Commit graph

1893 commits

Author SHA1 Message Date
Andy Lindeman
840065faaf Assert something about the returned userinfo 2019-06-24 09:39:54 -04:00
Andy Lindeman
46f5726d11 Use oidc.Verifier to verify tokens 2019-06-22 13:18:35 -04:00
Andy Lindeman
157c359f3e Bump go-oidc to latest v2 2019-06-20 12:27:47 -04:00
mdbraber
3dd1bac821 Fix comments 2019-06-05 22:14:31 +02:00
Maarten den Braber
74f4e749b9 Formatting 2019-06-05 22:14:31 +02:00
Maarten den Braber
d7750b1e26 Fix changes 2019-06-05 22:14:31 +02:00
Maarten den Braber
a8d059a237 Add userinfo endpoint
Co-authored-by: Yuxing Li <360983+jackielii@users.noreply.github.com>
Co-authored-by: Francisco Santiago <1737357+fjbsantiago@users.noreply.github.com>
2019-06-05 22:11:21 +02:00
Stephan Renatus
d6fad19d95
Merge pull request #1459 from flarno11/master
make userName configurable
2019-06-04 09:47:19 +02:00
Stephan Renatus
c19ada3236
Merge pull request #1460 from tanmaykm/tan/linkedin
Update LinkedIn connector to use v2 APIs

This updates LinkedIn connector to use the more recent v2 APIs. Necessary because v1 APIs are not able to retrieve email ids any more with the default permissions.

The API URLs are now different. Fetching the email address is now a separate call, made after fetching the profile details. The r_basicprofile permission is not needed any more, and r_liteprofile (which seems to be the one assigned by default) is sufficient.

The relevant API specifications are at:

    https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
    https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api
    https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq#how-do-i-retrieve-the-members-email-address
2019-06-03 19:35:55 +02:00
tan
8613c78863 update LinkedIn connector to use v2 APIs
This updates LinkedIn connector to use the more recent v2 APIs. Necessary because v1 APIs are not able to retrieve email ids any more with the default permissions.

The API URLs are now different. Fetching the email address is now a separate call, made after fetching the profile details. The `r_basicprofile` permission is not needed any more, and `r_liteprofile` (which seems to be the one assigned by default) is sufficient.

The relevant API specifications are at:
- https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
- https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api
- https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq#how-do-i-retrieve-the-members-email-address
2019-06-03 22:59:37 +05:30
flarno11
8c1716d356 make userName configurable 2019-06-03 14:09:07 +02:00
Stephan Renatus
dfb2dfd333
Merge pull request #1456 from srenatus/sr/post-1448/fix-1455/restore-error-semantics
connectors/oidc: truely ignore "email_verified" claim if configured that way
2019-05-28 16:23:00 +02:00
Stephan Renatus
4e8cbf0f61
connectors/oidc: truely ignore "email_verified" claim if configured that way
Fixes #1455, I hope.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-05-28 16:15:06 +02:00
Stephan Renatus
e137db978d
Merge pull request #1457 from srenatus/sr/travis/use-go-1.1{1,2}.x
travis: replace golang 1.10 and 1.11 with 1.12
2019-05-28 16:14:43 +02:00
Stephan Renatus
11913a28c6
travis: replace golang 1.{10,11}.x with 1.12.x
This is because I suspect the gofmt rules change between these versions to
make half the travis CI tests fail sometimes?

