Tree: 449f66477c

artifact-workflow

fix-google-admin-regression

helm

master

v1

v2.0.x

v2.1.x

v2.10.x

v2.13.x

v2.16.x

v2.2.x

v2.28.x

v2.3.x

v2.30.x

v2.31.x

v2.32.x

v2.33.x

v2.34.x

v2.35.x

v2.36.x

v2.37.x

v2.38.x

v2.39.x

v2.4.x

v2.40.x

v2.41.x

v2.42.x

v2.43.x

v2.45.x

v2.5.x

v2.6.x

v2.7.x

v2.8.x

v2.9.x

api/v2.0.0

api/v2.1.0

api/v2.2.0

api/v2.3.0

api/v2.4.0

v0.1.0

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-alpha.5

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.1

v2.0.2

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.28.1

v2.29.0

v2.3.0

v2.3.1

v2.30.0

v2.30.1

v2.30.2

v2.30.3

v2.31.0

v2.31.1

v2.31.2

v2.32.0

v2.32.1

v2.33.0

v2.33.1

v2.34.0

v2.35.0

v2.35.1

v2.35.2

v2.35.3

v2.36.0

v2.37.0

v2.38.0

v2.39.0

v2.39.1

v2.4.0

v2.4.1

v2.40.0

v2.41.0

v2.41.1

v2.42.0

v2.42.1

v2.43.0

v2.43.1

v2.44.0

v2.45.0

v2.45.1

v2.5.0

v2.6.0

v2.6.1

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '449f66477c'

