mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Moto Ishizawa	dc979c1d6d	server: use time.Time instead of int64 for token expiration time	10 years ago
Moto Ishizawa	25e4228e35	server: add expires_in field to the response of token endpoint	10 years ago
Adrián López Gómez	9b8ab3bdc6	ClientCredentials flow in UserAPI Fixes #528	10 years ago
Eric Chiang	fa8f98acac	server: fix registration redirect for servers listenin at non-base URLs	10 years ago
Eric Chiang	b466ae7a70	server: fix the path registration for user APIs at non-root URLs	10 years ago
Rubén Soleto Buenvarón	c91b37aa9e	refresh token rotation Update refresh token flow to revoke old refresh token and generates a new one. Fixes #519	10 years ago
Wyatt Anderson	26508c6bab	server: when registering a user, set display name When automatically registering a user from an IP that provides a `DisplayName`, set it on the created user so that JWT we create contain a meaningful `name` field.	10 years ago
Eric Chiang	435cadfc19	*: more updates to prepend the correct API path	10 years ago
Eric Chiang	854b767273	*: update handlers to include issuer url in path	10 years ago
Eric Chiang	8216a3d992	connector: fix path that connectors listen on When Dex uses a non-root issuer URL, it current assumes that all path prefixes will be trimmed by an upstream proxy (e.g. nginx). This means that all paths rendered in HTML will be absolute to the prefix, but the handlers still listen at the root. Connectors are currently the only component that registers at a non-root URL. Make this conform with the rest of Dex by having the server determine the path the connector listens as rather than the connector itself.	10 years ago
Eric Chiang	b02a3a3163	*: add "groups" scope	10 years ago
Bobby Rullo	b80dbc8975	server: support out-of-band auth flow When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to an internal dex page where the user is shown the code and instructed to paste it into their app.	10 years ago
Bobby Rullo	cdcf08066d	client, server: public client restrictions * disallow ClientCreds for public clients * clients can only redirect to localhost or OOB	10 years ago
Bobby Rullo	4f85f3a479	server: change ClientMetadata -> Client Metadata is not enough these days - we're going to need access to the Public field as well.	10 years ago
Eric Chiang	35cab93c0a	*: add --enable-automatic-registration flag to worker For remote connectors, allow users to skip registration.	10 years ago
Bobby Rullo	8942a49702	server: remove client_resource api ...and dependent code.	10 years ago
Bobby Rullo	75473b4cba	refresh tokens: grant claims based on scopes Before, this logic was only in the OIDCServer.CodeToken() method; now it has been pulled out so that other paths, like OIDCServer.RefreshToken() can use it. The net affect, is that now refresh tokens can be used to get cross-client authenticated ID Tokens.	10 years ago
Bobby Rullo	32a1994a5e	refresh tokens: store and validate scopes. A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes	10 years ago
Bobby Rullo	5939a15d10	remove DexServer	10 years ago
Bobby Rullo	e71c5086ba	server: CodeToken now does Cross-Client auth	10 years ago
Bobby Rullo	9b4740862c	server: /auth accepts, validates X-client scopes	10 years ago
Evan Cordell	a418e1c4e7	client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script	10 years ago
Evan Cordell	3da98fcb8e	client: add transaction support	10 years ago
Bobby Rullo	e5948ab3ce	*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology.	10 years ago
Eric Chiang	553e7d0167	server: add refresh token revocation API to server	10 years ago
Eric Chiang	ac73d3cdf2	*: load password infos from users file in no-db mode not connectors In --no-db mode, load passwords from the users file instead of the connectors file. This allows us to remove the password infos field from the local connector and stop loading them during connector registration, a case that was causing panics when using a real database (see #286). Fixes #286 Closes #340	10 years ago
Eric Chiang	7bac93aa20	*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3.	10 years ago
Eric Chiang	04cd1851aa	server: add dynamic client registration	10 years ago
Eric Chiang	5e44b6bc27	*: update all to accommodate changes to go-oidc Update dex to comply with the changes to fieldnames and types of the client and provider metadata structs in coreos/go-oidc.	10 years ago
Bobby Rullo	dc828825e6	server: better UX when remote ID already exists Instead of cryptic message with nowhere to, give them the choice to login with that account or register.	10 years ago
Eric Chiang	ad6e331860	server: fix flow when user logs in through wrong connector This cleans up the code that deals with a user attempting to login through a different connector than they registered with. The only functional change is that `newLoginURLFromSession` is now called with register = false when a user has an existing account.	10 years ago
Eric Chiang	d518447282	user: move user manager to it's own package This commit moves the user.Manage to its own package (user/manager) so it can import the connector package in a later commit. For clarity, it renames "Manager" to "UserManager" using gorname. This commit has no functional changes.	10 years ago
Joe Bowers	0c854a21d6	server: endpoint and system for sending invitations to dex An invitation allows users to both verify their email address and set a new password.	10 years ago
Bobby Rullo	bf9517fdaa	server,cmd: Add flag for disabling registation For situations where admins add users.	11 years ago
Joe Bowers	e5db302312	server: expose user disable API endpoint	11 years ago
Joe Bowers	60a36e2c2e	server,db: flag for disabling user login	11 years ago
Joe Bowers	4c9bab0890	server: user management endpoints strictly conform to schema This change disables the URL fixing behavior or the router associated with the user management schema. After this commit, URLS routing to /api/$VERSION/users must target exactly the specified paths. In addition, `/api/$VERSION/users/` will serve a 404 This change allows users to hit the user create endpoint, which would previously serve a redirect rather than actually making the associated change.	11 years ago
Giulio Iotti	472e4a02a4	*: Remove unnecessary else statements Whenever it makes the code easier to follow, use early return to avoid else statements.	11 years ago
Yifan Gu	93a0830ae0	server: check scope in requests. Require 'openid' in scope for all requests. Require 'offline_access' for returning refresh token.	11 years ago
Yifan Gu	066fd859ec	session: add 'scope' field in session.	11 years ago
Bobby Rullo	66fe201c24	*: move original project to dex	11 years ago

45 Commits (v1)