Commit graph

22 commits

Author SHA1 Message Date
Eric Chiang
fa8f98acac server: fix registration redirect for servers listenin at non-base URLs 2016-08-19 16:25:32 -07:00
Eric Chiang
8216a3d992 connector: fix path that connectors listen on
When Dex uses a non-root issuer URL, it current assumes that all
path prefixes will be trimmed by an upstream proxy (e.g. nginx).
This means that all paths rendered in HTML will be absolute to the
prefix, but the handlers still listen at the root.

Connectors are currently the only component that registers at a
non-root URL. Make this conform with the rest of Dex by having the
server determine the path the connector listens as rather than the
connector itself.
2016-07-25 14:32:24 -07:00
Bobby Rullo
cdcf08066d client, server: public client restrictions
* disallow ClientCreds for public clients
* clients can only redirect to localhost or OOB
2016-06-20 17:03:12 -07:00
Bobby Rullo
ca18efb1fe client: load full clients w/ LoadableClient
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.
2016-06-08 11:31:50 -07:00
Bobby Rullo
e71c5086ba server: CodeToken now does Cross-Client auth 2016-06-07 17:22:41 -07:00
Bobby Rullo
9b4740862c server: /auth accepts, validates X-client scopes 2016-06-07 17:16:11 -07:00
Bobby Rullo
a33d61c8e2 server: remove boilerplate setup code part deux
Use the test fixture setup stuff in testutil instead.
2016-06-07 16:47:30 -07:00
Evan Cordell
a418e1c4e7 client: add client manager
adds a client manager to handle business logic, leaving the repo
for basic crud operations. Also adds client to the test script
2016-05-19 16:20:12 -07:00
Bobby Rullo
847849931f Revert "Fix response_type missing param"
This reverts commit 821b242c83.
2016-05-17 13:49:14 -07:00
Bobby Rullo
e5948ab3ce *: ClientIdentityXXX -> ClientXXX
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Bobby Rullo
95757e8779 *: Client Repo now deals with custom Client object
This is instead of oidc.ClientIdentity. This makes it easier to add new
fields custom to dex to the client.
2016-04-20 14:31:27 -07:00
Adrián López Gómez
d3d2db8e05 tests: add HandleTokenFunc test
Fixes #408
2016-04-15 09:17:02 +02:00
Rubén Soleto Buenvarón
821b242c83 Fix response_type missing param
This commit fix problem with response_type param, which is required according to OIDC spec, when it is missing.
 At now, when connector_id url query param is not set, connector view use response_type that client request instead of default "code".

Fixes #370
2016-03-17 08:00:49 +01:00
Eric Chiang
b572b8dd6c *: remove in memory client repo
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.

A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
7bac93aa20 *: remove in memory session repos
Move manager to it's own package so it can import db. Move all
references to the in memory session repos to use sqlite3.
2016-02-12 13:19:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Frode Nordahl
5d284e08ae Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.

If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.

When using 302 the HTTP client will issue a GET request.

Fixes #287
2016-01-23 22:33:53 +01:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
99e1163972 server: fix tests
In #210 a field name in the provider config was corrected. However
the old, and incorrect, value was hard coded in the tests. This
change updates the test case to hold the correct field name.

There are no other references to the old name in dex or its
vendored packages.
2015-12-16 18:20:14 -08:00
Bobby Rullo
bf9517fdaa server,cmd: Add flag for disabling registation
For situations where admins add users.
2015-09-30 16:35:58 -07:00
Yifan Gu
93a0830ae0 server: check scope in requests.
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00