mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Uğur Tafralı	0f9b7eba77	Pin GitHub API version in requests (#4647 ) Signed-off-by: utafrali <tafraliugur@gmail.com>	16 hours ago
Maksim Nabokikh	93985dedff	fix: increase lock acquisition attempts from 60 to 200 for better reliability (#4644 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	21 hours ago
dependabot[bot]	4433b362b1	build(deps): bump distroless/static-debian13 from `f512d81` to `e3f9456` (#4648 ) Bumps distroless/static-debian13 from `f512d81` to `e3f9456`. --- updated-dependencies: - dependency-name: distroless/static-debian13 dependency-version: nonroot dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	21 hours ago
dependabot[bot]	fe79863158	build(deps): bump mheap/github-action-required-labels (#4649 ) Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 5.5.1 to 5.5.2. - [Release notes](https://github.com/mheap/github-action-required-labels/releases) - [Commits](`8afbe8ae6a...0ac283b4e6`) --- updated-dependencies: - dependency-name: mheap/github-action-required-labels dependency-version: 5.5.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	21 hours ago
Mark Liu	4fb3e7810b	feat(logger): add excludeFields config for PII redaction (#4621 ) Adds an slog.Handler wrapper (excludingHandler) that drops log attributes matching a configured set of keys. This allows GDPR-sensitive deployments to suppress PII fields like email, username, preferred_username, or groups at the logger level rather than per-callsite. Also adds user_id to the "login successful" log line so operators who exclude PII fields still have a pseudonymous identifier. Closes #4391 --------- Signed-off-by: Mark Liu <mark@prove.com.au>	1 day ago
Maksim Nabokikh	5a4395fd12	feat: add UserIdentity entity and CRUD operations (#4643 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	3 days ago
Maksim Nabokikh	e8f79fe9ab	DEP: Auth Sessions - Introduce (#4561 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	3 days ago
Maksim Nabokikh	175dc57a3b	feat(cel): implement CEL compiler with library (#4607 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	3 days ago
Maksim Nabokikh	0568abeb03	DEP: CEL integration (#4601 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	3 days ago
Maksim Nabokikh	5bbfbbe168	feat: add PKCE (Proof Key for Code Exchange) configuration to OAuth2 settings (#4638 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	4 days ago
Maksim Nabokikh	2bda64690d	test: fix token introspection tests to use consistent timestamps (#4639 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	4 days ago
dependabot[bot]	13f012fb81	build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (#4635 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.51.0 to 0.52.0. - [Commits](https://github.com/golang/net/compare/v0.51.0...v0.52.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	5 days ago
dependabot[bot]	734d60f485	build(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#4636 )	5 days ago
Maksim Nabokikh	80d297b8a4	feat: update CSS for improved theming and button styles (#4634 )	5 days ago
Maksim Nabokikh	f80a89dd5d	feat(client): add allowed connectors field to client configuration (#4610 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	5 days ago
Maksim Nabokikh	7777773067	feat(connector): connectors for grants (#4619 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	6 days ago
dependabot[bot]	47b645406c	build(deps): bump google.golang.org/api from 0.270.0 to 0.271.0 (#4633 ) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.270.0 to 0.271.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.270.0...v0.271.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.271.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	6 days ago
Maksim Nabokikh	3d97c59032	test: add concurrency tests for storage implementations (#4631 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	7 days ago
dependabot[bot]	ae8c5af72e	build(deps): bump anchore/sbom-action from 0.23.0 to 0.23.1 (#4629 )	7 days ago
dependabot[bot]	7bd3c2a576	build(deps): bump google.golang.org/api from 0.269.0 to 0.270.0 (#4630 ) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.269.0 to 0.270.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.269.0...v0.270.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.270.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	7 days ago
dependabot[bot]	35c0b56569	build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#4628 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`faadad0cce...ba7bc0a3fe`) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	7 days ago
dependabot[bot]	a4136db3a3	build(deps): bump google.golang.org/grpc in /api/v2 (#4625 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.79.1...v1.79.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 week ago
dependabot[bot]	01b6822bcb	build(deps): bump google.golang.org/grpc in /examples (#4626 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.79.1...v1.79.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 week ago
dependabot[bot]	e67c47c614	build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 (#4624 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.35.0 to 0.36.0. - [Commits](https://github.com/golang/oauth2/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 week ago
dependabot[bot]	74dd7eeb4c	build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 (#4623 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.79.1...v1.79.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 week ago
dependabot[bot]	9ba3c3f930	build(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0 (#4622 ) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.2 to 0.35.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](`97e0b3872f...57a97c7e78`) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 week ago
