Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Packages Projects Releases Wiki Activity
1148 commits 27 branches 73 tags 23 MiB
Commit graph

188 commits

Author SHA1 Message Date
Nándor István Krácser 3cbba11012
Merge pull request #1610 from flant/oidc-email-scope-check 
Adding oidc email scope check
 2020-01-06 10:20:46 +01:00
m.nabokikh 383c2fe8b6 Adding oidc email scope check 
This helps to avoid "no email claim" error if email scope was not specified.

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2019-12-28 15:28:01 +04:00
Andrew Block d31f6eabd4
Corrected logic in group verification 2019-12-26 20:32:12 -06:00
Andrew Block 296659cb50
Reduced OpenShift scopes and enhanced documentation 2019-12-26 03:14:20 -06:00
Andrew Block 075ab0938e
Fixed formatting 2019-12-22 02:53:10 -05:00
Andrew Block 7e89d8ca24
Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block 02c8f85e4d
Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block db7711d72a
Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block 5881a2cfca
Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block 48954ca716
Corrected test formatting 2019-12-22 02:27:09 -05:00
Andrew Block 92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Nándor István Krácser a901e2f204
Merge pull request #1604 from dexidp/fix-linters 
Fix linters
 2019-12-20 07:10:22 +01:00
Lars Lehtonen 8e0ae82034
connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle 2019-12-18 08:27:40 -08:00
Mark Sagi-Kazar 65c77e9db2
Fix bodyclose 2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar 2f8d1f8e42
Fix unconvert 2019-12-18 15:56:46 +01:00
Mark Sagi-Kazar f141f2133b
Fix whitespace 2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar 9bd5ae5197
Fix goimports 2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar 367b187cf4
Fix missspell 2019-12-18 15:51:44 +01:00
Mark Sagi-Kazar 142c96c210
Fix stylecheck 2019-12-18 15:50:36 +01:00
Mark Sagi-Kazar 8c3dc0ca66
Remove unused code (fixed: unused, structcheck, deadcode linters) 2019-12-18 15:46:49 +01:00
Mark Sagi-Kazar d2095bb2d8
Rewrite LDAP tests to use Docker 2019-12-08 20:21:28 +01:00
Nandor Kracser a38e215891
connector/google: support group whitelisting 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-12-03 16:27:07 +01:00
Nándor István Krácser c41035732f
Merge pull request #1434 from jacksontj/groups 
Add option to enable groups for oidc connectors
 2019-11-27 14:00:36 +01:00
Joel Speed 658a2cc477
Make directory service during init 2019-11-19 17:12:44 +00:00
Joel Speed 554870cea0
Add todo for configurable groups key 2019-11-19 17:12:43 +00:00
Joel Speed 6a9bc889b5
Update comments 2019-11-19 17:12:40 +00:00
Joel Speed c03c98b951
Check config before getting groups 2019-11-19 17:12:39 +00:00
Joel Speed 3f55e2da72
Get groups from directory api 2019-11-19 17:12:38 +00:00
Joel Speed 36370f8f2a
No need to configure issuer 2019-11-19 17:12:37 +00:00
Joel Speed 97ffa21262
Create separate Google connector 2019-11-19 17:12:36 +00:00
Joel Speed 3156553843
OIDC: Rename refreshToken to RefreshToken 2019-11-19 15:43:25 +00:00
Joel Speed 77fcf9ad77
Use a struct for connector data within OIDC connector 2019-11-19 15:43:22 +00:00
Joel Speed f6077083c9
Identify error as failure to retrieve refresh token 2019-11-19 15:43:21 +00:00
Joel Speed 8b344fe4d3
Fix Refresh comment 2019-11-19 15:43:20 +00:00
Joel Speed 433bb2afec
Remove duplicate code 2019-11-19 15:43:12 +00:00
Joel Speed 4076eed17b
Build opts based on scope 2019-11-19 15:43:11 +00:00
Joel Speed 0857a0fe09
Implement refresh in OIDC connector 
This has added the access=offline parameter and prompt=consent parameter
to the initial request, this works with google, assuming other providers
will ignore the prompt parameter
 2019-11-19 15:43:04 +00:00
Nándor István Krácser 6d41541964
Merge pull request #1544 from kenperkins/saml-groups 
Adding support for allowed groups in SAML Connector
 2019-10-30 13:28:34 +01:00
Nándor István Krácser f2590ee07d
Merge pull request #1545 from jacksontj/getUserInfo 
Run getUserInfo prior to claim enforcement
 2019-10-30 13:26:18 +01:00
Nandor Kracser c1b421fa04 add preffered_username to idToken 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-10-30 13:06:37 +01:00
Thomas Jackson 21ab30d207 Add option to enable groups for oidc connectors 
There's been some discussion in #1065 regarding what to do about
refreshing groups. As it stands today dex doesn't update any of the
claims on refresh (groups would just be another one). The main concern
with enabling it is that group claims may change more frequently. While
we continue to wait on the upstream refresh flows, this adds an option
to enable the group claim. This is disabled by default (so no behavioral
change) but enables those that are willing to have the delay in group
claim change to use oidc IDPs.

Workaround to #1065
 2019-09-13 15:50:33 -07:00
Thomas Jackson 512cb3169e Run getUserInfo prior to claim enforcement 
If you have an oidc connector configured *and* that IDP provides thin
tokens (e.g. okta) then the majority of the requested claims come in the
getUserInfo call (such as email_verified). So if getUserInfo is
configured it should be run before claims are validated.
 2019-09-13 11:10:44 -07:00
Ken Perkins 285c1f162e connector/saml: Adding group filtering 
- 4 new tests
- Doc changes to use the group filtering
 2019-09-10 10:53:19 -07:00
wassan128 42e8619830 Fix typo 2019-09-06 09:55:09 +09:00
Nandor Kracser ef08ad8317 gitlab: add groups scope by default when filtering is requested 2019-08-14 13:33:46 +02:00
Stephan Renatus d9487e553b
*: fix some lint issues 
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-30 11:29:08 +02:00
Nandor Kracser ff34e570b4 connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-28 19:49:49 +02:00
Maxime Desrosiers 458585008b
microsoft: option for group UUIDs instead of name and group whitelist 2019-07-25 09:14:33 -04:00
Stephan Renatus 51f50fcad8
connectors: refactor filter code into a helper package 
I hope I didn't miss any :D

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-03 13:09:40 +02:00
Stephan Renatus d6fad19d95
Merge pull request #1459 from flarno11/master 
make userName configurable
 2019-06-04 09:47:19 +02:00