Joe Bowers
4c9bab0890
server: user management endpoints strictly conform to schema
...
This change disables the URL fixing behavior or the router associated
with the user management schema. After this commit, URLS routing
to /api/$VERSION/users must target exactly the specified paths. In
addition, `/api/$VERSION/users/` will serve a 404
This change allows users to hit the user create endpoint, which
would previously serve a redirect rather than actually making the
associated change.
2015-09-24 16:41:29 -07:00
bobbyrullo
825c3cf21b
Merge pull request #128 from bobbyrullo/wait_on_connectors
...
cmd/dex-worker: wait 'til connectors are available
2015-09-18 17:28:26 -07:00
Bobby Rullo
510293a984
fixup
2015-09-18 17:25:06 -07:00
Bobby Rullo
3cd0d84e31
cmd/dex-worker: wait 'til connectors are available
...
Otherwise, if worker starts without connectors, and then connectors are
added workers have to be restarted to pick up the changes.
2015-09-18 17:11:58 -07:00
bobbyrullo
188aa27c17
Merge pull request #118 from bobbyrullo/k8s
...
Get the K8s files up to date with more docs
2015-09-18 15:31:01 -07:00
Bobby Rullo
25c21f0f7e
contrib/k8s: docs for using k8s configs
2015-09-18 15:30:17 -07:00
bobbyrullo
f15890edb4
Merge pull request #124 from cpswan/fixes-123
...
Documentation: no need to create a new Google project
2015-09-17 09:23:39 -07:00
Chris Swan
b773770218
Documentation: no need to create a new Google project
...
A new API key can be generated in an existing Google project
Fixes #123
Signed-off-by: Chris Swan <@cpswan>
2015-09-17 15:17:03 +01:00
Bobby Rullo
edd88db932
contrib/k8s: Use secrets to store secrets.
...
Also, move most flags to environment variables.
2015-09-09 14:29:41 -07:00
Bobby Rullo
d9b668002c
contrib/k8s: get yaml up-to-date with latest k8s
2015-09-08 14:53:53 -07:00
bobbyrullo
b340660d6d
Merge pull request #111 from dullgiulio/early-returns-nazi
...
Remove unnecessary else statements
2015-09-04 13:02:28 -07:00
Giulio Iotti
472e4a02a4
*: Remove unnecessary else statements
...
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
bobbyrullo
99ed0024b0
Merge pull request #96 from bobbyrullo/who_should_
...
README.md: "Similar Software", "who should use"
2015-09-03 11:48:01 -07:00
bobbyrullo
7f49efd873
Merge pull request #109 from bobbyrullo/yes_we_DO_have_TLS
...
Documentation: remove outdated TLS info
2015-09-03 09:57:43 -07:00
Bobby Rullo
bfe6cd2817
Documentation: remove outdated TLS info
2015-09-03 09:56:48 -07:00
bobbyrullo
507649750c
Merge pull request #108 from coreos/bobbyrullo-patch-1
...
Update README.md
2015-09-02 18:06:22 -07:00
bobbyrullo
1cde31af7d
Update README.md
2015-09-02 18:04:40 -07:00
bobbyrullo
0ec24a17bd
Merge pull request #104 from bobbyrullo/flags_are_good
...
cmd,server,static/html: Configurable name, logo
2015-09-02 18:00:58 -07:00
Bobby Rullo
f1820cda14
cmd,server,static/html: Configurable name, logo
...
fixes #47
2015-09-02 18:00:28 -07:00
Bobby Rullo
6545bc6f80
README.md: "Similar Software", "who should use"
2015-09-02 15:53:24 -07:00
Yifan Gu
e077803e93
Merge pull request #105 from yifan-gu/tests
...
refresh: bcrypt raw bytes rather than base64 encoded string.
2015-09-02 15:39:54 -07:00
Yifan Gu
44c6cb44f5
refresh: bcrypt raw bytes rather than base64 encoded string.
...
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.
Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
bobbyrullo
ff71593cd7
Merge pull request #106 from bobbyrullo/shadow_stevens
...
cmd/dex-overlord: was using the wrong err
2015-09-01 17:09:34 -07:00
Bobby Rullo
62aa12fa6c
cmd/dex-overlord: was using the wrong err
2015-09-01 17:07:10 -07:00
Yifan Gu
081bfdd13d
Merge pull request #103 from yifan-gu/offline
...
return refresh token only when scope contains 'offline_access'
2015-08-31 14:30:06 -07:00
Yifan Gu
fb72e6074a
Documentation: Update the notes on 'offline access'.
