Commit graph

564 commits

Author SHA1 Message Date
Eric Chiang
87faa5a1f7 *: depricate --email-from flag and move to email config files 2016-06-27 23:36:07 -07:00
Eric Chiang
1cc816097a Merge pull request #486 from ericchiang/build-with-go-1-6
build with go 1.6 and actually push to quay
2016-06-27 16:41:11 -07:00
Eric Chiang
f25f882e07 build with go 1.6 and actually push to quay 2016-06-27 16:32:23 -07:00
Eric Chiang
e134d4d261 Merge pull request #484 from bobbyrullo/scope
scope: don't validate empty scopes
2016-06-24 09:58:51 -07:00
Bobby Rullo
c161c2e1c3 scope: don't validate empty scopes
If an empty scope is somehow passed along, it shouldn't be validated
when checking refresh token scope.
2016-06-24 08:31:59 -07:00
bobbyrullo
a7b860b9c2 Merge pull request #479 from bobbyrullo/specify_yer_client_creds
Allow specification of client_{id, secret} in admin api
2016-06-21 13:25:25 -07:00
Bobby Rullo
65ce2e5766 schema: update schema docs 2016-06-21 12:09:06 -07:00
Bobby Rullo
41740179af client: admin API allows user defined creds
You can specify your own client ID and secret!
2016-06-21 12:09:06 -07:00
bobbyrullo
3b8d704c9c Merge pull request #471 from bobbyrullo/native
Implement Public Clients
2016-06-20 17:03:39 -07:00
Bobby Rullo
095489d7c5 db: fix client migration test 2016-06-20 17:03:13 -07:00
Bobby Rullo
6d4336c3c8 examples: support OOB in example app. 2016-06-20 17:03:13 -07:00
Bobby Rullo
b80dbc8975 server: support out-of-band auth flow
When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to
an internal dex page where the user is shown the code and instructed to
paste it into their app.
2016-06-20 17:03:13 -07:00
Bobby Rullo
42cd59aef4 client: differentiate error vs. nil result
When calling manager.Authenticate, logs now show different error
messages.
2016-06-20 17:03:13 -07:00
Bobby Rullo
cdcf08066d client, server: public client restrictions
* disallow ClientCreds for public clients
* clients can only redirect to localhost or OOB
2016-06-20 17:03:12 -07:00
Bobby Rullo
4f85f3a479 server: change ClientMetadata -> Client
Metadata is not enough these days - we're going to need access to the
Public field as well.
2016-06-20 17:03:12 -07:00
Bobby Rullo
c0668997ae admin: create public clients with admin api 2016-06-20 17:03:12 -07:00
Bobby Rullo
ff933812f5 schema: add public clients to schema
and update docs
2016-06-20 17:03:12 -07:00
Bobby Rullo
61d3e5659e Documentation
* Start Documentation
2016-06-20 17:03:12 -07:00
Bobby Rullo
3ec692297b client: Manager.New deals with public clients
* validation of client moved into its own method and tested
* public clients have different validation - must have no redirect URIs
  and must have a clientName set
2016-06-20 17:03:12 -07:00
Bobby Rullo
09e889e7bc client: add public client to data model 2016-06-20 11:27:47 -07:00
Eric Chiang
a530cc8d7c Merge pull request #472 from ericchiang/revert-github-issue-templates
Revert "Use Github templates for issues/proposals"
2016-06-20 09:51:00 -07:00
Eric Chiang
494be28325 Revert "Use Github templates for issues/proposals"
The proposal templates was not intended to be show for every issue,
only for proposal. Revert that issue template and add more general
one in a follow up commit.

This reverts commit 09cb38577f.
2016-06-20 09:40:01 -07:00
Eric Chiang
e92b6a5908 Merge pull request #463 from ericchiang/register-on-first-login
*: add --enable-automatic-registration flag to worker
2016-06-17 16:41:21 -07:00
Eric Chiang
35cab93c0a *: add --enable-automatic-registration flag to worker
For remote connectors, allow users to skip registration.
2016-06-17 16:29:56 -07:00
bobbyrullo
ce7214657c Merge pull request #468 from bobbyrullo/remove_apis
Remove old client_resource api
2016-06-15 15:28:30 -07:00
Bobby Rullo
c9c33befb5 adminschema: fix test
go 1.5.4 accepts just about anything as a URL, so instead just trigger
with blank URL
2016-06-15 14:31:02 -07:00
Bobby Rullo
ce421a4dab schema: gofmt the generated code. 2016-06-15 11:42:50 -07:00
Bobby Rullo
82c5c27048 schema: generator now gofmts everything. 2016-06-15 11:42:50 -07:00
Bobby Rullo
59dc4a9400 dexctl: remove api driver
API Driver is dead: This API turns out to not be super useful, requiring
an existing client to create other clients is weird.

