Rubén Soleto Buenvarón
c91b37aa9e
refresh token rotation
...
Update refresh token flow to revoke old refresh token and generates a new one.
Fixes #519
2016-08-16 08:05:01 +02:00
Jeremy Whitlock
27b80cbca8
connector: add uaa connector
...
This commit adds support for dex to authenticate users from a
CloudFoundry User Account and Authentication (UAA) Server.
Fixes : #538
2016-08-10 16:04:39 -06:00
Eric Chiang
b02a3a3163
*: add "groups" scope
2016-07-19 11:23:04 -07:00
Bobby Rullo
b80dbc8975
server: support out-of-band auth flow
...
When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to
an internal dex page where the user is shown the code and instructed to
paste it into their app.
2016-06-20 17:03:13 -07:00
Bobby Rullo
cdcf08066d
client, server: public client restrictions
...
* disallow ClientCreds for public clients
* clients can only redirect to localhost or OOB
2016-06-20 17:03:12 -07:00
Bobby Rullo
4f85f3a479
server: change ClientMetadata -> Client
...
Metadata is not enough these days - we're going to need access to the
Public field as well.
2016-06-20 17:03:12 -07:00
Bobby Rullo
32a1994a5e
refresh tokens: store and validate scopes.
...
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.
This Commit:
* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
verified
* updates dependent code to pass along scopes
2016-06-14 14:14:36 -07:00
Bobby Rullo
5939a15d10
remove DexServer
2016-06-07 17:27:06 -07:00
Bobby Rullo
e71c5086ba
server: CodeToken now does Cross-Client auth
2016-06-07 17:22:41 -07:00
Bobby Rullo
9b4740862c
server: /auth accepts, validates X-client scopes
2016-06-07 17:16:11 -07:00
Bobby Rullo
847849931f
Revert "Fix response_type missing param"
...
This reverts commit 821b242c83
.
2016-05-17 13:49:14 -07:00
Rubén Soleto Buenvarón
821b242c83
Fix response_type missing param
...
This commit fix problem with response_type param, which is required according to OIDC spec, when it is missing.
At now, when connector_id url query param is not set, connector view use response_type that client request instead of default "code".
Fixes #370
2016-03-17 08:00:49 +01:00
Eric Chiang
c3aa6a1ee3
server: correctly decode oauth2 basic auth credentials
...
Fixes #336
2016-03-02 21:31:54 -08:00
Eric Chiang
af790e46bb
Merge pull request #267 from ericchiang/metadata
...
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
04cd1851aa
server: add dynamic client registration
2016-02-01 16:06:46 -08:00
Frode Nordahl
5d284e08ae
Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
...
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.
If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.
When using 302 the HTTP client will issue a GET request.
Fixes #287
2016-01-23 22:33:53 +01:00
Eric Chiang
5e44b6bc27
*: update all to accommodate changes to go-oidc
...
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Bobby Rullo
dc828825e6
server: better UX when remote ID already exists
...
Instead of cryptic message with nowhere to, give them the choice to
login with that account or register.
2015-12-23 17:11:03 -08:00
Eric Chiang
f2c3dbc5e6
static, server: add styles for github and bitbucket connectors
...
Add icons and styles for github and bitbucket buttons.
2015-12-08 10:20:13 -08:00
Joe Bowers
0c854a21d6
server: endpoint and system for sending invitations to dex
...
An invitation allows users to both verify their email address and set
a new password.
2015-11-18 14:24:19 -08:00
Gyu-Ho Lee
f06073fbcd
server: use standard lib http.Request.BasicAuth
...
Go 1.4+ has https://golang.org/pkg/net/http/#Request.BasicAuth
method for http.Request and it was requested by CoreOS(kelsey) [1]
with the same functionalities. If dex's Go development is being done
in Go 1.4 or later, we should use the standard library.
Thanks!
---
[1] https://codereview.appspot.com/76540043/
2015-10-06 05:00:33 -07:00
Bobby Rullo
bf9517fdaa
server,cmd: Add flag for disabling registation
...
For situations where admins add users.
2015-09-30 16:35:58 -07:00
Giulio Iotti
472e4a02a4
*: Remove unnecessary else statements
...
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
Yifan Gu
93a0830ae0
server: check scope in requests.
...
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec
session: add 'scope' field in session.
2015-08-31 13:51:59 -07:00
Bobby Rullo
66fe201c24
*: move original project to dex
2015-08-18 11:26:57 -07:00