k-space/dex
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,876 Commits 1 Branch 0 Tags 18 MiB
0aad109b6f
Commit Graph

92 Commits

Author SHA1 Message Date
ariary
7bc966217d sort grant type supported 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-10-06 08:29:14 -04:00
ariary
c6f6dd69e9 lint comment 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-09-15 03:58:27 -04:00
kali
1497e70225 Add parametrization of grant type supported in discovery endpoint 
Signed-off-by: ariary <ariary9.2@hotmail.fr>
 2021-09-03 05:50:59 -04:00
Alastair Houghton
cd0c24ec4d fix: add an extra endpoint to avoid refresh generating AuthRequests. 
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:42:52 +01:00
Márk Sági-Kazár
18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync 
Use constant time comparison for client secret verification
 2021-05-17 17:27:42 +02:00
Rui Yang
fe8085b886 remove client secret encryption option 
constant time compare for client secret verification will be kept

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-17 10:16:50 -04:00
Márk Sági-Kazár
94a2b3ed87
Merge pull request #2010 from flant/switch-device-token-endpoint-to-token 
fix: use /token endpoint to get tokens with device flow
 2021-05-01 13:24:55 +02:00
Márk Sági-Kazár
551229a986
Merge pull request #1846 from flant/refresh-token-expiration-policy 
feat: Add refresh token expiration and rotation settings
 2021-04-24 11:03:40 +02:00
Mark Sagi-Kazar
d1e8b085e2
feat: use embedded assets by default 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-03-22 15:44:03 +01:00
Rui Yang
2f28fc7451 default to ./web when Dir and WebFS are not set 
update WebFS doc

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang
4e569024fd use go 1.16 new package io/fs 
Unify the interface for reading web statics. Now it could read an
OS directory or get the content on live

One could use

//go:embed static
var webFiles embed.FS

anywhere and config dex server to take the file system by setting

WebConfig{WebFS: webFiles}

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang
7b50cbf0ac use pkger for embedding static contents 
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-03-20 20:05:59 +00:00
Rui Yang
1eab25f89f use web host url for asset hosting 
Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang
10e9054811 Use http.FileSystem for web assets 
Signed-off-by: Rui Yang <ryang@pivotal.io>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang
d658c24e8f add dex config flag for enabling client secret encryption 
* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-03-20 20:05:56 +00:00
m.nabokikh
3bd0e91a68 Make /device/token deprecation warning more concise 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-25 11:53:25 +04:00
m.nabokikh
9ed5cc00cf Add deprecation warning for /device/token endpoint 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-24 17:14:28 +04:00
m.nabokikh
1211a86d58 fix: use /token endpoint to get tokens with device flow 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-24 16:03:25 +04:00
Mark Sagi-Kazar
316da70545
refactor: use new health checker 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 01:29:25 +01:00
m.nabokikh
91de99d57e feat: Add refresh token expiration and rotation settings 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:37:57 +04:00
m.nabokikh
b2e9f67edc Enable unparam, prealloc, sqlclosecheck linters 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-15 19:29:13 +04:00
Márk Sági-Kazár
afba7577bb
Merge pull request #1918 from flant/log-device-flow-gc 
fix: log device flow entities GC result if no auth entities collected
 2021-01-14 18:02:20 +01:00
Maksim Nabokikh
35da73de38
chore: add frontend section to dev config (#1913) 
* chore: add frontend section to dev config

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-12 19:20:38 +01:00
m.nabokikh
30c3d78365 fix: log device flow entities GC result if no auth entities collected 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-11 12:33:10 +04:00
m.nabokikh
1d83e4749d Add gocritic 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-18 01:54:27 +04:00
Alastair Houghton
9187aa669d fix: allow Authorization header when doing CORS 
The Authorization header needs to be allowed when doing CORS because
otherwise /userinfo can't work.  It isn't one of the headers
explicitly allowed by default by Gorilla, so we have to call
handlers.AllowedHeaders() to specify it.

Issues: #1532
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2020-10-05 15:01:54 +01:00
Rui Yang
bd2234cd12 Add constructor for static key strategy 
Co-authored-by: Josh Winters <jwinter@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-10-01 15:32:23 -04:00
justin-slowik
9882ea453f better support for /device/callback redirect uris with public clients. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:06 -04:00
Justin Slowik
9c699b1028 Server integration test for Device Flow (#3) 
Extracted test cases from OAuth2Code flow tests to reuse in device flow

deviceHandler unit tests to test specific device endpoints

Include client secret as an optional parameter for standards compliance

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik
9bbdc721d5 Device flow token code exchange (#2) 
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik
0d1a0e4129 Device token api endpoint (#1) 
* Added /device/token handler with associated business logic and storage tests.

* Use crypto rand for user code

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik
6d343e059b Generates/Stores the device request and returns the device and user codes. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
techknowlogick
0a9f56527e
Add Gitea connector (#1715) 
* Add Gitea connector

* Add details to readme

* resolve lint issue
 2020-05-26 13:54:40 +02:00
Nándor István Krácser
b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector 
new connector for Atlassian Crowd
 2020-02-24 10:09:27 +01:00
Nándor István Krácser
1160649c31
Merge pull request #1621 from concourse/pr/passowrd-grant-synced 
Rework - add support for Resource Owner Password Credentials Grant
 2020-02-20 08:27:50 +01:00
Ivan Mikheykin
7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Joshua Winters
76825fef8f Make logger and prometheus optional in server config 
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
 2020-01-13 15:28:41 -05:00
Zach Brown
13be146d2a Add support for password grant #926 2020-01-10 13:18:09 -05:00
Andrew Block
92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Mark Sagi-Kazar
9bd5ae5197
Fix goimports 2019-12-18 15:53:34 +01:00
Joel Speed
97ffa21262
Create separate Google connector 2019-11-19 17:12:36 +00:00
Stephan Renatus
e1afe771cb
Merge pull request #1505 from MarcDufresne/show-login-page 
Add option to always display connector selection even if there's only one
 2019-08-07 09:23:42 +02:00
Marc-André Dufresne
0dbb642f2c
Add option to always display connector selection even if there's only one 2019-08-06 13:18:46 -04:00
Marc-André Dufresne
d458e882aa
Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
Stephan Renatus
d9487e553b
*: fix some lint issues 
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-30 11:29:08 +02:00
Maarten den Braber
a8d059a237 Add userinfo endpoint 
Co-authored-by: Yuxing Li <360983+jackielii@users.noreply.github.com>
Co-authored-by: Francisco Santiago <1737357+fjbsantiago@users.noreply.github.com>
 2019-06-05 22:11:21 +02:00
Benoit Sigoure
d6ad67a6de server: add metrics for CORS handlers. 2019-04-19 14:32:52 -07:00
Mark Sagi-Kazar
d1c8f8d095
Remove structured logging from the logger interface 2019-02-22 21:26:30 +01:00
Mark Sagi-Kazar
be581fa7ff
Add logger interface and stop relying on Logrus directly 2019-02-22 13:38:57 +01:00
Eric Chiang
8935a1479c server: update health check endpoint to query storage periodically 
Instead of querying the storage every time a health check is performed
query it periodically and save the result.
 2019-02-04 19:02:41 +00:00