dependabot[bot]	e2462a25ce	build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /examples (#4627 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.35.0 to 0.36.0. - [Commits](https://github.com/golang/oauth2/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 week ago
Mark Liu	c03a687465	fix(server): handle double-submit on approval endpoint (#4620 ) When GetAuthRequest returns ErrNotFound in handleApproval, render a 400 "User session error." instead of logging + rendering a 500 "Database error.". Covers the double-submit race where sendCodeResponse deletes the auth request on first approval and the second request finds nothing. --- Signed-off-by: Mark Liu <mark@prove.com.au> Signed-off-by: mark-liu <mark-liu@users.noreply.github.com>	1 week ago
Maksim Nabokikh	591a201c88	feat(tests): add MySQL 8 support in CI and tests (#4617 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
dependabot[bot]	f4c3102b3a	build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 (#4615 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.5 to 4.32.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`c793b717bc...0d579ffd05`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	976e45e83c	build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#4614 ) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](`c299e40c65...030e881283`) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	8dce952b17	build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#4613 ) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.19.2 to 7.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](`10e90e3645...d08e5c354a`) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	91bf627b39	build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#4616 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](`8d2750c68a...4d04d5d948`) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	787087179c	build(deps): bump golang from 1.26.0-alpine3.22 to 1.26.1-alpine3.22 (#4612 ) Bumps golang from 1.26.0-alpine3.22 to 1.26.1-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.1-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
Maksim Nabokikh	a11b3cd2ef	feat(gitlab): implement TokenIdentity method (#4606 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
dependabot[bot]	3ab094771c	build(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4609 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](`c94ce9fb46...b45d80f862`) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	fb570557ee	build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#4608 ) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](`c7c5346462...ce360397dd`) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	57a601f11e	build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#4605 )	2 weeks ago
Mathias Gebbe	fec4f53203	feat(oauth2): add client credentials flow with opt-in config flag (#4583 ) Implement the OAuth2 client_credentials grant type for machine-to-machine authentication. The grant is gated behind a new clientCredentialsEnabled config flag (defaults to false), following the same pattern as passwordConnector for the password grant. --------- Signed-off-by: Mathias Gebbe <mathias.gebbe@gmail.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	2 weeks ago
dependabot[bot]	e79638db52	build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#4603 )	2 weeks ago
dependabot[bot]	044dcd57a2	build(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.34.2 (#4602 )	2 weeks ago
Maksim Nabokikh	a70f592589	fix(deviceflow): update redirect URIs to use absolute paths for non-root URLs (#4597 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
kt	91e985edea	fix: correct error message for device request expiry (#4599 ) Signed-off-by: kanywst <niwatakuma@icloud.com>	2 weeks ago
kt	99c423364e	fix: fix typo in grpc listener error message (#4598 ) Signed-off-by: kanywst <niwatakuma@icloud.com>	2 weeks ago
Maksim Nabokikh	e1d6c38ca2	fix: Invert condition for unknown fields in config unmarshaller (#4596 ) Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com>	3 weeks ago
dependabot[bot]	e5c14f1c7c	build(deps): bump distroless/static-debian13 from `01e550f` to `f512d81` (#4593 ) Bumps distroless/static-debian13 from `01e550f` to `f512d81`. --- updated-dependencies: - dependency-name: distroless/static-debian13 dependency-version: nonroot dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 weeks ago
dependabot[bot]	e5e64c64c0	build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#4594 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`b7c566a772...bbbca2ddaa`) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 weeks ago
dependabot[bot]	8ab16cfe02	build(deps): bump actions/attest-build-provenance from 4.0.0 to 4.1.0 (#4595 ) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](`e4d4f7c39a...a2bbfa2537`) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 weeks ago
Maksim Nabokikh	47e84dba69	feat(connector): add compile-time checks for connector interfaces (#4591 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	3 weeks ago
Mathias Gebbe	44e27490be	fix(connector): update authproxy and oauth to match CallbackConnector interface (#4589 ) The PKCE support added in v2.45.0 changed the CallbackConnector interface signatures but missed updating the authproxy and oauth connectors. This caused a type assertion failure in handleConnectorLogin(), resulting in "Requested resource does not exist" errors when using these connectors. Update LoginURL to return (string, []byte, error) and HandleCallback to accept a []byte connData parameter for both connectors and their tests. Signed-off-by: Mathias Gebbe <mathias.gebbe@gmail.com>	3 weeks ago

1 2 3 4 5 ...

3769 Commits (0f9b7eba7781a89d502f757efc3f393ebb3f8c8f) All Branches Search

3769 Commits (0f9b7eba7781a89d502f757efc3f393ebb3f8c8f)

All Branches