${ noResults }

Commit Graph

418 Commits (449f66477c3d2f426162cdc99f15b3bbde474ee8)

Author	SHA1	Message	Date
Maksim Nabokikh	449f66477c	feat: Add AuthSession GC (#4667) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 week ago
Maksim Nabokikh	5bbc400c5a	feat: implement id_token_hint (#4670) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com>	1 week ago
Taylor Silva	92f51f9d67	fix non-constant format string in call to newRedirectedErr (#4671) ... Signed-off-by: Taylor Silva <dev@taydev.net>	1 week ago
Maksim Nabokikh	c3bc1d7466	feat: add auth_time, prompt, and max_age fields (#4662) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 week ago
Maksim Nabokikh	86abd336f8	Two-Factor authentication (TOTP) (#3712) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 week ago
Maksim Nabokikh	cbd7dd7f5a	feat: Create AuthSessions and set cookies (#4650) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 week ago
Maksim Nabokikh	1e65dda440	fix(localSigner): simplify Algorithm method to always return RSA algorithm (#4655) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
Maksim Nabokikh	12339f2cef	feat: implement user identity creation and persisting consent (#4645) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
Mark Liu	4fb3e7810b	feat(logger): add excludeFields config for PII redaction (#4621) ... Adds an slog.Handler wrapper (excludingHandler) that drops log attributes matching a configured set of keys. This allows GDPR-sensitive deployments to suppress PII fields like email, username, preferred_username, or groups at the logger level rather than per-callsite. Also adds user_id to the "login successful" log line so operators who exclude PII fields still have a pseudonymous identifier. Closes #4391 --------- Signed-off-by: Mark Liu <mark@prove.com.au>	2 weeks ago
Maksim Nabokikh	5bbfbbe168	feat: add PKCE (Proof Key for Code Exchange) configuration to OAuth2 settings (#4638) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
Maksim Nabokikh	2bda64690d	test: fix token introspection tests to use consistent timestamps (#4639) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
Maksim Nabokikh	f80a89dd5d	feat(client): add allowed connectors field to client configuration (#4610) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
Maksim Nabokikh	7777773067	feat(connector): connectors for grants (#4619) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	2 weeks ago
Mark Liu	c03a687465	fix(server): handle double-submit on approval endpoint (#4620) ... When GetAuthRequest returns ErrNotFound in handleApproval, render a 400 "User session error." instead of logging + rendering a 500 "Database error.". Covers the double-submit race where sendCodeResponse deletes the auth request on first approval and the second request finds nothing. --- Signed-off-by: Mark Liu <mark@prove.com.au> Signed-off-by: mark-liu <mark-liu@users.noreply.github.com>	3 weeks ago
Mathias Gebbe	fec4f53203	feat(oauth2): add client credentials flow with opt-in config flag (#4583) ... Implement the OAuth2 client_credentials grant type for machine-to-machine authentication. The grant is gated behind a new clientCredentialsEnabled config flag (defaults to false), following the same pattern as passwordConnector for the password grant. --------- Signed-off-by: Mathias Gebbe <mathias.gebbe@gmail.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	4 weeks ago
Maksim Nabokikh	a70f592589	fix(deviceflow): update redirect URIs to use absolute paths for non-root URLs (#4597) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	4 weeks ago
Ivan Zviagintsev	4311931881	feat: saml support refresh tokens (#4565) ... Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	4 weeks ago
Andy Lo-A-Foe	49dcb4d863	fix: clean up in-memory connector before create (#4529) ... Signed-off-by: Andy Lo-A-Foe <andy.loafoe@gmail.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	4 weeks ago
Aljoscha Bollmann	83697b06a6	fix(server): respond with forbidden if failed to authenticate (#4200) ... Signed-off-by: Aljoscha Bollmann <aljoscha.bollmann@proton.me>	1 month ago
Giovanni Vella	25591eeaf4	Add support to PKCE in OIDC connector (#3777) ... Signed-off-by: johnvan7 <giovanni.vella98@gmail.com> Signed-off-by: Giovanni Vella <giovanni.vella98@gmail.com>	1 month ago
Maksim Nabokikh	29c7b6f4e3	feat: validate redirect URIs and safely append parameters (#4559) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 month ago
Maksim Nabokikh	785033767c	feat: refactor signer configuration with local and vault options (#4532) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 month ago
Ivan Zviagintsev	9e377718dc	feat: add name and emailVerified fields for static passwords (#4526) ... Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	1 month ago
Maksim Nabokikh	2f6a185711	test: Add conformance tests for Vault signer integration (#4520) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Alwx <alwxsin@gmail.com>	1 month ago
Maksim Nabokikh	56958b1ad2	feat: Add Vault signer for JWT (#4512) ... Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com>	2 months ago
Mark Sagi-Kazar	bce74e7171	fix: failing go-oidc test after 3.15 ... Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2 months ago
Ivan Zvyagintsev	b0a6ee9045	fix: hide internal server error details from users ... Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	2 months ago
Ivan Zvyagintsev	debcb5c8f9	fix: hide internal server error details from users ... Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	2 months ago
Ivan Zviagintsev	d1b2722e39	feat: support groups and preferred_username for staticPasswords (#4456) ... Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	2 months ago
Doug Goldstein	dcbb7bbe58	fix: device callback URL needs to handle a / (#4448) ... If the issuer path ends with a / the URL will be built wrong so we should instead use the helper function to ensure the path is built correctly. fixes #4242. Signed-off-by: Doug Goldstein <cardoe@cardoe.com>	2 months ago
Mark Sagi-Kazar	e230d9426d	test: use new Go features in tests ... Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	7 months ago
Wenxuan Zhao	be868b9f7c	fix: join issuer URL with discovery path without extra slash after issuer URL ... Signed-off-by: Wenxuan Zhao <viz@linux.com>	8 months ago
Julius Foitzik	e7ea9d769c	fix: fork was outdated for some reason ... Signed-off-by: Julius Foitzik <info@accountr.eu>	8 months ago
Julius Foitzik	9791d86e9a	chore: add minor comment ... Signed-off-by: Julius Foitzik <info@accountr.eu>	8 months ago
Julius Foitzik	e7b151c386	feat: grpc api list clients ... refers to https://github.com/dexidp/dex/issues/3496 Signed-off-by: Julius Foitzik <info@accountr.eu>	8 months ago
Doug Goldstein	d6237a8a6e	fix: device code should not require scope ... As per RFC8628 section 3.1, https://datatracker.ietf.org/doc/html/rfc8628#section-3.1 the scope is optional. Since dex always requires at least 'openid', default the value to comply with the RFC. Signed-off-by: Doug Goldstein <cardoe@cardoe.com>	9 months ago
Doug Goldstein	fbcc76f779	fix: device code pending HTTP response ... As per RFC8628 section 3.5, https://datatracker.ietf.org/doc/html/rfc8628#section-3.5 the authorization_pending response should extend RFC6749 section 5.2, https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 which specifies that the HTTP response code should be 400, Bad Request. Signed-off-by: Doug Goldstein <cardoe@cardoe.com>	9 months ago
Manoj Vivek	87ec9e077e	Allow server startup with partial connector failures (#4159) ... Signed-off-by: Manoj Vivek <p.manoj.vivek@gmail.com>	9 months ago
Oleksandr Redko	9891daa585	refactor: simplify tests by using slog.DiscardHandler (#4058) ... Signed-off-by: Oleksandr Redko <oleksandr.red+github@gmail.com>	12 months ago
Massimiliano Filacchioni	6e0cbdf972	Generate access tokens for implicit & hybrid flows only when needed (#3857) ... Avoid access token generation when response_type is either "id_token" (for implicit flow) or "code id_token" (for hybrid flow). Signed-off-by: Massimiliano Filacchioni <m.filacchioni@gmail.com>	1 year ago
Mark Sagi-Kazar	76de7b3920	build: update Go to 1.24 ... Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	1 year ago
Bob Maertz	ad31b5d6f7	Passing context storage (#3941) ... Signed-off-by: Bob Maertz <1771054+bobmaertz@users.noreply.github.com>	1 year ago
Mark Sagi-Kazar	c7fd9620aa	chore: fix linter config and violations ... Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	1 year ago
Nicholas Wiersma	d521051e33	feat: set resource revision for connectors (#3868) ... Signed-off-by: Nicholas Wiersma <nick@wiersma.co.za>	1 year ago
Maksim Nabokikh	bb985ca0ea	Create offline sessions if approval is skipped (#3828) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 year ago
Maksim Nabokikh	4bb97c73a9	Handle root path better (than nothing) (#3747) ... Signed-off-by: maksim.nabokikh <max.nabokih@gmail,com> Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 year ago
Daniël Sonck	e7c0682e45	feat: also allow localhost equivalent IP addresses (#3778) ... Instead of only checking for "localhost", also validate through net.ParseIP + IsLoopback whether the host is numerically localhost Signed-off-by: Daniel Sonck <daniel@sonck.nl>	1 year ago
IvoGoman	1a16aa4889	feat(metrics): add response_size, request_duration histograms (#3748) ... replaces felixge/httpsnoop with prometheus/client_golang instrumentation adds histograms for response_size_bytes & request_duration_seconds Signed-off-by: Ivo Gosemann <ivo.gosemann@sap.com>	2 years ago
Koen de Laat	d0f1777c41	Added Discovery to grpc (#3598) ... Signed-off-by: Koen de Laat <koen.de.laat@philips.com>	2 years ago
Maksim Nabokikh	81af48862b	Remove additional features and add a feature flag instead (#3663) ... Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2 years ago