mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Maksim Nabokikh	5bbfbbe168	feat: add PKCE (Proof Key for Code Exchange) configuration to OAuth2 settings (#4638 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	4 days ago
Maksim Nabokikh	7777773067	feat(connector): connectors for grants (#4619 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	6 days ago
Mathias Gebbe	fec4f53203	feat(oauth2): add client credentials flow with opt-in config flag (#4583 ) Implement the OAuth2 client_credentials grant type for machine-to-machine authentication. The grant is gated behind a new clientCredentialsEnabled config flag (defaults to false), following the same pattern as passwordConnector for the password grant. --------- Signed-off-by: Mathias Gebbe <mathias.gebbe@gmail.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	2 weeks ago
Andy Lo-A-Foe	49dcb4d863	fix: clean up in-memory connector before create (#4529 ) Signed-off-by: Andy Lo-A-Foe <andy.loafoe@gmail.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	3 weeks ago
Maksim Nabokikh	785033767c	feat: refactor signer configuration with local and vault options (#4532 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	4 weeks ago
Ivan Zviagintsev	9e377718dc	feat: add name and emailVerified fields for static passwords (#4526 ) Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	1 month ago
Maksim Nabokikh	56958b1ad2	feat: Add Vault signer for JWT (#4512 ) Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com>	1 month ago
Ivan Zviagintsev	d1b2722e39	feat: support groups and preferred_username for staticPasswords (#4456 ) Signed-off-by: Ivan Zvyagintsev <ivan.zvyagintsev@flant.com>	2 months ago
Wenxuan Zhao	be868b9f7c	fix: join issuer URL with discovery path without extra slash after issuer URL Signed-off-by: Wenxuan Zhao <viz@linux.com>	7 months ago
Manoj Vivek	87ec9e077e	Allow server startup with partial connector failures (#4159 ) Signed-off-by: Manoj Vivek <p.manoj.vivek@gmail.com>	9 months ago
Bob Maertz	ad31b5d6f7	Passing context storage (#3941 ) Signed-off-by: Bob Maertz <1771054+bobmaertz@users.noreply.github.com>	1 year ago
Maksim Nabokikh	4bb97c73a9	Handle root path better (than nothing) (#3747 ) Signed-off-by: maksim.nabokikh <max.nabokih@gmail,com> Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>	1 year ago
IvoGoman	1a16aa4889	feat(metrics): add response_size, request_duration histograms (#3748 ) replaces felixge/httpsnoop with prometheus/client_golang instrumentation adds histograms for response_size_bytes & request_duration_seconds Signed-off-by: Ivo Gosemann <ivo.gosemann@sap.com>	2 years ago
Maksim Nabokikh	81af48862b	Remove additional features and add a feature flag instead (#3663 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2 years ago
Maksim Nabokikh	225660785c	Enrich Dex logs with real IP and request ID (#3661 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>	2 years ago
Giovanni Campeol	b07e1bc9f1	gRPC Connectors API (#3245 ) Signed-off-by: Giovanni Campeol <giovanni.campeol.95@gmail.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com>	2 years ago
Sean Liao	0b6a78397e	use slog for structured logging (#3502 ) Signed-off-by: Sean Liao <sean+git@liao.dev>	2 years ago
Romain Caire	8755308759	[RFC7662] Add introspect endpoint to introspect access & refresh token (#3404 ) Signed-off-by: Romain Caire <super.cairos@gmail.com>	2 years ago
Maksim Nabokikh	088339fc28	Add headers control to dex web server (#3339 ) Customization of headers in the authentication server is crucial for enforcing stringent security measures by allowing the inclusion of specific headers required for authentication protocols and compliance standards. This customization ensures that authentication requests are processed securely, mitigating potential vulnerabilities and ensuring adherence to security policies. Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2 years ago
Maksim Nabokikh	4f307d70c6	Fix lint errors after merging AllowedHeaders feature (#3247 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2 years ago
Josiah Evans	dce31d82ea	feat: Add configurable CORS Headers (#3114 ) Signed-off-by: Josiah Evans <josiah.evans@lunit.io>	2 years ago
Cedric-Magnan	a72413dd47	Update server.go Signed-off-by: Cedric-Magnan <cedric.magnan@artefact.com> Signed-off-by: Oded Ben-Ozer <obenozer@wayfair.com>	3 years ago
