mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Adrián López Gómez	9b8ab3bdc6	ClientCredentials flow in UserAPI Fixes #528	10 years ago
Moto Ishizawa	eb0c312734	connector: add emailClaim setting to OIDC Connector Add emailCiam setting to OIDC Connector for supporting an ID token that does not contain the email claim.	10 years ago
Eric Chiang	b02a3a3163	*: add "groups" scope	10 years ago
Eric Chiang	f899cbaea8	return 409 for duplicate client ids	10 years ago
Eric Chiang	47ce264f08	return 409 status code on duplicate email errors	10 years ago
Bobby Rullo	41740179af	client: admin API allows user defined creds You can specify your own client ID and secret!	10 years ago
Bobby Rullo	cdcf08066d	client, server: public client restrictions * disallow ClientCreds for public clients * clients can only redirect to localhost or OOB	10 years ago
Bobby Rullo	c0668997ae	admin: create public clients with admin api	10 years ago
Bobby Rullo	8942a49702	server: remove client_resource api ...and dependent code.	10 years ago
Bobby Rullo	75473b4cba	refresh tokens: grant claims based on scopes Before, this logic was only in the OIDCServer.CodeToken() method; now it has been pulled out so that other paths, like OIDCServer.RefreshToken() can use it. The net affect, is that now refresh tokens can be used to get cross-client authenticated ID Tokens.	10 years ago
Bobby Rullo	32a1994a5e	refresh tokens: store and validate scopes. A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes	10 years ago
Bobby Rullo	ca18efb1fe	client: load full clients w/ LoadableClient The Client object on its own doesn't fully express everything about a single client, and so when loading clients from a static configuration it's not enough to just (de)serialize clients. To that end, LoadableClient contains the full representation of a client and associated entities.	10 years ago
Bobby Rullo	e6e04be297	integration: changes based on codegen	10 years ago
Bobby Rullo	2406c09598	workerschema: move Client.Revoke to RefreshClient also, RevokeClient -> RevokeClient for consistency.	10 years ago
Bobby Rullo	e1c070d84e	admin: add trustedPeers bootstrap api	10 years ago
Bobby Rullo	1b4dca80d7	client: remove ClientManagerFromClients Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it was doing the wrong thing: it was ignoring the client_id and client_secret passed into it as far as I can tell.	10 years ago
Eric Chiang	35ea3d9ae1	*: add ability to set and list connectors from admin API closes #360	10 years ago
Evan Cordell	a418e1c4e7	client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script	10 years ago
Evan Cordell	3da98fcb8e	client: add transaction support	10 years ago
Bobby Rullo	399b15abeb	integration, : Improve tests for admin api TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients	10 years ago
Bobby Rullo	e5948ab3ce	*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology.	10 years ago
Bobby Rullo	95757e8779	*: Client Repo now deals with custom Client object This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client.	10 years ago
Eric Chiang	64380734e6	*: implement refresh revocation user API methods	10 years ago
Eric Chiang	ac73d3cdf2	*: load password infos from users file in no-db mode not connectors In --no-db mode, load passwords from the users file instead of the connectors file. This allows us to remove the password infos field from the local connector and stop loading them during connector registration, a case that was causing panics when using a real database (see #286). Fixes #286 Closes #340	10 years ago
Eric Chiang	b10645f58d	*: add client registration endpoint to admin API	10 years ago
Eric Chiang	804dd6d57c	integration: fix email case sensitivity test	10 years ago
Rubén Soleto Buenvarón	8156870862	add support for resend an invite email This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist. At now, you can resend invitation email using endpoint /users/{id}/resend-invitation Fixes #184	10 years ago
Eric Chiang	dcf5835189	*: remove in memory connector config repo	10 years ago
Eric Chiang	b572b8dd6c	*: remove in memory client repo The DB implementation expects secrets to be base64 encoded blobs. Because of this a bunch of tests broke moving to sqlite. A lot of this commit is fixing those tests.	10 years ago
Eric Chiang	72d1ecab64	*: remove in memory password info repo	10 years ago
Eric Chiang	2726f4dcdf	*: remove in memory user repo	10 years ago
Eric Chiang	95560404a3	*: remove in memory refresh repo	10 years ago
Eric Chiang	7bac93aa20	*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3.	10 years ago
Eric Chiang	5e44b6bc27	*: update all to accommodate changes to go-oidc Update dex to comply with the changes to fieldnames and types of the client and provider metadata structs in coreos/go-oidc.	10 years ago
Eric Chiang	f43655a8c3	user/manager: connector must exists when creating remote identity Add ConnectorConfigRepo to UserManager. When trying to create a RemoteIdentity, validate that the connector ID exists. Fixes #198	10 years ago
Eric Chiang	d518447282	user: move user manager to it's own package This commit moves the user.Manage to its own package (user/manager) so it can import the connector package in a later commit. For clarity, it renames "Manager" to "UserManager" using gorname. This commit has no functional changes.	10 years ago
Bobby Rullo	2ef1b4beff	user: introduce "invite" emails Invite emails are essentially just reset password emails with a different template (though this can and probably will change (slightly) in the near future)	11 years ago
Bobby Rullo	7d4f41bf04	integration: check when there's no secret provided	11 years ago
Bobby Rullo	55040c55fa	server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.	11 years ago
Joe Bowers	e5db302312	server: expose user disable API endpoint	11 years ago
Joe Bowers	fbbb3cc2df	server: all authorizations fail for disabled users	11 years ago
Joe Bowers	ffabe03bc0	server: don't allow disabled users to access the api	11 years ago
Yifan Gu	93a0830ae0	server: check scope in requests. Require 'openid' in scope for all requests. Require 'offline_access' for returning refresh token.	11 years ago
Yifan Gu	066fd859ec	session: add 'scope' field in session.	11 years ago
Bobby Rullo	66fe201c24	*: move original project to dex	11 years ago

47 Commits (v1)