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-05-28 16:07:20 +02:00
Stephan Renatus
49e59fb54f
Merge pull request #1448 from cappyzawa/user-id-key
oidc: Make userID configurable
2019-05-24 13:32:41 +02:00
cappyzawa
9650836851 make userID configurable 2019-05-24 19:52:33 +09:00
Eric Chiang
59560c9919
Merge pull request #1433 from jacksontj/userinfo
Add option in oidc to hit the optional userinfo endpoint
2019-05-23 09:42:13 -07:00
Thomas Jackson
52d09a2dfa Add option in oidc to hit the optional userinfo endpoint
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
2019-05-23 09:20:48 -07:00
jimmythedog
b189d07d53 dexidp#1440 Add offline_access scope, if required
Without this scope, a refresh token will not be returned from Microsoft
2019-05-14 05:15:13 +01:00
Eric Chiang
cd3c6983da
Merge pull request #1429 from tsuna/master
server: add metrics for CORS handlers.
2019-05-12 10:40:23 -07:00
Eric Chiang
35f51957c0
Merge pull request #1430 from mkontani/fix/typo
fix typo
2019-05-12 10:39:18 -07:00
Eric Chiang
06ec381082
Merge pull request #1432 from alindeman/warnf
Round out logging interface with functions for all levels
2019-05-12 10:38:55 -07:00
Eric Chiang
0babb2df18
Merge pull request #1435 from bonifaido/bitbucket-docs
docs: update bitbucket permission requirements
2019-05-12 10:33:01 -07:00
Stephan Renatus
429bb9303f
Merge pull request #1443 from deric/err
Print appropriate error
2019-05-12 07:58:12 +02:00
Stephan Renatus
d8f9634afc
Merge pull request #1436 from bonifaido/gitlab-groups
gitlab: support for group whitelist, add tests
2019-05-08 09:57:51 +02:00
Tomas Barton
55cebd58a8
print appropriate error 2019-05-03 14:19:54 +02:00
Nandor Kracser
7b416b5a8e gitlab: add tests 2019-05-02 08:06:56 +02:00
Nandor Kracser
a08a5811d4 gitlab: support for group whitelist 2019-04-25 12:50:29 +02:00
Nandor Kracser
b1931fc9bd docs: update bitbucket permission requirements 2019-04-25 10:45:00 +02:00
Andy Lindeman
34c7cfaf82
Round out logging interface with functions for all levels 2019-04-24 09:35:35 -04:00
mkontani
6ae76662de
fix ssoURL 2019-04-20 21:12:01 +09:00
Benoit Sigoure
d6ad67a6de server: add metrics for CORS handlers. 2019-04-19 14:32:52 -07:00
Eric Chiang
60f47c4228
Merge pull request #1427 from yann-soubeyrand/static-client-log-name
cmd/dex/serve.go: log static client name instead of ID
2019-04-18 15:21:23 -07:00
Yann Soubeyrand
c5f2871ab5 cmd/dex/serve.go: log static client name instead of ID
Signed-off-by: Yann Soubeyrand <yann.soubeyrand@gmx.fr>
2019-04-18 13:56:11 +02:00
Eric Chiang
29d8428387
Merge pull request #1426 from justaugustus/image
Update Docker build/image
2019-04-16 14:47:08 -07:00
Stephen Augustus
56f02b95c6 Update Docker build/image
- Update build container to golang:1.12.4-alpine
- Update dex image to alpine:3.9
- Run dex as non-root user

Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2019-04-16 17:00:05 -04:00
Eric Chiang
f6741d1837
Merge pull request #1417 from gezb/feature/odic_add_email_verfied_override
Add option to OIDC connecter to override email_verified to true
2019-03-05 14:49:02 -08:00
Gerald Barker
fc723af0fe Add option to OIDC connecter to override email_verified to true 2019-03-05 21:24:02 +00:00
Eric Chiang
83a0326b88
Merge pull request #1412 from okamototk/typo
Fix typo.
2019-02-23 08:51:07 -08:00
Takashi Okamoto
ac290f77aa Fix typo. 2019-02-23 16:34:10 +00:00
Eric Chiang
c113df2730
Merge pull request #1408 from sagikazarmark/logger-interface
Add logger interface and stop relying on Logrus directly
2019-02-22 12:51:31 -08:00
Mark Sagi-Kazar
d877fca092
Fix coding style 2019-02-22 21:43:55 +01:00
Mark Sagi-Kazar
06521ffa49
Remove the logrus logger wrapper 2019-02-22 21:31:46 +01:00
Mark Sagi-Kazar
aec2edb441
Match the interface to logrus implementation 2019-02-22 21:27:54 +01:00
Mark Sagi-Kazar
d1c8f8d095
Remove structured logging from the logger interface 2019-02-22 21:26:30 +01:00
Eric Chiang
e913a252cd
Merge pull request #1410 from sagikazarmark/fix-typo
Fix typo
2019-02-22 12:02:27 -08:00
Mark Sagi-Kazar
c48cb36e8f
Fix typo 2019-02-22 20:54:19 +01:00
Eric Chiang
8b4a9bf5ee
Merge pull request #1409 from bonifaido/production-users-banzaicloud
production users: add Banzai Cloud
2019-02-22 11:05:02 -08:00
Nandor Kracser
6c71b330a8 production users: add Banzai Cloud 2019-02-22 16:40:34 +01:00