mystiq/dex - Forgejo: Beyond coding. We forge.

mystiq/dex

Archived

Author	SHA1	Message	Date
Joel Speed	19ad7daa7f	Use old ConnectorData before session.ConnectorData	2019-11-19 15:43:19 +00:00
Joel Speed	45a40a13a3	Revert "Update Kubernetes storage backend" This reverts commit 228bdc324877bf67ecdd434503b9c1b25d8e7d28.	2019-11-19 15:43:18 +00:00
Joel Speed	236b25b68e	Revert "Fix ETCD storage backend"	2019-11-19 15:43:17 +00:00
Joel Speed	41b7c855d0	Revert "Update conformance" This reverts commit 9c7ceabe8aebf6c740c237c5e76c21397179f901.	2019-11-19 15:43:16 +00:00
Joel Speed	9ce4393156	Revert "Update SQL storage backend"	2019-11-19 15:43:15 +00:00
Joel Speed	176ba709a4	Revert "Remove connectordata from other structs" This reverts commit 27f33516db343bd79b56a47ecef0fe514a35082d.	2019-11-19 15:43:14 +00:00
Joel Speed	fea048b3e8	Fix SQL updater func	2019-11-19 15:43:13 +00:00
Joel Speed	d38909831c	Fix migration in SQL connector I didn't realise quite what the migration mechanism was. Have understood it now.	2019-11-19 15:43:13 +00:00
Joel Speed	433bb2afec	Remove duplicate code	2019-11-19 15:43:12 +00:00
Joel Speed	4076eed17b	Build opts based on scope	2019-11-19 15:43:11 +00:00
Joel Speed	80995dff9b	Fix SQL storage	2019-11-19 15:43:10 +00:00
Joel Speed	b9b315dd64	Fix conformance tests	2019-11-19 15:43:09 +00:00
Joel Speed	7a76c767fe	Update Kubernetes storage backend	2019-11-19 15:43:08 +00:00
Joel Speed	c54f1656c7	Fix ETCD storage backend	2019-11-19 15:43:07 +00:00
Joel Speed	c789c5808e	Update conformance	2019-11-19 15:43:06 +00:00
Joel Speed	7fc3f230df	Update SQL storage backend	2019-11-19 15:43:05 +00:00
Joel Speed	0857a0fe09	Implement refresh in OIDC connector This has added the access=offline parameter and prompt=consent parameter to the initial request, this works with google, assuming other providers will ignore the prompt parameter	2019-11-19 15:43:04 +00:00
Joel Speed	5c88713177	Remove connectordata from other structs	2019-11-19 15:43:03 +00:00
Joel Speed	0352258093	Update handleRefreshToken logic	2019-11-19 15:43:01 +00:00
Joel Speed	575c792156	Store most recent refresh token in offline sessions	2019-11-19 15:40:56 +00:00
Nándor István Krácser	c392236f4f	Merge pull request #1586 from serhiimakogon/fix/refresh-handler preferred_username claim added on refresh token	2019-11-19 15:39:17 +01:00
serhiimakogon	b793afd375	preferred_username claim added on refresh token	2019-11-19 16:27:34 +02:00
Nándor István Krácser	b7184be3dd	Merge pull request #1569 from bhageena/master Fix spelling errors in docs	2019-11-05 10:34:40 +01:00
Nándor István Krácser	6d41541964	Merge pull request #1544 from kenperkins/saml-groups Adding support for allowed groups in SAML Connector	2019-10-30 13:28:34 +01:00
Nándor István Krácser	f2590ee07d	Merge pull request #1545 from jacksontj/getUserInfo Run getUserInfo prior to claim enforcement	2019-10-30 13:26:18 +01:00
Nándor István Krácser	d5d3abca6a	Merge pull request #1566 from dexidp/preferred_username add preffered_username to idToken	2019-10-30 13:25:23 +01:00
Nándor István Krácser	0b56a47571	Merge pull request #1558 from aijingyc/fix_readme_branch Fix URLs in curl cmd as stated in the overview doc.	2019-10-30 13:20:28 +01:00
Nándor István Krácser	799f29fdb5	Merge pull request #1571 from gosharplite/patch-1 Fix typo	2019-10-30 13:20:04 +01:00
Nándor István Krácser	a58d77a499	Merge pull request #1550 from dexidp/mysql-tx-isolation storage/mysql: support pre-5.7.20 instances with tx_isolation only	2019-10-30 13:14:43 +01:00
Nándor István Krácser	0b55f121b4	Fix missing email in log message Co-Authored-By: Felix Fontein <ff@dybuster.com>	2019-10-30 13:13:33 +01:00
Nándor István Krácser	3f8fd74185	Merge pull request #1568 from life1347/patch-1 Add note for redirect uri	2019-10-30 13:12:46 +01:00
