Nándor István Krácser
3cbba11012
Merge pull request #1610 from flant/oidc-email-scope-check
...
Adding oidc email scope check
2020-01-06 10:20:46 +01:00
m.nabokikh
383c2fe8b6
Adding oidc email scope check
...
This helps to avoid "no email claim" error if email scope was not specified.
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2019-12-28 15:28:01 +04:00
Andrew Block
d31f6eabd4
Corrected logic in group verification
2019-12-26 20:32:12 -06:00
Andrew Block
296659cb50
Reduced OpenShift scopes and enhanced documentation
2019-12-26 03:14:20 -06:00
Andrew Block
075ab0938e
Fixed formatting
2019-12-22 02:53:10 -05:00
Andrew Block
7e89d8ca24
Resolved newline issues
2019-12-22 02:27:11 -05:00
Andrew Block
02c8f85e4d
Resolved newline issues
2019-12-22 02:27:11 -05:00
Andrew Block
db7711d72a
Test cleanup
2019-12-22 02:27:10 -05:00
Andrew Block
5881a2cfca
Test cleanup
2019-12-22 02:27:10 -05:00
Andrew Block
48954ca716
Corrected test formatting
2019-12-22 02:27:09 -05:00
Andrew Block
92e63771ac
Added OpenShift connector
2019-12-22 02:27:09 -05:00
Nándor István Krácser
a901e2f204
Merge pull request #1604 from dexidp/fix-linters
...
Fix linters
2019-12-20 07:10:22 +01:00
Lars Lehtonen
8e0ae82034
connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle
2019-12-18 08:27:40 -08:00
Mark Sagi-Kazar
65c77e9db2
Fix bodyclose
2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar
2f8d1f8e42
Fix unconvert
2019-12-18 15:56:46 +01:00
Mark Sagi-Kazar
f141f2133b
Fix whitespace
2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar
9bd5ae5197
Fix goimports
2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar
367b187cf4
Fix missspell
2019-12-18 15:51:44 +01:00
Mark Sagi-Kazar
142c96c210
Fix stylecheck
2019-12-18 15:50:36 +01:00
Mark Sagi-Kazar
8c3dc0ca66
Remove unused code (fixed: unused, structcheck, deadcode linters)
2019-12-18 15:46:49 +01:00
Mark Sagi-Kazar
d2095bb2d8
Rewrite LDAP tests to use Docker
2019-12-08 20:21:28 +01:00
Nandor Kracser
a38e215891
connector/google: support group whitelisting
...
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2019-12-03 16:27:07 +01:00
Nándor István Krácser
c41035732f
Merge pull request #1434 from jacksontj/groups
...
Add option to enable groups for oidc connectors
2019-11-27 14:00:36 +01:00
Joel Speed
658a2cc477
Make directory service during init
2019-11-19 17:12:44 +00:00
Joel Speed
554870cea0
Add todo for configurable groups key
2019-11-19 17:12:43 +00:00
Joel Speed
6a9bc889b5
Update comments
2019-11-19 17:12:40 +00:00
Joel Speed
c03c98b951
Check config before getting groups
2019-11-19 17:12:39 +00:00
Joel Speed
3f55e2da72
Get groups from directory api
2019-11-19 17:12:38 +00:00
Joel Speed
36370f8f2a
No need to configure issuer
2019-11-19 17:12:37 +00:00
Joel Speed
97ffa21262
Create separate Google connector
2019-11-19 17:12:36 +00:00
Joel Speed
3156553843
OIDC: Rename refreshToken to RefreshToken
2019-11-19 15:43:25 +00:00
Joel Speed
77fcf9ad77
Use a struct for connector data within OIDC connector
2019-11-19 15:43:22 +00:00
Joel Speed
f6077083c9
Identify error as failure to retrieve refresh token
2019-11-19 15:43:21 +00:00
Joel Speed
8b344fe4d3
Fix Refresh comment
2019-11-19 15:43:20 +00:00
Joel Speed
433bb2afec
Remove duplicate code
2019-11-19 15:43:12 +00:00
Joel Speed
4076eed17b
Build opts based on scope
2019-11-19 15:43:11 +00:00
Joel Speed
0857a0fe09
Implement refresh in OIDC connector
...
This has added the access=offline parameter and prompt=consent parameter
to the initial request, this works with google, assuming other providers
will ignore the prompt parameter
2019-11-19 15:43:04 +00:00
Nándor István Krácser
6d41541964
Merge pull request #1544 from kenperkins/saml-groups
...
Adding support for allowed groups in SAML Connector
2019-10-30 13:28:34 +01:00
Nándor István Krácser
f2590ee07d
Merge pull request #1545 from jacksontj/getUserInfo
...
Run getUserInfo prior to claim enforcement
2019-10-30 13:26:18 +01:00
Nandor Kracser
c1b421fa04
add preffered_username to idToken
...
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2019-10-30 13:06:37 +01:00
Thomas Jackson
21ab30d207
Add option to enable groups for oidc connectors
...
There's been some discussion in #1065 regarding what to do about
refreshing groups. As it stands today dex doesn't update any of the
claims on refresh (groups would just be another one). The main concern
with enabling it is that group claims may change more frequently. While
we continue to wait on the upstream refresh flows, this adds an option
to enable the group claim. This is disabled by default (so no behavioral
change) but enables those that are willing to have the delay in group
claim change to use oidc IDPs.
Workaround to #1065
2019-09-13 15:50:33 -07:00
Thomas Jackson
512cb3169e
Run getUserInfo prior to claim enforcement
...
If you have an oidc connector configured *and* that IDP provides thin
tokens (e.g. okta) then the majority of the requested claims come in the
getUserInfo call (such as email_verified). So if getUserInfo is
configured it should be run before claims are validated.
2019-09-13 11:10:44 -07:00
Ken Perkins
285c1f162e
connector/saml: Adding group filtering
...
- 4 new tests
- Doc changes to use the group filtering
2019-09-10 10:53:19 -07:00
wassan128
42e8619830
Fix typo
2019-09-06 09:55:09 +09:00
Nandor Kracser
ef08ad8317
gitlab: add groups scope by default when filtering is requested
2019-08-14 13:33:46 +02:00
Stephan Renatus
d9487e553b
*: fix some lint issues
...
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-30 11:29:08 +02:00
Nandor Kracser
ff34e570b4
connector/gitlab: implement useLoginAsID as in GitHub connector
2019-07-28 19:49:49 +02:00
Maxime Desrosiers
458585008b
microsoft: option for group UUIDs instead of name and group whitelist
2019-07-25 09:14:33 -04:00
Stephan Renatus
51f50fcad8
connectors: refactor filter code into a helper package
...
I hope I didn't miss any :D
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-03 13:09:40 +02:00
Stephan Renatus
d6fad19d95
Merge pull request #1459 from flarno11/master
...
make userName configurable
2019-06-04 09:47:19 +02:00
