mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Mark Sagi-Kazar	06521ffa49	Remove the logrus logger wrapper	7 years ago
Mark Sagi-Kazar	d1c8f8d095	Remove structured logging from the logger interface	7 years ago
Mark Sagi-Kazar	be581fa7ff	Add logger interface and stop relying on Logrus directly	7 years ago
Eric Chiang	8935a1479c	server: update health check endpoint to query storage periodically Instead of querying the storage every time a health check is performed query it periodically and save the result.	7 years ago
joannano	88d1e2b041	keystone: test cases, refactoring and cleanup	7 years ago
Krzysztof Balka	a965365a2b	keystone: refresh token and groups	7 years ago
knangia	0774a89066	keystone: squashed changes from knangia/dex	7 years ago
Haines Chan	b78b8aeee0	Replace "GET", "POST" to http.MethodGet and http.MethodPost	7 years ago
Maximilian Gaß	468c74d1d2	Make expiry of auth requests configurable	7 years ago
Cosmin Cojocar	01c6b9dd91	Remove the 'public' field from UpdateClientReq proto message	7 years ago
Alexander Matyushentsev	ff8b44558e	Issue #1263 - Render error message provided by connector if user authentication failed	7 years ago
Cosmin Cojocar	281ec27118	Update also to a list of empty redirect URIs and Peers	7 years ago
Cosmin Cojocar	9d1ec6c36b	Revert "Avoid overwriting exiting redirect URI and trusted peers when updating the client" This reverts commit `49fa5ee6e8`.	7 years ago
Cosmin Cojocar	49fa5ee6e8	Avoid overwriting exiting redirect URI and trusted peers when updating the client Also skip configure the Public field.	7 years ago
Cosmin Cojocar	c9b18b2785	Add tests for UpateClient API	7 years ago
Cosmin Cojocar	9926a0dced	Extend the API with a function which updates the client configuration	7 years ago
Danny Sauer	74bfbcefbc	minor spelling correction	8 years ago
Ed Tan	d26e23c16f	Make suggested code changes	8 years ago
Ed Tan	8c75d85b60	Add Bitbucket connector	8 years ago
Stephan Renatus	b9f6594bf0	*: github.com/coreos/dex -> github.com/dexidp/dex Signed-off-by: Stephan Renatus <srenatus@chef.io>	8 years ago
Vy-Shane Xie	b03c85e56e	Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token	8 years ago
Frederic Branczyk	5f03479d29	*: Add go runtime, process, HTTP and gRPC metrics	8 years ago
Eric Buth	da45adcb6e	email scope only allows access to a user's email address	8 years ago
Stephan Renatus	f013a44581	handlers/connector_login: check before update (optimization) Signed-off-by: Stephan Renatus <srenatus@chef.io>	8 years ago
Stephan Renatus	f18d7afc6f	handlers/connector_login: update AuthRequest irregardless of method Before, you could not POST your credentials to a password-connector's endpoint without GETing that endpoint first. While this makes sense for browser clients; automated interactions with Dex don't need to look at the password form to fill it in. A symptom of that missing GET was that the POST succeeded (!) with login successful: connector "", username="admin", email="admin@example.com", groups=[] Note the connector "". A subsequent call to finalizeLogin would then fail with connector with ID "" not found: failed to get connector object from storage: not found Now, the connector ID of an auth request will be updated for both GETs and POSTs. Signed-off-by: Stephan Renatus <srenatus@chef.io>	8 years ago
Eric Chiang	c5de6fa733	*: regenerate proto	8 years ago
Kazumasa Kohtaka	9948228e5b	Set a proper status code before sending an error status page	8 years ago
Pavel Borzenkov	6193bf5566	connector: implement Microsoft connector connector/microsoft implements authorization strategy via Microsoft's OAuth2 endpoint + Graph API. It allows to choose what kind of tenants are allowed to authenticate in Dex via Microsoft: * common - both personal and business/school accounts * organizations - only business/school accounts * consumers - only personal accounts * <tenant uuid> - only account of specific tenant Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>	8 years ago