Nandor Kracser	c1b421fa04	add preffered_username to idToken Signed-off-by: Nandor Kracser <bonifaido@gmail.com>	2019-10-30 13:06:37 +01:00
Tony Hsu	6e35f24399	Fix typo	2019-10-22 11:27:12 +08:00
Chandan Rai	efdb5de6d8	Fix spelling errors in docs	2019-10-14 18:52:40 +05:30
Ta-Ching Chen	76c76a0b39	Add note for redirect uri	2019-10-13 15:24:22 +08:00
Joel Speed	4bede5eb80	Merge pull request #1554 from yanniszark/feature-web-templates-use-relative-urls server: templates: use relative URLs to refer to assets	2019-10-03 10:49:18 +01:00
Yannis Zarkadas	69d13b766d	gitignore: add .idea folder Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>	2019-10-02 17:08:06 +03:00
Yannis Zarkadas	59beb7425f	web: change header template to use new url function Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>	2019-10-02 17:08:06 +03:00
Yannis Zarkadas	27944d4f8f	templates: add new relativeURL function Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>	2019-10-02 17:08:06 +03:00
Yannis Zarkadas	839130f01c	handlers: change all handlers to pass down http request Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>	2019-10-02 17:08:06 +03:00
j.ai	2c52c52686	Fix URLs in curl cmd as stated in the overview doc.	2019-09-27 17:45:52 -07:00
Nandor Kracser	d2c33db8a8	storage/mysql: support pre-5.7.20 instances with tx_isolation only	2019-09-23 09:36:01 +02:00
Thomas Jackson	512cb3169e	Run getUserInfo prior to claim enforcement If you have an oidc connector configured and that IDP provides thin tokens (e.g. okta) then the majority of the requested claims come in the getUserInfo call (such as email_verified). So if getUserInfo is configured it should be run before claims are validated.	2019-09-13 11:10:44 -07:00
Ken Perkins	285c1f162e	connector/saml: Adding group filtering - 4 new tests - Doc changes to use the group filtering	2019-09-10 10:53:19 -07:00
Stephan Renatus	8427f0f15c	Merge pull request #1543 from wassan128/fix-typo Fix typo	2019-09-06 08:14:29 +02:00
wassan128	42e8619830	Fix typo	2019-09-06 09:55:09 +09:00
Stephan Renatus	3b7292a08f	Merge pull request #1520 from dexidp/gitlab-groups-scope gitlab: add groups scope by default when filtering is requested	2019-09-04 12:21:57 +02:00
Joel Speed	179cce36ef	Merge pull request #1540 from stevendanna/ssd/cipher-suites Use a more conservative set of CipherSuites	2019-09-02 11:36:43 +01:00
Steven Danna	46f48b33a1	Use a more conservative set of CipherSuites The default cipher suites used by Go include a number of ciphers that have known weaknesses. In addition to leaving users open to these weaknesses, the inclusion of these weaker ciphers causes problems with various automated scanning tools. This PR disables the CBC-mode, RC4, and 3DES ciphers included in the Go standard library by passing an explicit cipher suite list. The ciphers included here are more line with those recommended by Mozilla for "Intermediate" compatibility. [0] Performance Implications The Go standard library does capability-based cipher ordering, preferring AES ciphers if the underlying hardware has AES specific instructions. [1] Since all of the relevant code is internal modules, to do the same thing ourselves would require duplicating that code. Here, I've placed AES based ciphers first. Compatibility Implications This does reduce the number of clients who will be able to communicate with dex. [0] https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&hsts=false&ocsp=false [1] `a8c2e5c6ad/src/crypto/tls/common.go (L1091)` Signed-off-by: Steven Danna <steve@chef.io>	2019-08-31 17:34:55 +01:00
Stephan Renatus	c854e760db	Merge pull request #1539 from erwinvaneyk/replace-context-import Replace x/net/context with stdlib context	2019-08-31 17:52:18 +02:00

1 2 3 4 5 ...

1069 commits