* Remove some unlikely to be used fields to help configurability.
* Combined "serverHost" and "serverPort" into "host"
* Remove "timeout" (just default to 30 seconds).
* Remove "maxIdleConn" will add it back if users feel the need
to control the number of cached connections.
* Remove "trustedEmailProvider" (just always trust).
* Remove "skipCertVerification" you can't make this connector
ingore TLS errors.
* Fix configs that don't search before bind (previously broken).
* Add more examples to Documentation
* Refactor LDAPPool Acquire() and Put() into a Do() function which
always does the flow correctly.
* Added more comments and renamed some functions.
* Moved methods on LDAPIdentityProvider to the LDAPConnector
When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to
an internal dex page where the user is shown the code and instructed to
paste it into their app.
* validation of client moved into its own method and tested
* public clients have different validation - must have no redirect URIs
and must have a clientName set
The proposal templates was not intended to be show for every issue,
only for proposal. Revert that issue template and add more general
one in a follow up commit.
This reverts commit 09cb38577f.
API Driver is dead: This API turns out to not be super useful, requiring
an existing client to create other clients is weird.
Long live API Driver? Let's use Dynamic Client API and the bootstrap API
to create a better API Driver! LONG LIVE API DRIVER.
The only thing using this AFAIK is dexctl in api_driver mode, which
no-one uses - it's a sort of weird API which requires a client to create
other clients, and gives all clients the ability to list all other
clients. So we are removing it.
Before, this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.
The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.
This Commit:
* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
verified
* updates dependent code to pass along scopes
