Commit graph

55 commits

Author SHA1 Message Date
Bobby Rullo
62aa12fa6c cmd/dex-overlord: was using the wrong err 2015-09-01 17:07:10 -07:00
Yifan Gu
081bfdd13d Merge pull request #103 from yifan-gu/offline
return refresh token only when scope contains 'offline_access'
2015-08-31 14:30:06 -07:00
Yifan Gu
fb72e6074a Documentation: Update the notes on 'offline access'. 2015-08-31 13:59:02 -07:00
Yifan Gu
93a0830ae0 server: check scope in requests.
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec session: add 'scope' field in session. 2015-08-31 13:51:59 -07:00
bobbyrullo
d87b5c9bfe Merge pull request #102 from bobbyrullo/we_are_your_overlords
cmd/dex-overlord: bind admin API on 127.0.0.1
2015-08-31 13:43:50 -07:00
Bobby Rullo
9b64ecb2d7 cmd/dex-overlord: bind admin API on 127.0.0.1
Instead of 0.0.0.0; this is safer, since the admin API is very powerful.

fixes #97
2015-08-31 13:42:16 -07:00
bobbyrullo
40a0a63a3e Merge pull request #101 from bobbyrullo/rename
Documentation: mv security_guide.md tls-setup.md
2015-08-31 13:32:10 -07:00
Bobby Rullo
1dd0d13ee0 Documentation: mv security_guide.md tls-setup.md 2015-08-31 13:29:52 -07:00
Yifan Gu
f1fb00efdd Merge pull request #92 from yifan-gu/ssl
dex-worker: add TLS support.
2015-08-31 10:41:13 -07:00
Yifan Gu
783fa364f6 Documentation: add serity_guide.md to show how to establish TLS.
Also add example tls-setup configs that can be used to generate
TLS CA, server certs, key files using 'cfssl'.
2015-08-29 01:42:21 -07:00
Yifan Gu
01f95db3ca examples: also print raw token in the result. 2015-08-29 01:42:21 -07:00
Yifan Gu
3da456efa8 dex-worker: add TLS support.
Add two new flags '--cert-file' and '--key-file'.
If scheme == 'https', then we will use the two new flags to get
the cert/key pair for TLS connection.

Also add '--ca-file' to the example app to allow TLS connection to the
dex-worker using a specified ca file.
2015-08-29 01:42:21 -07:00
bobbyrullo
1c85071705 Update README.md 2015-08-28 14:56:00 -07:00
bobbyrullo
7356265d68 Merge pull request #95 from bobbyrullo/fix_example
examples/static: various changes to fix examples
2015-08-28 12:43:39 -07:00
Bobby Rullo
abc1d365ac examples/static: various changes to fix examples 2015-08-28 12:43:07 -07:00
bobbyrullo
8fc076af9e Merge pull request #93 from bobbyrullo/oidc
OIDC Compliance Notes
2015-08-28 12:29:07 -07:00
Bobby Rullo
6d0e7e268e Documentation: add notes on OIDC 2015-08-28 12:28:42 -07:00
bobbyrullo
9b4a264c1a Merge pull request #89 from bobbyrullo/server_fix
server: make reset password pass tests
2015-08-26 15:46:22 -07:00
Bobby Rullo
bbcffde0a5 server: make reset password pass tests
Handler wants a password value even when its blank
2015-08-26 15:45:15 -07:00
bobbyrullo
ed0696f16b Merge pull request #79 from bobbyrullo/intro_page
README.md/Documentation: Get Docs up-to-date.
2015-08-26 15:28:19 -07:00
Bobby Rullo
eb65555fe7 build-docker-push: allow override of quay repo 2015-08-26 15:28:09 -07:00
Bobby Rullo
fa96fb3a33 contrib: get standup up-to-date
* key_secret -> key_secrets
* make sure overlord starts up before other operations since it creates
  the db
* remove race conditions by blocking on /health being up for worker and overlord
2015-08-26 15:28:09 -07:00
Bobby Rullo
5ecad3470b Documentation: bring dev-guide up to date. 2015-08-26 15:27:11 -07:00
Bobby Rullo
3bbafaf3fe README.md/Documentation: Get Docs up-to-date.
* Fix up README
* Create getting started guide.
* Start dev guide
* Start deploy guide
2015-08-26 15:27:11 -07:00
bobbyrullo
5abc7633fb Merge pull request #87 from bobbyrullo/keyspace
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
d0c199b62c cmd, server: base64 encode multiple secrets
Two things here:

    * key secrets are now base64 encoded strings, so we get the full key
      space

    * we can pass >1 of them in so we can rotate them
2015-08-26 10:43:24 -07:00
Bobby Rullo
93f4ae2ba6 pkg/crypto: Don't modify ciphertext in place.
mmmkay?
2015-08-26 10:43:24 -07:00
Bobby Rullo
0feb1dd719 pkg/flag: add new Base64, Base64List flag.Values
Allows setting of []byte's with base64 encoded strings and [][]bytes
with comma-separated base64 encoded strings.
2015-08-25 16:42:43 -07:00
Bobby Rullo
c8feb5c33d db: PrivateKeySetRepo now takes >1 secrets
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.

The makes it possible to rotate keys.
2015-08-25 16:41:20 -07:00
Ed Rooth
8cfffcc98a Merge pull request #85 from sym3tri/update-templates
static: update all static templates to be generic & prettier
2015-08-25 14:56:40 -07:00
Ed Rooth
627a4f8805 static: update all templates to be generic 2015-08-25 09:42:43 -07:00
bobbyrullo
ba7c5d5cd7 Merge pull request #84 from bobbyrullo/gorpy
Move gorp to its new location.
2015-08-24 18:02:21 -07:00
Bobby Rullo
74df09acb6 db: gorp moved to github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
Bobby Rullo
50c568b9d2 godep: add github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
bobbyrullo
72c3b0c31a Merge pull request #82 from philips/dex-origin-story
README: explain the name dex
2015-08-24 12:54:36 -07:00
Brandon Philips
827a63f458 README: explain the name dex
People are going to ask, might as well get it out there.
2015-08-24 12:47:31 -07:00
bobbyrullo
2b23798366 Merge pull request #80 from polvi/nit
bug: remote whitespace so eval works
2015-08-24 11:46:08 -07:00
Alex Polvi
c7d2393add bug: remote whitespace so eval works 2015-08-24 08:20:04 -07:00
bobbyrullo
fdce57513a Merge pull request #77 from coreos/bobbyrullo-patch-1
Update Quay link, remove semaphore link
2015-08-21 10:13:56 -07:00
bobbyrullo
35d3f95bb7 Update Quay link, remove semaphore link 2015-08-21 10:13:35 -07:00
bobbyrullo
d2416b9abe Merge pull request #76 from bobbyrullo/master
Godeps: remove link
2015-08-21 09:56:14 -07:00
Bobby Rullo
cf62cfe0d3 Godeps: remove link 2015-08-21 09:55:21 -07:00
bobbyrullo
43b0f7a1e1 Merge pull request #75 from bobbyrullo/docker_is_fun
go-docker: support functional tests
2015-08-20 16:53:48 -07:00
bobbyrullo
5f4fa64214 Merge pull request #74 from bobbyrullo/db_migrate_redux
db: initialize bigint, boolean columns
2015-08-20 16:52:39 -07:00
Bobby Rullo
91b900db3b go-docker: support functional tests
* add linking to go-docker command and remove host networking
* add functional/repo to functional tests script
2015-08-20 16:50:30 -07:00
Bobby Rullo
4ce5a36d08 db: initialize bigint, boolean columns
gorp hates nil.
2015-08-20 12:38:15 -07:00
bobbyrullo
6798adc607 Merge pull request #67 from bobbyrullo/db_migrate
DB Migrations for Dex
2015-08-20 11:45:35 -07:00
Bobby Rullo
8b6a2699d9 cmd/dex-overlord, db: migrations in overlord
Migrations happen only in the overlord, so there's no thundering herd,
and database initialziation can be more easily controlled.
2015-08-20 11:44:43 -07:00
Bobby Rullo
84bc8073de functional: Test DBs use migrations
All repo tests build their tables by applying all the migrations. This
way we know our migrations are functional.
2015-08-20 11:44:43 -07:00