enable unparam, prealloc, sqlclosecheck linters Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Maksim Nabokikh	35da73de38	chore: add frontend section to dev config (#1913 ) * chore: add frontend section to dev config Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	30c3d78365	fix: log device flow entities GC result if no auth entities collected Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	1d83e4749d	Add gocritic Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Alastair Houghton	9187aa669d	fix: allow Authorization header when doing CORS The Authorization header needs to be allowed when doing CORS because otherwise /userinfo can't work. It isn't one of the headers explicitly allowed by default by Gorilla, so we have to call handlers.AllowedHeaders() to specify it. Issues: #1532 Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	6 years ago
Rui Yang	bd2234cd12	Add constructor for static key strategy Co-authored-by: Josh Winters <jwinter@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	6 years ago
justin-slowik	9882ea453f	better support for /device/callback redirect uris with public clients. Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>	6 years ago
Justin Slowik	9c699b1028	Server integration test for Device Flow (#3 ) Extracted test cases from OAuth2Code flow tests to reuse in device flow deviceHandler unit tests to test specific device endpoints Include client secret as an optional parameter for standards compliance Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>	6 years ago
Justin Slowik	9bbdc721d5	Device flow token code exchange (#2 ) * Added /device/token handler with associated business logic and storage tests. Perform user code exchange, flag the device code as complete. Moved device handler code into its own file for cleanliness. Cleanup * Removed PKCE code * Rate limiting for /device/token endpoint based on ietf standards * Configurable Device expiry Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>	6 years ago
Justin Slowik	0d1a0e4129	Device token api endpoint (#1 ) * Added /device/token handler with associated business logic and storage tests. * Use crypto rand for user code Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>	6 years ago
Justin Slowik	6d343e059b	Generates/Stores the device request and returns the device and user codes. Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>	6 years ago
techknowlogick	0a9f56527e	Add Gitea connector (#1715 ) * Add Gitea connector * Add details to readme * resolve lint issue	6 years ago
Ivan Mikheykin	7ef1179e75	feat: connector for Atlassian Crowd	6 years ago
Joshua Winters	76825fef8f	Make logger and prometheus optional in server config Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Mark Huang <mhuang@pivotal.io>	6 years ago
Zach Brown	13be146d2a	Add support for password grant #926	6 years ago
Andrew Block	92e63771ac	Added OpenShift connector	6 years ago
Mark Sagi-Kazar	9bd5ae5197	Fix goimports	6 years ago
Joel Speed	97ffa21262	Create separate Google connector	6 years ago
Marc-André Dufresne	0dbb642f2c	Add option to always display connector selection even if there's only one	7 years ago
Marc-André Dufresne	d458e882aa	Allow arbitrary data to be passed to templates	7 years ago
Stephan Renatus	d9487e553b	*: fix some lint issues Mostly gathered these using golangci-lint's deadcode and ineffassign linters. Signed-off-by: Stephan Renatus <srenatus@chef.io>	7 years ago
Maarten den Braber	a8d059a237	Add userinfo endpoint Co-authored-by: Yuxing Li <360983+jackielii@users.noreply.github.com> Co-authored-by: Francisco Santiago <1737357+fjbsantiago@users.noreply.github.com>	7 years ago
Benoit Sigoure	d6ad67a6de	server: add metrics for CORS handlers.	7 years ago
Mark Sagi-Kazar	d1c8f8d095	Remove structured logging from the logger interface	7 years ago
Mark Sagi-Kazar	be581fa7ff	Add logger interface and stop relying on Logrus directly	7 years ago
Eric Chiang	8935a1479c	server: update health check endpoint to query storage periodically Instead of querying the storage every time a health check is performed query it periodically and save the result.	7 years ago
joannano	88d1e2b041	keystone: test cases, refactoring and cleanup	7 years ago
Krzysztof Balka	a965365a2b	keystone: refresh token and groups	7 years ago
knangia	0774a89066	keystone: squashed changes from knangia/dex	7 years ago
Maximilian Gaß	468c74d1d2	Make expiry of auth requests configurable	7 years ago

1 2

96 Commits (fix-google-admin-regression)