Branch: v1

artifact-workflow

dependabot/github_actions/actions/cache-5.0.4

dependabot/go_modules/api/v2/google.golang.org/grpc-1.79.3

dependabot/go_modules/github.com/lib/pq-1.12.0

fix-google-admin-regression

helm

master

v1

v2.0.x

v2.1.x

v2.10.x

v2.13.x

v2.16.x

v2.2.x

v2.28.x

v2.3.x

v2.30.x

v2.31.x

v2.32.x

v2.33.x

v2.34.x

v2.35.x

v2.36.x

v2.37.x

v2.38.x

v2.39.x

v2.4.x

v2.40.x

v2.41.x

v2.42.x

v2.43.x

v2.45.x

v2.5.x

v2.6.x

v2.7.x

v2.8.x

v2.9.x

api/v2.0.0

api/v2.1.0

api/v2.2.0

api/v2.3.0

api/v2.4.0

v0.1.0

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-alpha.5

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.1

v2.0.2

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.28.1

v2.29.0

v2.3.0

v2.3.1

v2.30.0

v2.30.1

v2.30.2

v2.30.3

v2.31.0

v2.31.1

v2.31.2

v2.32.0

v2.32.1

v2.33.0

v2.33.1

v2.34.0

v2.35.0

v2.35.1

v2.35.2

v2.35.3

v2.36.0

v2.37.0

v2.38.0

v2.39.0

v2.39.1

v2.4.0

v2.4.1

v2.40.0

v2.41.0

v2.41.1

v2.42.0

v2.42.1

v2.43.0

v2.43.1

v2.44.0

v2.45.0

v2.45.1

v2.5.0

v2.6.0

v2.6.1

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'v1'