Long live API Driver? Let's use Dynamic Client API and the bootstrap API
to create a better API Driver! LONG LIVE API DRIVER.
2016-06-15 11:42:50 -07:00
Bobby Rullo
8942a49702 server: remove client_resource api
...and dependent code.
2016-06-15 11:42:50 -07:00
Bobby Rullo
adb2ccf872 test: add schema/adminschema to tests 2016-06-15 11:42:50 -07:00
Bobby Rullo
104c9761c6 schema: remove clients API
The only thing using this AFAIK is dexctl in api_driver mode, which
no-one uses - it's a sort of weird API which requires a client to create
other clients, and gives all clients the ability to list all other
clients. So we are removing it.
2016-06-15 11:42:50 -07:00
bobbyrullo
b7e19b6e84 Merge pull request #465 from bobbyrullo/cross_client_refresh_tokens
Cross client refresh tokens
2016-06-14 14:15:04 -07:00
Bobby Rullo
75473b4cba refresh tokens: grant claims based on scopes
Before,  this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.

The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.
2016-06-14 14:14:36 -07:00
Bobby Rullo
32a1994a5e refresh tokens: store and validate scopes.
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes
2016-06-14 14:14:36 -07:00
Eric Chiang
ea2f0a3264 Merge pull request #466 from zlabjp/update-go-oidc
vendor: update go-oidc to add support for Azure AD
2016-06-13 09:28:29 -07:00
Takashi Kusumi
316953d33f vendor: update go-oidc to add support for Azure AD
Update github.com/coreos/go-oidc/ to include coreos/go-oidc#87
which adds support for Azure AD
2016-06-13 11:03:59 +09:00
Eric Chiang
868f53228c Merge pull request #459 from burdiyan/github-templates
Use Github templates for issues/proposals
2016-06-10 17:00:39 -07:00
Eric Chiang
ad8d5e161f Merge pull request #464 from ericchiang/genconfig-dont-hijack-package-comment
*: don't let generated comment become package comment
2016-06-10 17:00:02 -07:00
Eric Chiang
b7674744ee *: don't let generated comment become package comment 2016-06-10 12:40:58 -07:00
bobbyrullo
ae56f6de85 Merge pull request #458 from bobbyrullo/load_static_cross_clients
Load trustedPeers in no DB mode, add x-client to example app
2016-06-09 16:29:36 -07:00
Bobby Rullo
ce14dc4368 examples, static: Add cross-client auth to example
* add trustedPeers to a client in client.json.sample
* add optional cross client auth to example web app
* login page is now templated
2016-06-09 16:16:10 -07:00
Eric Chiang
9739b6e966 Merge pull request #461 from burdiyan/400-better-errors-connectors
#400 Add connector id to the registration error message
2016-06-09 09:56:03 -07:00
Alexandr Burdiyan
24134e18ea Add connector id to the registration error message
Right now it is not clear what connector is failing. It will be easier to debug with more specific error message.

Related to #400.
2016-06-09 13:19:21 +02:00
Alexandr Burdiyan
09cb38577f Use Github templates for issues/proposals
Github launched the ability to automatically populate issues and pull requests with custom templates automatically
(https://github.com/blog/2111-issue-and-pull-request-templates). This eliminates the need to have custom scripts
for populating github issues with custom templates. It should be easier for contributors to just open an issue
and not worrying about copy the template.
2016-06-09 10:56:10 +02:00
Bobby Rullo
88142764e9 db: Don't check that trusted peers clients exist
Checking that trusted peers exist means that you have to create clients
in a certain order, or else create all the clients, then update trusted
peers. Either way, not a great experience during setup.

The downside, of course, is that you lose validation of peer
IDs.
2016-06-08 11:54:15 -07:00
Bobby Rullo
ca18efb1fe client: load full clients w/ LoadableClient
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.
2016-06-08 11:31:50 -07:00
bobbyrullo
a9d854e144 Merge pull request #426 from bobbyrullo/cross_client_2
Cross client work
2016-06-07 17:36:06 -07:00
Bobby Rullo
5939a15d10 remove DexServer 2016-06-07 17:27:06 -07:00
Bobby Rullo
e71c5086ba server: CodeToken now does Cross-Client auth 2016-06-07 17:22:41 -07:00