Commit graph

153 commits

Author SHA1 Message Date
Eric Chiang
a3235d022a *: verify "state" field before passing request to callback connectors
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.

Callbacks now all look like:

    https://dex.example.com/callback

Instead of:

    https://dex.example.com/callback/(connector id)

Even when multiple connectors are being used.
2016-10-27 10:23:09 -07:00
Eric Chiang
ba9f6c6cd6 Merge pull request #618 from ericchiang/dev-contrib-ldap-container
contrib/openldap: add an OpenLDAP Docker image for testing
2016-10-20 13:14:17 -07:00
Eric Chiang
373ac050f7 contrib/openldap: add a OpenLDAP container for testing 2016-10-20 09:43:06 -07:00
Eric Chiang
ea52bf263b Merge pull request #623 from ericchiang/dev-port-oob-template
*: port oob template
2016-10-19 13:53:02 -07:00
Eric Chiang
7084a801d7 *: port oob template 2016-10-19 12:45:17 -07:00
Eric Chiang
86b2d93966 Merge pull request #594 from ericchiang/dev-proposal-upstream-refreshing
Documentation/proposals: add a proposal for keeping data in-sync during refreshes
2016-10-17 11:58:20 -07:00
Eric Chiang
774242f750 Documentation/proposals: added a caveats section to upstream refreshing proposal 2016-10-17 11:54:10 -07:00
Eric Chiang
688d798ff4 Merge pull request #620 from ericchiang/dev-fix-rotation-polling
server: fix key rotation polling
2016-10-17 11:13:00 -07:00
Eric Chiang
892fa3fe35 server: rename "rotationStrategy.period" to "rotationFrequency"
gorename command run:

