k-space
/
dex
Archived
9
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
2,248 Commits 1 Branch 0 Tags 18 MiB
Commit Graph

330 Commits

Author SHA1 Message Date
m.nabokikh 4b5f1d5289 fix: refresh token only once for all concurrent requests 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-10-02 23:37:27 +02:00
Bob Callaway 793bcc4b61
address review comments 
Signed-off-by: Bob Callaway <bcallaway@google.com>
 2022-09-26 15:16:18 -04:00
Bob Callaway cf3b19a952
Merge remote-tracking branch 'upstream/master' into advisory-fix-1 
Signed-off-by: Bob Callaway <bcallaway@google.com>
 2022-09-26 15:15:58 -04:00
Bob Callaway fcfbb1ecb0 Add HMAC protection on /approval endpoint 
Signed-off-by: Bob Callaway <bcallaway@google.com>
 2022-07-29 19:45:18 -04:00
Bob Callaway 83e2df821e
add PKCE support to device code flow (#2575) 
Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>
 2022-07-27 19:02:18 +03:00
Márk Sági-Kazár 1cc26fab2f
Merge pull request #2468 from flant/cwe-79-device-code 
fix: prevent cross-site scripting for the device flow
 2022-06-30 22:52:33 +03:00
Bob Callaway 6eeba947f1 Merge remote-tracking branch 'upstream/master' into issue2289 2022-05-30 11:52:05 -04:00
Shivansh Vij 65592d0b5a
Updating test cases 
Fixes https://github.com/dexidp/dex/issues/2537

Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
 2022-05-26 15:54:54 -04:00
Shivansh Vij cbf158bcc0
Fixes https://github.com/dexidp/dex/issues/2537 
Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
 2022-05-26 15:49:49 -04:00
m.nabokikh bdfb10137a Add the comment about groups request notification 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-05-25 17:50:12 +04:00
m.nabokikh 3d5a3befb4 fix: prevent cross-site scripting for the device flow 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-05-20 18:26:49 +04:00
m.nabokikh ad89e01676 fix: log only errors on refreshing 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-04-15 10:54:43 +04:00
m.nabokikh 57e9611ff6 fix: Implicit Grant discovery 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-03-08 16:16:25 +04:00
Mark Sagi-Kazar 79721196a8
fix(server): wrap credentials in the correct Dial option 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-12-19 15:41:15 +01:00
Stephen Augustus 243661155e
server: grpc.WithInsecure is now insecure.NewCredentials() 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-12-17 19:39:03 -05:00
Maksim Nabokikh 9d3471e39b
Merge pull request #2026 from flant/ldap-groups-user-matcher-warning 
chore: warning about deprecated LDAP groupSearch fields
 2021-12-11 13:26:30 +04:00
Maksim Nabokikh ac02fb04cf
Merge pull request #2344 from flant/invalid_grant_claim_another_client 
fix: return invalid_grant error on claiming token of another client
 2021-12-08 17:30:52 +04:00
Maksim Nabokikh ca615f7ad7 Update server/refreshhandlers.go 
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-12-08 09:13:24 +04:00
m.nabokikh 578cb05f7b fix: return invalid_grant error on claiming token of another client 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-12-05 23:45:52 +04:00
Joshua Winters 9284ffb8c0 Add generic oauth connector 
Co-authored-by: Shash Reddy <sreddy@pivotal.io>
Signed-off-by: Joshua Winters <jwinters@pivotal.io>
 2021-11-17 15:06:53 -05:00
copperyp 5854dd192d using path.Join replace filepath.Join 
Signed-off-by: copperyp <copperyp@gmail.com>
 2021-10-27 14:44:26 +08:00
copperyp a1c1076137 fix web static file path slash error for win platform 
Signed-off-by: copperyp <copperyp@gmail.com>
 2021-10-23 12:13:55 +08:00
Maksim Nabokikh 84b241721e
Merge pull request #2300 from flant/do-not-update-offline-session-last-time 
fix: do not update offlinesession lastUsed field if refresh token was not updated
 2021-10-21 20:23:45 +04:00
Márk Sági-Kazár 18311aa44d
Merge pull request #2234 from enj/enj/i/password_grant_access_token 
Return valid JWT access token from password grant
 2021-10-21 17:42:33 +02:00
m.nabokikh 9fad0602ec fix: do not update offlinesession lastUsed field if refresh token was not change 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-10-19 01:16:34 +04:00
Bob Callaway 2e0041f95f ensure template does not double-escape URL 
Signed-off-by: Bob Callaway <bob.callaway@gmail.com>
 2021-10-06 10:16:55 -04:00
Márk Sági-Kazár 67ba7a1c70
Merge pull request #2265 from ariary/master 
Add parametrization of grant type supported in discovery endpoint
 2021-10-06 15:54:17 +02:00
ariary 7bc966217d sort grant type supported 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-10-06 08:29:14 -04:00
Bob Callaway 8fd69c16f5 correctly handle path escaping for connector IDs 
Signed-off-by: Bob Callaway <bob.callaway@gmail.com>
 2021-10-01 16:04:34 -04:00
Eng Zer Jun f0186ff265
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-09-17 14:12:39 +08:00
ariary c6f6dd69e9 lint comment 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-09-15 03:58:27 -04:00
kali 1497e70225 Add parametrization of grant type supported in discovery endpoint 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-09-03 05:50:59 -04:00
Monis Khan 3009ae3b5d
Return valid JWT access token from password grant 
This change updates the password grant handler to issue a valid JWT
access token instead of just returning a random value as the access
token.  This makes it possible to use the access token against the
user info endpoint.