Sean Liao	dcf7b18510	OAuth 2.0 Token Exchange (#2806 ) Signed-off-by: Sean Liao <sean+git@liao.dev> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	3 years ago
Cedric-Magnan	791657276e	Update server.go Signed-off-by: Cedric-Magnan <cedric.magnan@artefact.com>	3 years ago
Josh Soref	e15b599e6a	spelling: programmatically Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	3 years ago
Maksim Nabokikh	fc0e2e9383	feat: Add default robots.txt (#2834 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	3 years ago
m.nabokikh	57e9611ff6	fix: Implicit Grant discovery Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Joshua Winters	9284ffb8c0	Add generic oauth connector Co-authored-by: Shash Reddy <sreddy@pivotal.io> Signed-off-by: Joshua Winters <jwinters@pivotal.io>	4 years ago
ariary	7bc966217d	sort grant type supported Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
Bob Callaway	8fd69c16f5	correctly handle path escaping for connector IDs Signed-off-by: Bob Callaway <bob.callaway@gmail.com>	5 years ago
ariary	c6f6dd69e9	lint comment Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
kali	1497e70225	Add parametrization of grant type supported in discovery endpoint Signed-off-by: ariary <ariary9.2@hotmail.fr>	5 years ago
Alastair Houghton	cd0c24ec4d	fix: add an extra endpoint to avoid refresh generating AuthRequests. By adding an extra endpoint and a redirect, we can avoid a situation where it's trivially easy to generate a large number of AuthRequests by hitting F5/refresh in the browser. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	5 years ago
Rui Yang	fe8085b886	remove client secret encryption option constant time compare for client secret verification will be kept Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Mark Sagi-Kazar	d1e8b085e2	feat: use embedded assets by default Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
Rui Yang	2f28fc7451	default to ./web when Dir and WebFS are not set	5 years ago
Rui Yang	4e569024fd	use go 1.16 new package io/fs Unify the interface for reading web statics. Now it could read an OS directory or get the content on live One could use //go:embed static var webFiles embed.FS anywhere and config dex server to take the file system by setting WebConfig{WebFS: webFiles} Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	5 years ago
Rui Yang	7b50cbf0ac	use pkger for embedding static contents Co-authored-by: Vikram Yadav <vyadav@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
Rui Yang	1eab25f89f	use web host url for asset hosting	5 years ago
Rui Yang	10e9054811	Use http.FileSystem for web assets	5 years ago
Rui Yang	d658c24e8f	add dex config flag for enabling client secret encryption * if enabled, it will make sure client secret is bcrypted correctly * if not, it falls back to old behaviour that allowing empty client secret and comparing plain text, though now it will do ConstantTimeCompare to avoid a timing attack. So in either way it should provide more secure of client secret verification. Co-authored-by: Alex Surraci <suraci.alex@gmail.com> Signed-off-by: Rui Yang <ruiya@vmware.com>	5 years ago
m.nabokikh	3bd0e91a68	Make /device/token deprecation warning more concise Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	9ed5cc00cf	Add deprecation warning for /device/token endpoint Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	1211a86d58	fix: use /token endpoint to get tokens with device flow Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Mark Sagi-Kazar	316da70545	refactor: use new health checker Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	5 years ago
m.nabokikh	91de99d57e	feat: Add refresh token expiration and rotation settings Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	b2e9f67edc	Enable unparam, prealloc, sqlclosecheck linters Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Maksim Nabokikh	35da73de38	chore: add frontend section to dev config (#1913 ) * chore: add frontend section to dev config Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	30c3d78365	fix: log device flow entities GC result if no auth entities collected Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	1d83e4749d	Add gocritic Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago

1 2 3

122 Commits (5bbfbbe168a747b017710dd8804846ddf390cbb2)