mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Bobby Rullo	b80dbc8975	server: support out-of-band auth flow When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to an internal dex page where the user is shown the code and instructed to paste it into their app.	10 years ago
Bobby Rullo	cdcf08066d	client, server: public client restrictions * disallow ClientCreds for public clients * clients can only redirect to localhost or OOB	10 years ago
Bobby Rullo	4f85f3a479	server: change ClientMetadata -> Client Metadata is not enough these days - we're going to need access to the Public field as well.	10 years ago
Eric Chiang	35cab93c0a	*: add --enable-automatic-registration flag to worker For remote connectors, allow users to skip registration.	10 years ago
Bobby Rullo	8942a49702	server: remove client_resource api ...and dependent code.	10 years ago
Bobby Rullo	75473b4cba	refresh tokens: grant claims based on scopes Before, this logic was only in the OIDCServer.CodeToken() method; now it has been pulled out so that other paths, like OIDCServer.RefreshToken() can use it. The net affect, is that now refresh tokens can be used to get cross-client authenticated ID Tokens.	10 years ago
Bobby Rullo	32a1994a5e	refresh tokens: store and validate scopes. A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes	10 years ago
Bobby Rullo	ca18efb1fe	client: load full clients w/ LoadableClient The Client object on its own doesn't fully express everything about a single client, and so when loading clients from a static configuration it's not enough to just (de)serialize clients. To that end, LoadableClient contains the full representation of a client and associated entities.	10 years ago
Bobby Rullo	5939a15d10	remove DexServer	10 years ago
Bobby Rullo	e71c5086ba	server: CodeToken now does Cross-Client auth	10 years ago
Bobby Rullo	9b4740862c	server: /auth accepts, validates X-client scopes	10 years ago
Bobby Rullo	f9dbc8a3d2	db, client: add data model for trusted peers Trusted Peers are clients that are authorized to mint tokens for another client.	10 years ago
Bobby Rullo	1b4dca80d7	client: remove ClientManagerFromClients Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it was doing the wrong thing: it was ignoring the client_id and client_secret passed into it as far as I can tell.	10 years ago
Bobby Rullo	a33d61c8e2	server: remove boilerplate setup code part deux Use the test fixture setup stuff in testutil instead.	10 years ago
Bobby Rullo	ad1d5ab253	server: remove boilerplate setup code Use the test fixture setup stuff in testutil instead.	10 years ago
Eric Chiang	35ea3d9ae1	*: add ability to set and list connectors from admin API closes #360	10 years ago
Bobby Rullo	bbaea52ea6	alternate approach to fixing tests	10 years ago
Evan Cordell	73d9742c8b	client manager: accept full client when creating	10 years ago
Evan Cordell	a418e1c4e7	client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script	10 years ago
Evan Cordell	3da98fcb8e	client: add transaction support	10 years ago
Bobby Rullo	847849931f	Revert "Fix response_type missing param" This reverts commit `821b242c83`.	10 years ago
Bobby Rullo	e5948ab3ce	*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology.	10 years ago
Bobby Rullo	95757e8779	*: Client Repo now deals with custom Client object This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client.	10 years ago
Adrián López Gómez	d3d2db8e05	tests: add HandleTokenFunc test Fixes #408	10 years ago
Eric Chiang	7858da565f	server: add more validation to --no-db static file parsing In #393 the format of the static user file in --no-db mode changed. However, the old format loads without error, which has caused issues for developers with existing user files. Add an explicit check to ensure the file is not using the old format. If they are, print a better error message.	10 years ago
Stephan Renatus	ed89be44ef	bugfix: make getCreds work for non-admins (#396 )	10 years ago
Eric Chiang	553e7d0167	server: add refresh token revocation API to server	10 years ago
Eric Chiang	ac73d3cdf2	*: load password infos from users file in no-db mode not connectors In --no-db mode, load passwords from the users file instead of the connectors file. This allows us to remove the password infos field from the local connector and stop loading them during connector registration, a case that was causing panics when using a real database (see #286). Fixes #286 Closes #340	10 years ago
Eric Chiang	b10645f58d	*: add client registration endpoint to admin API	10 years ago
Eric Chiang	6120f7ac05	*: add isAdmin option to client repo when creating a client	10 years ago
Rubén Soleto Buenvarón	821b242c83	Fix response_type missing param This commit fix problem with response_type param, which is required according to OIDC spec, when it is missing. At now, when connector_id url query param is not set, connector view use response_type that client request instead of default "code". Fixes #370	10 years ago
Eric Chiang	c3aa6a1ee3	server: correctly decode oauth2 basic auth credentials Fixes #336	10 years ago
Eric Chiang	01a24542e9	*: fix tests that care about email case sensitivity	10 years ago
Eric Chiang	3f4a42eefd	*: remove unused code This change has no functional changes, it only removes dead code.	10 years ago
Eric Chiang	067ccee145	server: add db heatlh checker to server checkers	10 years ago
Rubén Soleto Buenvarón	8156870862	add support for resend an invite email This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist. At now, you can resend invitation email using endpoint /users/{id}/resend-invitation Fixes #184	10 years ago
Eric Chiang	07af73f367	*: don't allow sqlite3 if --no-db flag not specified	10 years ago
Eric Chiang	3b125d6073	*: fix --no-db client decoding	10 years ago
Eric Chiang	dcf5835189	*: remove in memory connector config repo	10 years ago
Eric Chiang	b572b8dd6c	*: remove in memory client repo The DB implementation expects secrets to be base64 encoded blobs. Because of this a bunch of tests broke moving to sqlite. A lot of this commit is fixing those tests.	10 years ago
Eric Chiang	72d1ecab64	*: remove in memory password info repo	10 years ago
Eric Chiang	2726f4dcdf	*: remove in memory user repo	10 years ago
Eric Chiang	95560404a3	*: remove in memory refresh repo	10 years ago
Eric Chiang	7bac93aa20	*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3.	10 years ago
Eric Chiang	04cd1851aa	server: add dynamic client registration	10 years ago
Frode Nordahl	5d284e08ae	Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302) HTTP code 307 aka. StatusTemporaryRedirect is used throughout the project. However, the endpoints redirected to explicitly expects the client to make a GET request. If a HTTP client issues a POST request to a server and receives a HTTP 307 redirect, it forwards the POST request to the new URL. When using 302 the HTTP client will issue a GET request. Fixes #287	10 years ago
Eric Chiang	4da143ca2d	server: fix reset password test TestResetPasswordHandler depended on makeToken begin called twice during the initialization of a single test case and later assuming the result would match. Because the token has a timestamp accurate to the second, occasionally the timestamps would be slightly off within a single test case and cause the test to fail. Adding a sleep statement to makeToken would cause the test to fail reliably. Define a single token for each test case outside of the struct initializer so test cases compare the same token. Closes #274 Additionally remove logging statements that dump entire HTML pages.	10 years ago
Eric Chiang	0ada4c8010	*: move user API auth to middleware and fix return status Move client authentication into its own middleware and provide differentiation between HTTP requests that do not provide credentials (401) and requests that authenticate as a non-admin user (403). Closes #152	10 years ago
Eric Chiang	ec3bc7f258	*: allow dexctl set-connector-configs to read from stdin Closes #276	10 years ago
Eric Chiang	5e44b6bc27	*: update all to accommodate changes to go-oidc Update dex to comply with the changes to fieldnames and types of the client and provider metadata structs in coreos/go-oidc.	10 years ago

1 2

99 Commits (v0.5.0)