Arsharth
/
dex
forked from mystiq/dex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,183 Commits 27 Branches 73 Tags 23 MiB
Commit Graph

96 Commits

Author SHA1 Message Date
Bob Callaway 6eeba947f1 Merge remote-tracking branch 'upstream/master' into issue2289 2022-05-30 11:52:05 -04:00
m.nabokikh 57e9611ff6 fix: Implicit Grant discovery 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-03-08 16:16:25 +04:00
Joshua Winters 9284ffb8c0 Add generic oauth connector 
Co-authored-by: Shash Reddy <sreddy@pivotal.io>
Signed-off-by: Joshua Winters <jwinters@pivotal.io>
 2021-11-17 15:06:53 -05:00
ariary 7bc966217d sort grant type supported 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-10-06 08:29:14 -04:00
Bob Callaway 8fd69c16f5 correctly handle path escaping for connector IDs 
Signed-off-by: Bob Callaway <bob.callaway@gmail.com>
 2021-10-01 16:04:34 -04:00
ariary c6f6dd69e9 lint comment 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-09-15 03:58:27 -04:00
kali 1497e70225 Add parametrization of grant type supported in discovery endpoint 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-09-03 05:50:59 -04:00
Alastair Houghton cd0c24ec4d fix: add an extra endpoint to avoid refresh generating AuthRequests. 
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:42:52 +01:00
Márk Sági-Kazár 18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync 
Use constant time comparison for client secret verification
 2021-05-17 17:27:42 +02:00
Rui Yang fe8085b886 remove client secret encryption option 
constant time compare for client secret verification will be kept

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-17 10:16:50 -04:00
Márk Sági-Kazár 94a2b3ed87
Merge pull request #2010 from flant/switch-device-token-endpoint-to-token 
fix: use /token endpoint to get tokens with device flow
 2021-05-01 13:24:55 +02:00
Márk Sági-Kazár 551229a986
Merge pull request #1846 from flant/refresh-token-expiration-policy 
feat: Add refresh token expiration and rotation settings
 2021-04-24 11:03:40 +02:00
Mark Sagi-Kazar d1e8b085e2
feat: use embedded assets by default 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-03-22 15:44:03 +01:00
Rui Yang 2f28fc7451 default to ./web when Dir and WebFS are not set 
update WebFS doc

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang 4e569024fd use go 1.16 new package io/fs 
Unify the interface for reading web statics. Now it could read an
OS directory or get the content on live

One could use

//go:embed static
var webFiles embed.FS

anywhere and config dex server to take the file system by setting

WebConfig{WebFS: webFiles}

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang 7b50cbf0ac use pkger for embedding static contents 
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-03-20 20:05:59 +00:00
Rui Yang 1eab25f89f use web host url for asset hosting 
Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang 10e9054811 Use http.FileSystem for web assets 
Signed-off-by: Rui Yang <ryang@pivotal.io>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang d658c24e8f add dex config flag for enabling client secret encryption 
* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-03-20 20:05:56 +00:00
m.nabokikh 3bd0e91a68 Make /device/token deprecation warning more concise 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-25 11:53:25 +04:00
m.nabokikh 9ed5cc00cf Add deprecation warning for /device/token endpoint 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-24 17:14:28 +04:00
m.nabokikh 1211a86d58 fix: use /token endpoint to get tokens with device flow 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-24 16:03:25 +04:00
Mark Sagi-Kazar 316da70545
refactor: use new health checker 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 01:29:25 +01:00
m.nabokikh 91de99d57e feat: Add refresh token expiration and rotation settings 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:37:57 +04:00
m.nabokikh b2e9f67edc Enable unparam, prealloc, sqlclosecheck linters 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-15 19:29:13 +04:00
Márk Sági-Kazár afba7577bb
Merge pull request #1918 from flant/log-device-flow-gc 
fix: log device flow entities GC result if no auth entities collected
 2021-01-14 18:02:20 +01:00
Maksim Nabokikh 35da73de38
chore: add frontend section to dev config (#1913) 
* chore: add frontend section to dev config

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-12 19:20:38 +01:00
m.nabokikh 30c3d78365 fix: log device flow entities GC result if no auth entities collected 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-11 12:33:10 +04:00
m.nabokikh 1d83e4749d Add gocritic 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-18 01:54:27 +04:00
Alastair Houghton 9187aa669d fix: allow Authorization header when doing CORS 
The Authorization header needs to be allowed when doing CORS because
otherwise /userinfo can't work.  It isn't one of the headers
explicitly allowed by default by Gorilla, so we have to call
handlers.AllowedHeaders() to specify it.

Issues: #1532
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2020-10-05 15:01:54 +01:00
Rui Yang bd2234cd12 Add constructor for static key strategy 
Co-authored-by: Josh Winters <jwinter@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-10-01 15:32:23 -04:00
justin-slowik 9882ea453f better support for /device/callback redirect uris with public clients. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:06 -04:00
Justin Slowik 9c699b1028 Server integration test for Device Flow (#3) 
Extracted test cases from OAuth2Code flow tests to reuse in device flow

deviceHandler unit tests to test specific device endpoints

Include client secret as an optional parameter for standards compliance

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik 9bbdc721d5 Device flow token code exchange (#2) 
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik 0d1a0e4129 Device token api endpoint (#1) 
* Added /device/token handler with associated business logic and storage tests.

* Use crypto rand for user code

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik 6d343e059b Generates/Stores the device request and returns the device and user codes. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
techknowlogick 0a9f56527e
Add Gitea connector (#1715) 
* Add Gitea connector

* Add details to readme

* resolve lint issue
 2020-05-26 13:54:40 +02:00
Nándor István Krácser b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector 
new connector for Atlassian Crowd
 2020-02-24 10:09:27 +01:00
Nándor István Krácser 1160649c31
Merge pull request #1621 from concourse/pr/passowrd-grant-synced 
Rework - add support for Resource Owner Password Credentials Grant
 2020-02-20 08:27:50 +01:00
Ivan Mikheykin 7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Joshua Winters 76825fef8f Make logger and prometheus optional in server config 
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
 2020-01-13 15:28:41 -05:00
Zach Brown 13be146d2a Add support for password grant #926 2020-01-10 13:18:09 -05:00
Andrew Block 92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Mark Sagi-Kazar 9bd5ae5197
Fix goimports 2019-12-18 15:53:34 +01:00
Joel Speed 97ffa21262
Create separate Google connector 2019-11-19 17:12:36 +00:00
Stephan Renatus e1afe771cb
Merge pull request #1505 from MarcDufresne/show-login-page 
Add option to always display connector selection even if there's only one
 2019-08-07 09:23:42 +02:00
Marc-André Dufresne 0dbb642f2c
Add option to always display connector selection even if there's only one 2019-08-06 13:18:46 -04:00
Marc-André Dufresne d458e882aa
Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
Stephan Renatus d9487e553b
*: fix some lint issues 
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-30 11:29:08 +02:00
Maarten den Braber a8d059a237 Add userinfo endpoint 
Co-authored-by: Yuxing Li <360983+jackielii@users.noreply.github.com>
Co-authored-by: Francisco Santiago <1737357+fjbsantiago@users.noreply.github.com>
 2019-06-05 22:11:21 +02:00