${ noResults }

Commit Graph

119 Commits (v1)

Author	SHA1	Message	Date
Pavel Borzenkov	f76c43ec4f	server: fix tests to expect unpadded base64 messages ... Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>	9 years ago
Moto Ishizawa	dc979c1d6d	server: use time.Time instead of int64 for token expiration time	10 years ago
Moto Ishizawa	25e4228e35	server: add expires_in field to the response of token endpoint	10 years ago
Adrián López Gómez	9b8ab3bdc6	ClientCredentials flow in UserAPI ... Fixes #528	10 years ago
Eric Chiang	fa8f98acac	server: fix registration redirect for servers listenin at non-base URLs	10 years ago
Eric Chiang	b466ae7a70	server: fix the path registration for user APIs at non-root URLs	10 years ago
Rubén Soleto Buenvarón	c91b37aa9e	refresh token rotation ... Update refresh token flow to revoke old refresh token and generates a new one. Fixes #519	10 years ago
Jeremy Whitlock	27b80cbca8	connector: add uaa connector ... This commit adds support for dex to authenticate users from a CloudFoundry User Account and Authentication (UAA) Server. Fixes: #538	10 years ago
Wyatt Anderson	26508c6bab	server: when registering a user, set display name ... When automatically registering a user from an IP that provides a `DisplayName`, set it on the created user so that JWT we create contain a meaningful `name` field.	10 years ago
Eric Chiang	8669167b42	user api: accept bearer tokens with multiple audiences	10 years ago
Eric Chiang	435cadfc19	*: more updates to prepend the correct API path	10 years ago
Eric Chiang	854b767273	*: update handlers to include issuer url in path	10 years ago
Eric Chiang	8216a3d992	connector: fix path that connectors listen on ... When Dex uses a non-root issuer URL, it current assumes that all path prefixes will be trimmed by an upstream proxy (e.g. nginx). This means that all paths rendered in HTML will be absolute to the prefix, but the handlers still listen at the root. Connectors are currently the only component that registers at a non-root URL. Make this conform with the rest of Dex by having the server determine the path the connector listens as rather than the connector itself.	10 years ago
Lucas Serven	0cc0c73676	backend: add absolute path to template links ... fixes: #502 Add a new template function called `absPath` that converts relative paths to absolute paths based on the issuerURL. The template function can be used in templates like: ````html <a href="{{ .MyRelativePath | absPath }}"> ````	10 years ago
Eric Chiang	b02a3a3163	*: add "groups" scope	10 years ago
Eric Chiang	87faa5a1f7	*: depricate --email-from flag and move to email config files	10 years ago
Bobby Rullo	b80dbc8975	server: support out-of-band auth flow ... When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to an internal dex page where the user is shown the code and instructed to paste it into their app.	10 years ago
Bobby Rullo	cdcf08066d	client, server: public client restrictions ... * disallow ClientCreds for public clients * clients can only redirect to localhost or OOB	10 years ago
Bobby Rullo	4f85f3a479	server: change ClientMetadata -> Client ... Metadata is not enough these days - we're going to need access to the Public field as well.	10 years ago
Eric Chiang	35cab93c0a	*: add --enable-automatic-registration flag to worker ... For remote connectors, allow users to skip registration.	10 years ago
Bobby Rullo	8942a49702	server: remove client_resource api ... ...and dependent code.	10 years ago
Bobby Rullo	75473b4cba	refresh tokens: grant claims based on scopes ... Before, this logic was only in the OIDCServer.CodeToken() method; now it has been pulled out so that other paths, like OIDCServer.RefreshToken() can use it. The net affect, is that now refresh tokens can be used to get cross-client authenticated ID Tokens.	10 years ago
Bobby Rullo	32a1994a5e	refresh tokens: store and validate scopes. ... A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes	10 years ago
Bobby Rullo	ca18efb1fe	client: load full clients w/ LoadableClient ... The Client object on its own doesn't fully express everything about a single client, and so when loading clients from a static configuration it's not enough to just (de)serialize clients. To that end, LoadableClient contains the full representation of a client and associated entities.	10 years ago
Bobby Rullo	5939a15d10	remove DexServer	10 years ago
Bobby Rullo	e71c5086ba	server: CodeToken now does Cross-Client auth	10 years ago
Bobby Rullo	9b4740862c	server: /auth accepts, validates X-client scopes	10 years ago
Bobby Rullo	f9dbc8a3d2	db, client: add data model for trusted peers ... Trusted Peers are clients that are authorized to mint tokens for another client.	10 years ago
Bobby Rullo	1b4dca80d7	client: remove ClientManagerFromClients ... Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it was doing the wrong thing: it was ignoring the client_id and client_secret passed into it as far as I can tell.	10 years ago
Bobby Rullo	a33d61c8e2	server: remove boilerplate setup code part deux ... Use the test fixture setup stuff in testutil instead.	10 years ago
Bobby Rullo	ad1d5ab253	server: remove boilerplate setup code ... Use the test fixture setup stuff in testutil instead.	10 years ago
Eric Chiang	35ea3d9ae1	*: add ability to set and list connectors from admin API ... closes #360	10 years ago
Bobby Rullo	bbaea52ea6	alternate approach to fixing tests	10 years ago
Evan Cordell	73d9742c8b	client manager: accept full client when creating	10 years ago
Evan Cordell	a418e1c4e7	client: add client manager ... adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script	10 years ago
Evan Cordell	3da98fcb8e	client: add transaction support	10 years ago
Bobby Rullo	847849931f	Revert "Fix response_type missing param" ... This reverts commit 821b242c83.	10 years ago
Bobby Rullo	e5948ab3ce	*: ClientIdentityXXX -> ClientXXX ... Get rid of all outdated "ClientIdentity" terminology.	10 years ago
Bobby Rullo	95757e8779	*: Client Repo now deals with custom Client object ... This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client.	10 years ago
Adrián López Gómez	d3d2db8e05	tests: add HandleTokenFunc test ... Fixes #408	10 years ago
Eric Chiang	7858da565f	server: add more validation to --no-db static file parsing ... In #393 the format of the static user file in --no-db mode changed. However, the old format loads without error, which has caused issues for developers with existing user files. Add an explicit check to ensure the file is not using the old format. If they are, print a better error message.	10 years ago
Stephan Renatus	ed89be44ef	bugfix: make getCreds work for non-admins (#396)	10 years ago
Eric Chiang	553e7d0167	server: add refresh token revocation API to server	10 years ago
Eric Chiang	ac73d3cdf2	*: load password infos from users file in no-db mode not connectors ... In --no-db mode, load passwords from the users file instead of the connectors file. This allows us to remove the password infos field from the local connector and stop loading them during connector registration, a case that was causing panics when using a real database (see #286). Fixes #286 Closes #340	10 years ago
Eric Chiang	b10645f58d	*: add client registration endpoint to admin API	10 years ago
Eric Chiang	6120f7ac05	*: add isAdmin option to client repo when creating a client	10 years ago
Rubén Soleto Buenvarón	821b242c83	Fix response_type missing param ... This commit fix problem with response_type param, which is required according to OIDC spec, when it is missing. At now, when connector_id url query param is not set, connector view use response_type that client request instead of default "code". Fixes #370	10 years ago
Eric Chiang	c3aa6a1ee3	server: correctly decode oauth2 basic auth credentials ... Fixes #336	10 years ago
Eric Chiang	01a24542e9	*: fix tests that care about email case sensitivity	10 years ago
Eric Chiang	3f4a42eefd	*: remove unused code ... This change has no functional changes, it only removes dead code.	10 years ago