Stephan Renatus	41f663f70c	show "back" link for password connectors This way, the user who has selected, say, "Log in with Email" can make up their mind, and select a different connector instead. However, if there's only one connector set up, none of this makes sense -- and the link will thus not be displayed. Signed-off-by: Stephan Renatus <srenatus@chef.io>	8 years ago
Stephan Renatus	b09a13458f	password connectors: allow overriding the username attribute (password prompt) This allows users of the LDAP connector to give users of Dex' login prompt an idea of what they should enter for a username. Before, irregardless of how the LDAP connector was set up, the prompt was Username [_________________] Password [_________________] Now, this is configurable, and can be used to say "MyCorp SSO Login" if that's what it is. If it's not configured, it will default to "Username". For the passwordDB connector (local users), it is set to "Email Address", since this is what it uses. Signed-off-by: Stephan Renatus <srenatus@chef.io>	8 years ago
Pavel Borzenkov	ab06119431	connector: implement LinkedIn connector connector/linkedin implements authorization strategy via LinkedIn's OAuth2 endpoint + profile API. It doesn't implement RefreshConnector as LinkedIn doesn't provide any refresh token at all (https://developer.linkedin.com/docs/oauth2, Step 5 — Refresh your Access Tokens) and recommends ordinary AuthCode exchange flow when token refresh is required. Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>	9 years ago
Michael Stapelberg	4931f30a80	authproxy.md: strip X-Remote-User follow-up for https://github.com/coreos/dex/pull/1100	9 years ago
Michael Stapelberg	a41d93db4a	Implement the “authproxy” connector (for Apache2 mod_auth etc.)	9 years ago
Damian Pacierpnik	e3c9b49299	Cross clients improvement - requesting client ID always added to the audience claim	9 years ago
Eric Chiang	f234e3707e	server: fix panic caused by deleting refresh token twice through api	9 years ago
Eric Stroczynski	2b354c8fdb	server: set sane bcrypt cost upper bound	9 years ago
Eric Chiang	aad328bb35	*: add log events for login, LDAP queries, and SAML responses	9 years ago
Eric Stroczynski	4bcb0aaae9	server: log bcrypt cost if > 12, error on runtime > 10s The bcrypt hashing algorithm runtime grows exponentially with cost, and might cause a timeout if the cost is too high. Notifying the user of high cost and of long running calculations will help with tuning and debugging.	9 years ago
Eric Stroczynski	4a88d0641a	: update {S->s}irupsen/logrus	9 years ago
rithu john	753526a506	server/rotation.go: Fix key rotation with multiple dex instances.	9 years ago
Eric Chiang	fcb9c5a1c4	server: fix localhost redirect validation for public clients	9 years ago
rithu john	aefdd6e004	server/api: return empty list of refresh tokens if user does not have any	9 years ago
rithu john	8c9c2518f5	server: account for dynamically changing connector object in storage.	9 years ago
Eric Chiang	ba1660ae1f	*: revendor and regenerate protobuf files	9 years ago
rithu john	dd1e901dd9	server/rotation.go: avoid displaying the "keys already rotated" error	9 years ago
Eric Chiang	5f377f07d4	*: promote SAML to stable This means we no longer refer to it as "experimental" and wont make breaking changes.	9 years ago
Lucas Serven	f3d9bd5008	server/server.go: make successful garbage collection log at info level	9 years ago
Eric Chiang	f734b140cd	server: use client connected to remove server for gRPC tests	9 years ago
rithu john	59502850f0	connector: Connectors without a RefreshConnector should not return a refresh token instead of erroring	9 years ago
Eric Chiang	50b223a9db	*: validate InResponseTo SAML response field and make issuer optional	9 years ago

1 2 3

133 Commits (v2.16.x)