    gorename \
      -from '"github.com/coreos/dex/server".rotationStrategy.period' \
      -to rotationFrequency
2016-10-17 10:57:14 -07:00
Eric Chiang
d8033999d5 server: fix key rotation polling 2016-10-17 10:47:47 -07:00
Eric Chiang
3e94e65b68 Merge pull request #617 from ericchiang/dev-aci-path
*: build aci at the correct path including version, OS, and arch
2016-10-14 14:40:14 -07:00
Eric Chiang
26b43e19c8 *: build aci at the correct path including version, OS, and arch 2016-10-14 14:29:22 -07:00
Eric Chiang
8b909140fd Merge pull request #615 from ericchiang/dev-fix-sql-keys-query
dev branch: fix sql keys query
2016-10-14 12:30:59 -07:00
Eric Chiang
fe320c1928 storage/sql: fix typo in keys query 2016-10-14 12:28:49 -07:00
Eric Chiang
0a3aabc8ff storage/conformace: add conformance tests for keys 2016-10-14 12:28:49 -07:00
Eric Chiang
ade27b3d5e Merge pull request #612 from ericchiang/dev-make-example-config-more-readable
*: add more comments to the example config
2016-10-14 09:01:53 -07:00
Eric Chiang
6a9df8ab1c Merge pull request #606 from ericchiang/dev-self-managed-third-party-resources
dev branch: self managed third party resources
2016-10-14 09:00:05 -07:00
Eric Chiang
dc13f09fb7 *: add more comments to the example config 2016-10-14 08:58:57 -07:00
Eric Chiang
e25a364dbe Merge pull request #611 from ericchiang/dev-gc-reduce-verbosity
server: only print gc stats if something has been removed
2016-10-13 22:01:16 -07:00
Eric Chiang
89ecfd2ede server: only print gc stats if something has been removed 2016-10-13 21:55:56 -07:00
Eric Chiang
7288e49c19 Merge pull request #610 from ericchiang/dev-fix-linting
dev branch: fix linting
2016-10-13 18:19:13 -07:00
Eric Chiang
96440e4cc5 *: fix linting 2016-10-13 18:15:20 -07:00
Eric Chiang
e7d7c3500a Merge pull request #608 from ericchiang/dev-properly-compile-version
dev branch: properly compile version into docker images
2016-10-13 18:03:56 -07:00
Eric Chiang
3dac0063df *: properly compile version into docker images 2016-10-13 17:58:40 -07:00
Eric Chiang
b7c6eea341 examples/k8s: update documentation 2016-10-13 17:41:52 -07:00
Eric Chiang
691476b477 storage/kubernetes: manage third party resources and drop support for 1.3 2016-10-13 17:41:52 -07:00
Eric Chiang
f37836490b Merge pull request #603 from ericchiang/dev-add-license-and-developer-certificate-of-origin
dev branch: add DCO and LICENSE
2016-10-13 11:59:14 -07:00
Eric Chiang
63179e319a *: add DCO and LICENSE 2016-10-13 11:33:32 -07:00
Eric Chiang
5bec61d73f Merge pull request #602 from ericchiang/dev-add-garbage-collect-method-to-storage
dev branch: add garbage collect method to storage
2016-10-12 22:08:53 -07:00
Eric Chiang
449f34ed2a storage/sql: print error before calling t.Fatal 2016-10-12 22:00:08 -07:00
Eric Chiang
4296604f11 {cmd,server}: move garbage collection logic to server 2016-10-12 21:50:20 -07:00
Eric Chiang
3e20a080fe server: fix auth request expiry 2016-10-12 18:51:13 -07:00
Eric Chiang
558059ee58 storage/kubernetes: add garbage collection method 2016-10-12 18:48:23 -07:00
Eric Chiang
9ce05ecf73 storage/sql: add garbage collection method 2016-10-12 18:48:09 -07:00
Eric Chiang
c14ab3c44e storage/memory: add garbage collection method 2016-10-12 18:47:47 -07:00
Eric Chiang
d27f5e411f storage/conformance: add garbage collection tests 2016-10-12 18:47:15 -07:00
Eric Chiang
df6cfa0b7a storage: add GC method to interface to standardize handling 2016-10-12 18:46:10 -07:00
Eric Chiang
13554ee735 Merge pull request #601 from ericchiang/dev-allow-extra-space-in-scopes
server: allow extra spaces in scopes
2016-10-12 15:39:22 -07:00
Eric Chiang
2834da443f server: allow extra spaces in scopes
go-oidc sends an extra space before the list of scopes. This is bad
but we have to support it, so we'll be more lenient and ignore
duplicated whitespace.
2016-10-12 15:37:12 -07:00
Eric Chiang
cf8801dcec Merge pull request #596 from ericchiang/dev-refreshing-with-scopes-tests
dev branch: add tests for refreshing with explicit scopes
2016-10-10 15:02:40 -07:00
Eric Chiang
ac6e419d48 server: add tests for refreshing with explicit scopes 2016-10-10 11:02:27 -07:00
Eric Chiang
0f758f11cc Merge pull request #595 from ericchiang/dev-example-app-fix-refreshing-with-google
dev branch: check if a provider supports a refresh token scope
2016-10-10 08:54:27 -07:00
Eric Chiang
fdc529ee0d cmd/example-app: check if a provider supports a refresh token scope
Some OpenID Connect providers, notably Google, don't follow the spec
and allow refresh tokens to be requested with the "offline_access"
scope. Try to determine which we're talking to by checking the
supported_scopes listed by the provider discovery.
2016-10-10 08:52:07 -07:00
Eric Chiang
1e5133a98d Documentation/proposals: add a proposal for keeping data in-sync during refreshes 2016-10-08 11:45:55 -07:00
Eric Chiang
8518c30123 Merge pull request #593 from ericchiang/dev-expose-skip-approval
dev branch: expose skip approval screen option
2016-10-07 11:56:09 -07:00
Eric Chiang
dcbe67d89c {cmd/dex,server}: expose skip approval screen option 2016-10-07 11:53:01 -07:00
Eric Chiang
b7841fb9ed Merge pull request #592 from ericchiang/fix-audience-scope
server: fix cross client scope prefix
2016-10-07 11:52:23 -07:00
Eric Chiang
6dbb5c4de6 server: fix cross client scope prefix 2016-10-07 11:40:41 -07:00
Eric Chiang
182f14fb30 Merge pull request #590 from ericchiang/dev-add-password-resource
dev branch: add a password resource for local email/password login
2016-10-06 10:41:24 -07:00
Eric Chiang
2909929b17 *: add the ability to define passwords statically 2016-10-06 10:35:54 -07:00