mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Rui Yang	fe8085b886	remove client secret encryption option constant time compare for client secret verification will be kept Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Rui Yang	ecea593ddd	fix a bug in hash comparison function the client secret coming in should be hashed and the one in storage is the one in plaintext Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Mark Sagi-Kazar	95796b04a3	chore(deps): upgrade protobuf and grpc Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Mark Sagi-Kazar	d25051c867	chore(deps): upgrade protobuf in server/internal package Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Mark Sagi-Kazar	d1e8b085e2	feat: use embedded assets by default Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Rui Yang	2f28fc7451	default to ./web when Dir and WebFS are not set	5 years ago
Rui Yang	4e569024fd	use go 1.16 new package io/fs Unify the interface for reading web statics. Now it could read an OS directory or get the content on live One could use //go:embed static var webFiles embed.FS anywhere and config dex server to take the file system by setting WebConfig{WebFS: webFiles} Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	5 years ago
Rui Yang	7b50cbf0ac	use pkger for embedding static contents Co-authored-by: Vikram Yadav <vyadav@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Rui Yang	1eab25f89f	use web host url for asset hosting	5 years ago
Rui Yang	10e9054811	Use http.FileSystem for web assets	5 years ago
Rui Yang	d658c24e8f	add dex config flag for enabling client secret encryption * if enabled, it will make sure client secret is bcrypted correctly * if not, it falls back to old behaviour that allowing empty client secret and comparing plain text, though now it will do ConstantTimeCompare to avoid a timing attack. So in either way it should provide more secure of client secret verification. Co-authored-by: Alex Surraci <suraci.alex@gmail.com> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Josh Winters	ec6f3a2f19	use bcrypt when comparing client secrets	5 years ago
Maksim Nabokikh	568fc06520	Update server/refreshhandlers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	3bd0e91a68	Make /device/token deprecation warning more concise Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	9ed5cc00cf	Add deprecation warning for /device/token endpoint Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	1211a86d58	fix: use /token endpoint to get tokens with device flow Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Steffen Pøhner Henriksen	0f68fadb9a	Allow public clients created with API to have no client_secret (#1871 ) Signed-off-by: Steffen Pøhner Henriksen <str3sses@gmail.com>	5 years ago
Mark Sagi-Kazar	7da0a89936	refactor: remove unused health checker Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Mark Sagi-Kazar	316da70545	refactor: use new health checker Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
m.nabokikh	9340fee011	Fixes after rebasing to the actual main branch Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	89295a5b4a	More refresh token handler refactoring, more tests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	4e73f39f57	Do not refresh id token claims if refresh token is allowed to reuse Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	0c75ed12e2	Add refresh token expiration tests and some refactoring Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	06c8ab5aa7	Fixes of naming and code style Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	91de99d57e	feat: Add refresh token expiration and rotation settings Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	d6b5105d9b	fix: check code presence Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	a7667dff38	fix: remove empty RefreshTokens Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	30a5dade0f	fix: unsupported request parameter error Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	123185c456	fix: return invalid_grant error for invalid or expired auth codes Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	283a87855a	fix: update auth methods and claims in discovery endpoint Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	bb503dbd81	Use constants in errors Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	a7978890c7	Add Cache-control headers to token responses Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	b2e9f67edc	Enable unparam, prealloc, sqlclosecheck linters Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Mark Sagi-Kazar	b8ac640c4f	Update oidc library Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Maksim Nabokikh	35da73de38	chore: add frontend section to dev config (#1913 ) * chore: add frontend section to dev config Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	30c3d78365	fix: log device flow entities GC result if no auth entities collected Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	1e88cca59a	Make dark theme even darker, add fallback for legacy themes Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Josh Soref	5d659a108c	spelling: templates Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	43b95a2d28	spelling: signer Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	22de6da60b	spelling: signatures Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	3f8fdbf314	spelling: rotator Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	8476e5acc0	spelling: requested Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	c79b40ad56	spelling: register Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	91e153780d	spelling: including Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
Josh Soref	8905fb4a65	spelling: existing Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	5 years ago
m.nabokikh	bcaddd4354	feat: Change default themes to light/dark Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Mark Sagi-Kazar	349832b380	Run fixer Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Martin Heide	162073b33e	No longer allow desktop/mobile redirect URIs implicitly if RedirectURIs is set Signed-off-by: Martin Heide <martin.heide@faro.com>	5 years ago
Martin Heide	c15e2887bc	Add oob, device and localhost redirect URI tests Signed-off-by: Martin Heide <martin.heide@faro.com>	5 years ago
Martin Heide	1ea481bb73	Fix gofmt in oauth2_test.go Signed-off-by: Martin Heide <martin.heide@faro.com>	5 years ago

1 2 3 4 5 ...

282 Commits (18d1f70ceebbcbe2cc052e35bf25b13d8dcdf2e4)