2015-08-31 13:59:02 -07:00
Yifan Gu
93a0830ae0
server: check scope in requests.
...
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec
session: add 'scope' field in session.
2015-08-31 13:51:59 -07:00
bobbyrullo
d87b5c9bfe
Merge pull request #102 from bobbyrullo/we_are_your_overlords
...
cmd/dex-overlord: bind admin API on 127.0.0.1
2015-08-31 13:43:50 -07:00
Bobby Rullo
9b64ecb2d7
cmd/dex-overlord: bind admin API on 127.0.0.1
...
Instead of 0.0.0.0; this is safer, since the admin API is very powerful.
fixes #97
2015-08-31 13:42:16 -07:00
bobbyrullo
40a0a63a3e
Merge pull request #101 from bobbyrullo/rename
...
Documentation: mv security_guide.md tls-setup.md
2015-08-31 13:32:10 -07:00
Bobby Rullo
1dd0d13ee0
Documentation: mv security_guide.md tls-setup.md
2015-08-31 13:29:52 -07:00
Yifan Gu
f1fb00efdd
Merge pull request #92 from yifan-gu/ssl
...
dex-worker: add TLS support.
2015-08-31 10:41:13 -07:00
Yifan Gu
783fa364f6
Documentation: add serity_guide.md to show how to establish TLS.
...
Also add example tls-setup configs that can be used to generate
TLS CA, server certs, key files using 'cfssl'.
2015-08-29 01:42:21 -07:00
Yifan Gu
01f95db3ca
examples: also print raw token in the result.
2015-08-29 01:42:21 -07:00
Yifan Gu
3da456efa8
dex-worker: add TLS support.
...
Add two new flags '--cert-file' and '--key-file'.
If scheme == 'https', then we will use the two new flags to get
the cert/key pair for TLS connection.
Also add '--ca-file' to the example app to allow TLS connection to the
dex-worker using a specified ca file.
2015-08-29 01:42:21 -07:00
bobbyrullo
1c85071705
Update README.md
2015-08-28 14:56:00 -07:00
bobbyrullo
7356265d68
Merge pull request #95 from bobbyrullo/fix_example
...
examples/static: various changes to fix examples
2015-08-28 12:43:39 -07:00
Bobby Rullo
abc1d365ac
examples/static: various changes to fix examples
2015-08-28 12:43:07 -07:00
bobbyrullo
8fc076af9e
Merge pull request #93 from bobbyrullo/oidc
...
OIDC Compliance Notes
2015-08-28 12:29:07 -07:00
Bobby Rullo
6d0e7e268e
Documentation: add notes on OIDC
2015-08-28 12:28:42 -07:00
bobbyrullo
9b4a264c1a
Merge pull request #89 from bobbyrullo/server_fix
...
server: make reset password pass tests
2015-08-26 15:46:22 -07:00
Bobby Rullo
bbcffde0a5
server: make reset password pass tests
...
Handler wants a password value even when its blank
2015-08-26 15:45:15 -07:00
bobbyrullo
ed0696f16b
Merge pull request #79 from bobbyrullo/intro_page
...
README.md/Documentation: Get Docs up-to-date.
2015-08-26 15:28:19 -07:00
Bobby Rullo
eb65555fe7
build-docker-push: allow override of quay repo
2015-08-26 15:28:09 -07:00
Bobby Rullo
fa96fb3a33
contrib: get standup up-to-date
...
* key_secret -> key_secrets
* make sure overlord starts up before other operations since it creates
the db
* remove race conditions by blocking on /health being up for worker and overlord
2015-08-26 15:28:09 -07:00
Bobby Rullo
5ecad3470b
Documentation: bring dev-guide up to date.
2015-08-26 15:27:11 -07:00
Bobby Rullo
3bbafaf3fe
README.md/Documentation: Get Docs up-to-date.
...
* Fix up README
* Create getting started guide.
* Start dev guide
* Start deploy guide
2015-08-26 15:27:11 -07:00
bobbyrullo
5abc7633fb
Merge pull request #87 from bobbyrullo/keyspace
...
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
d0c199b62c
cmd, server: base64 encode multiple secrets
...
Two things here:
* key secrets are now base64 encoded strings, so we get the full key
space
* we can pass >1 of them in so we can rotate them
2015-08-26 10:43:24 -07:00