Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Packages Projects Releases Wiki Activity
492 commits 27 branches 73 tags 23 MiB
Commit graph

492 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eric Chiang e92b6a5908 Merge pull request #463 from ericchiang/register-on-first-login 
*: add --enable-automatic-registration flag to worker
 2016-06-17 16:41:21 -07:00
Eric Chiang 35cab93c0a *: add --enable-automatic-registration flag to worker 
For remote connectors, allow users to skip registration.
 2016-06-17 16:29:56 -07:00
bobbyrullo ce7214657c Merge pull request #468 from bobbyrullo/remove_apis 
Remove old client_resource api
 2016-06-15 15:28:30 -07:00
Bobby Rullo c9c33befb5 adminschema: fix test 
go 1.5.4 accepts just about anything as a URL, so instead just trigger
with blank URL
 2016-06-15 14:31:02 -07:00
Bobby Rullo ce421a4dab schema: gofmt the generated code. 2016-06-15 11:42:50 -07:00
Bobby Rullo 82c5c27048 schema: generator now gofmts everything. 2016-06-15 11:42:50 -07:00
Bobby Rullo 59dc4a9400 dexctl: remove api driver 
API Driver is dead: This API turns out to not be super useful, requiring
an existing client to create other clients is weird.

Long live API Driver? Let's use Dynamic Client API and the bootstrap API
to create a better API Driver! LONG LIVE API DRIVER.
 2016-06-15 11:42:50 -07:00
Bobby Rullo 8942a49702 server: remove client_resource api 
...and dependent code.
 2016-06-15 11:42:50 -07:00
Bobby Rullo adb2ccf872 test: add schema/adminschema to tests 2016-06-15 11:42:50 -07:00
Bobby Rullo 104c9761c6 schema: remove clients API 
The only thing using this AFAIK is dexctl in api_driver mode, which
no-one uses - it's a sort of weird API which requires a client to create
other clients, and gives all clients the ability to list all other
clients. So we are removing it.
 2016-06-15 11:42:50 -07:00
bobbyrullo b7e19b6e84 Merge pull request #465 from bobbyrullo/cross_client_refresh_tokens 
Cross client refresh tokens
 2016-06-14 14:15:04 -07:00
Bobby Rullo 75473b4cba refresh tokens: grant claims based on scopes 
Before,  this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.

The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.
 2016-06-14 14:14:36 -07:00
Bobby Rullo 32a1994a5e refresh tokens: store and validate scopes. 
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes
 2016-06-14 14:14:36 -07:00
Eric Chiang ea2f0a3264 Merge pull request #466 from zlabjp/update-go-oidc 
vendor: update go-oidc to add support for Azure AD
 2016-06-13 09:28:29 -07:00
Takashi Kusumi 316953d33f vendor: update go-oidc to add support for Azure AD 
Update github.com/coreos/go-oidc/ to include coreos/go-oidc#87
which adds support for Azure AD
 2016-06-13 11:03:59 +09:00
Eric Chiang 868f53228c Merge pull request #459 from burdiyan/github-templates 
Use Github templates for issues/proposals
 2016-06-10 17:00:39 -07:00
Eric Chiang ad8d5e161f Merge pull request #464 from ericchiang/genconfig-dont-hijack-package-comment 
*: don't let generated comment become package comment
 2016-06-10 17:00:02 -07:00
Eric Chiang b7674744ee *: don't let generated comment become package comment 2016-06-10 12:40:58 -07:00
bobbyrullo ae56f6de85 Merge pull request #458 from bobbyrullo/load_static_cross_clients 
Load trustedPeers in no DB mode, add x-client to example app
 2016-06-09 16:29:36 -07:00
Bobby Rullo ce14dc4368 examples, static: Add cross-client auth to example 
* add trustedPeers to a client in client.json.sample
* add optional cross client auth to example web app
* login page is now templated
 2016-06-09 16:16:10 -07:00
Eric Chiang 9739b6e966 Merge pull request #461 from burdiyan/400-better-errors-connectors 
#400 Add connector id to the registration error message
 2016-06-09 09:56:03 -07:00
Alexandr Burdiyan 24134e18ea Add connector id to the registration error message 
Right now it is not clear what connector is failing. It will be easier to debug with more specific error message.

