This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
dex/server
Rui Yang d658c24e8f add dex config flag for enabling client secret encryption
* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-03-20 20:05:56 +00:00
..
internal regenerate protobuf code 2019-07-31 08:16:18 +02:00
api.go Allow public clients created with API to have no client_secret (#1871) 2021-02-19 10:18:54 +01:00
api_test.go spelling: including 2020-12-19 22:53:26 -05:00
deviceflowhandlers.go Merge pull request #1946 from flant/prealloc-unparam-sqlclosecheck 2021-02-10 13:24:47 +01:00
deviceflowhandlers_test.go Add gocritic 2020-10-18 01:54:27 +04:00
doc.go initial commit 2016-07-26 15:51:24 -07:00
handlers.go add dex config flag for enabling client secret encryption 2021-03-20 20:05:56 +00:00
handlers_test.go refactor: use new health checker 2021-02-11 01:29:25 +01:00
oauth2.go Merge pull request #1773 from faro-oss/faro-upstream/add-c_hash-to-id_token 2021-02-10 16:12:54 +01:00
oauth2_test.go Use constants in errors 2021-01-18 14:54:43 +04:00
rotation.go spelling: signatures 2020-12-19 22:53:29 -05:00
rotation_test.go spelling: rotator 2020-12-19 22:53:29 -05:00
server.go add dex config flag for enabling client secret encryption 2021-03-20 20:05:56 +00:00
server_test.go add dex config flag for enabling client secret encryption 2021-03-20 20:05:56 +00:00
templates.go Make dark theme even darker, add fallback for legacy themes 2020-12-22 11:07:28 +04:00
templates_test.go Fix templates with asset paths that point to external URL 2020-07-06 12:02:39 +04:00