Signed-off-by: Monis Khan <i@monis.app>
 2021-08-11 14:57:58 -04:00
Maksim Nabokikh 3fac2ab6bc
Merge pull request #1862 from tkleczek/fix-rfc-errors 
Improve auth flow error handling
 2021-08-03 00:34:54 +04:00
Tomasz Kleczek 4ffaa60d21 Improve auth flow error handling 
Signed-off-by: Tomasz Kleczek <tomasz.kleczek@gmail.com>
 2021-07-21 09:33:39 +02:00
Henning 138364ceeb
handlePasswordGrant: insert connectorData into OfflineSession (#2199) 
* handlePasswordGrant: insert connectorData into OfflineSession

This change will insert the ConnectorData from the initial Login
into the OfflineSession, as already done in handlePasswordLogin.

Signed-off-by: Henning Surmeier <h.surmeier@mittwald.de>
 2021-07-21 00:05:35 +04:00
Mark Sagi-Kazar ceb4324c18
test: quick fix flaky test 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-06-28 23:30:14 +02:00
Márk Sági-Kazár f6904c38ef
Merge pull request #1865 from WorldProgrammingLtd/fix-1849 
fix: defer creation of auth request.
 2021-06-25 19:05:41 +02:00
m.nabokikh 21a01ee811 Add sprig v3 functions to web templates 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-06-02 11:11:45 +04:00
m.nabokikh 4b54433ec2 Bump golag-ci lint version to 1.40.1 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-27 19:27:06 +04:00
Mark Sagi-Kazar 0bef10ef80
chore(deps): update gosundheit 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-05-26 14:50:35 +02:00
m.nabokikh dea1d3383c Deprecation warning log message 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-24 19:40:28 +04:00
Alastair Houghton cd0c24ec4d fix: add an extra endpoint to avoid refresh generating AuthRequests. 
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:42:52 +01:00
Alastair Houghton 030a6459d6 fix: reinstate TestHandleAuthCode. 
Reinstating this test as it shouldn't have been removed.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:30 +01:00
Alastair Houghton 88025b3d7c fix: remove some additional dependencies. 
Accidentally added some of these back during merge.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:30 +01:00
Alastair Houghton 0284a4c3c9 fix: back link on password page needs to be explicit. 
The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details.  Fix this by using an explicit URL
instead.

Fixes #1851

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:30 +01:00
Alastair Houghton cdbb5dd94d fix: defer creation of auth request. 
Rather than creating the auth request when the user hits /auth, pass
the arguments through to /auth/{connector} and have the auth request
created there.  This prevents a database error when using the "Select
another login method" link, and also avoids a few other error cases.

Fixes #1849, #646.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:23 +01:00
Maksim Nabokikh 20875c972e
Discard package "version" (#2107) 
* Discard package "version"

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Inject api version

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Pass version arg to the dex API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-18 00:55:24 +02:00
Márk Sági-Kazár 18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync 
Use constant time comparison for client secret verification
 2021-05-17 17:27:42 +02:00
Rui Yang fe8085b886 remove client secret encryption option 
constant time compare for client secret verification will be kept

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-17 10:16:50 -04:00