Related to #400.
 2016-06-09 13:19:21 +02:00
Alexandr Burdiyan 09cb38577f Use Github templates for issues/proposals 
Github launched the ability to automatically populate issues and pull requests with custom templates automatically
(https://github.com/blog/2111-issue-and-pull-request-templates). This eliminates the need to have custom scripts
for populating github issues with custom templates. It should be easier for contributors to just open an issue
and not worrying about copy the template.
 2016-06-09 10:56:10 +02:00
Bobby Rullo 88142764e9 db: Don't check that trusted peers clients exist 
Checking that trusted peers exist means that you have to create clients
in a certain order, or else create all the clients, then update trusted
peers. Either way, not a great experience during setup.

The downside, of course, is that you lose validation of peer
IDs.
 2016-06-08 11:54:15 -07:00
Bobby Rullo ca18efb1fe client: load full clients w/ LoadableClient 
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.
 2016-06-08 11:31:50 -07:00
bobbyrullo a9d854e144 Merge pull request #426 from bobbyrullo/cross_client_2 
Cross client work
 2016-06-07 17:36:06 -07:00
Bobby Rullo 5939a15d10 remove DexServer 2016-06-07 17:27:06 -07:00
Bobby Rullo e71c5086ba server: CodeToken now does Cross-Client auth 2016-06-07 17:22:41 -07:00
Bobby Rullo 9b4740862c server: /auth accepts, validates X-client scopes 2016-06-07 17:16:11 -07:00
Bobby Rullo e6e04be297 integration: changes based on codegen 2016-06-07 17:16:11 -07:00
Bobby Rullo 2406c09598 workerschema: move Client.Revoke to RefreshClient 
also, RevokeClient -> RevokeClient for consistency.
 2016-06-07 17:16:11 -07:00
Bobby Rullo e1c070d84e admin: add trustedPeers bootstrap api 2016-06-07 17:16:11 -07:00
Bobby Rullo 5e9dd9f4b0 adminschema: add trustedPeers to client creation 2016-06-07 17:16:11 -07:00
Bobby Rullo f9dbc8a3d2 db, client: add data model for trusted peers 
Trusted Peers are clients that are authorized to mint tokens
for another client.
 2016-06-07 17:16:09 -07:00
bobbyrullo 546463adcc Merge pull request #457 from bobbyrullo/client_manager_tweaks 
Various client api tweaks
 2016-06-07 17:01:28 -07:00
Bobby Rullo 182e8af420 test: alphabetize tests 2016-06-07 16:47:30 -07:00
Bobby Rullo 1b4dca80d7 client: remove ClientManagerFromClients 
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
 2016-06-07 16:47:30 -07:00
Bobby Rullo a33d61c8e2 server: remove boilerplate setup code part deux 
Use the test fixture setup stuff in testutil instead.
 2016-06-07 16:47:30 -07:00
Bobby Rullo ad1d5ab253 server: remove boilerplate setup code 
Use the test fixture setup stuff in testutil instead.
 2016-06-07 16:47:29 -07:00
Bobby Rullo 8d1a6f2324 functional: test sample clients file is valid 
Also tests that it's being loaded properly (which is not the case in
NewClientManagerFromClients, which will be removed in subsequent commit)
 2016-06-07 16:47:29 -07:00
Eric Chiang 9c260c7698 Merge pull request #455 from ericchiang/update-go-versions-for-travis 
*: Update Go versions used for Travis tests and test tip
 2016-06-06 10:29:20 -07:00
Eric Chiang ca0655cbba Merge pull request #453 from kismatic/tls-example-app 
Added TLS support to the example application
 2016-06-05 09:54:37 -07:00
abrand 51659716e0 Improved error message when TLS config is specified, but listen/redirect URL are using wrong scheme 2016-06-03 20:04:13 -04:00
Eric Chiang 2362154d99 *: allow builds with development versions of Go 2016-06-03 11:19:19 -07:00
Eric Chiang 1ffb243e9a *: Update Go versions used for Travis tests and test tip 2016-06-03 10:56:03 -07:00
Eric Chiang 2d5fb0b47a Merge pull request #316 from fnordahl/issue/309-implement-connection-pooling 
connector_ldap: Implement connection pooling for LDAP connections
 2016-06-03 08:30:12 -07:00
abrand 6f98dfeb96 Added TLS support to the example application 2016-06-03 07:51:00 -04:00
Frode Nordahl 3077979a3b Functional tests for LDAP Connection Pool 2016-06-03 11:04:58 +02:00
Frode Nordahl e531dd6be5 Implement connection pooling for LDAP connections 
Fixes #309
 2016-06-03 11:04:58 +02:00
Frode Nordahl f976fa1d3b vendor: Add golang.org/x/net/context 2016-06-03 11:00:29 +02:00