k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,394 Commits 1 Branch 0 Tags
0f9e2888ab65c5b18c4881eaeeb7e38d997e1d92
Commit Graph

1394 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Sagi-Kazar
af9dfd4a29 Remove copypasta dependency 2020-06-30 13:12:36 +02:00
Mark Sagi-Kazar
dad8d6d687 Add separate module for the api package 2020-06-30 13:11:06 +02:00
Stephen Augustus
e1a45ba33e Merge pull request #1738 from justaugustus/augustus 
MAINTAINERS: Add Stephen Augustus (@justaugustus)
 2020-06-25 15:25:11 -04:00
Stephen Augustus
e151af1b44 MAINTAINERS: Add Stephen Augustus (justaugustus) 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-06-25 13:59:17 -04:00
Stephen Augustus
de871b3f8a MAINTAINERS: Alpha-sort maintainers 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-06-25 13:16:41 -04:00
Joel Speed
9d7e472c63 Merge pull request #1720 from candlerb/fix-google 
Allow the "google" connector to work without a service account
 2020-06-19 17:10:23 +01:00
Márk Sági-Kazár
2ca992e9b3 Merge pull request #1721 from candlerb/fix-token-comment 
Fix comment for implicit flow
 2020-05-31 21:54:31 +02:00
techknowlogick
0a9f56527e Add Gitea connector (#1715) 
* Add Gitea connector

* Add details to readme

* resolve lint issue
 2020-05-26 13:54:40 +02:00
Brian Candler
442d3de11d Allow the "google" connector to work without a service account 
Fixes #1718
 2020-05-22 09:24:26 +00:00
Brian Candler
d2c9305e0f Fix comment for implicit flow 2020-05-21 12:00:53 +01:00
Márk Sági-Kazár
709d4169d6 Merge pull request #1694 from flant/fix-openshift-root-ca 
Fix OpenShift connector rootCA option
 2020-05-12 13:55:45 +02:00
Márk Sági-Kazár
ba723caa0a Merge pull request #1704 from srenatus/sr/saml/filter-allowed-groups 
connector/saml: add 'FilterGroups' setting
 2020-05-12 13:40:29 +02:00
Márk Sági-Kazár
c0dfeb7068 Merge pull request #1692 from flant/oidc-icon 
Add icon for OIDC provider
 2020-05-12 13:39:53 +02:00
m.nabokikh
47b0d33142 Add icon for OIDC provider 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-05-12 15:33:15 +04:00
m.nabokikh
521aa0802f Fix OpenShift connector rootCA option 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-05-12 15:31:27 +04:00
Stephan Renatus
4a0feaf589 connector/saml: add 'FilterGroups' setting 
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2020-05-12 13:29:05 +02:00
poh chiat
d87cf1c924 create github oauthconfig with redirecturl (#1700) 2020-05-12 13:23:00 +02:00
Márk Sági-Kazár
336e284a46 Merge pull request #1701 from tkleczek/static_client_secret_fix 
allow no secret for static public clients
 2020-05-12 13:07:46 +02:00
Tomasz Kleczek
c830d49884 allow no secret for static public clients 
For statically-configured public clients it should be allowed for both
Secret and SecretEnv fields to be empty.
 2020-05-05 17:09:09 +02:00
Martijn
0a85a97ba9 Allow preferred_username claim to be set for Crowd connector (#1684) 
* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
 2020-04-23 20:14:15 +02:00
Mattias Sjöström
cd054c71af Documentation: Fix typo and add specification in openshift connector doc (#1687) 
Serviceaccount annotation in oc patch instruction was malformed. Format
specification of Client ID for a Service Account was missing.
 2020-04-14 08:55:51 +02:00
Márk Sági-Kazár
83d8853fd9 Merge pull request #1686 from kenperkins/gh-1682 
Adding slack channel to README
 2020-04-08 08:42:42 +02:00
Ken Perkins
05b8acb974 Adding slack channel to README 2020-04-07 11:03:48 -07:00
Kyle Travis
cfae2eb720 storage/kubernetes: remove shadowed ResourceVersion from Connector (#1673) 2020-04-07 11:02:44 +02:00
Ken Perkins
f6476b62f2 Added Email of Keystone to Identity (#1681) 
* Added Email of Keystone to Identity

After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.

This is useful for upstream software that uses the Email as the primary
identification.

* Removed unnecessary code from getUsers

* Changed creation of userResponse in keystone

* Fixing linter error

Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
 2020-04-06 15:40:17 +02:00
Nándor István Krácser
ebef257dcd Merge pull request #1678 from Teeed/auto_consistency_fix 
Automatic consistency fixing in case of missing refresh token in db
 2020-04-03 14:17:58 +02:00
Tadeusz Magura-Witkowski
0513ce3d6b Merge branch 'master' into auto_consistency_fix 2020-04-02 10:49:10 +02:00
Nándor István Krácser
ec57e31103 Merge pull request #1645 from JerrySunWRS/master 
Wrap Kubernetes host address in square brackets
 2020-03-27 08:35:30 +01:00
Tadeusz Magura-Witkowski
7b7e2a040d Automatic consistency fixing in case of missing refresh token in db 2020-03-25 13:43:53 +01:00
Márk Sági-Kazár
3693b74791 Merge pull request #1676 from dexidp/lint-timeout 
increase go lint timeout
 2020-03-19 16:00:56 +01:00
Nándor István Krácser
db23367150 increase go lint timeout 2020-03-19 15:50:18 +01:00
Nándor István Krácser
741bf029a1 Merge pull request #1670 from klarose/handle-refresh-no-present 
handlers: do not fail login if refresh token gone
 2020-03-19 13:44:22 +01:00
Kyle Larose
ab5ea03025 handlers: do not fail login if refresh token gone 
There is a chance that offline storage could fall out of sync with the
refresh token tables. One example is if dex crashes/is stopped in the
middle of handling a login request. If the old refresh token associated
with the offline session is deleted, and then the process stops, the
offline session will still refer to the old token.

Unfortunately, if this case occurs, there is no way to recover from it,
since further logins will be halted due to dex being unable to clean up
the old tokens till referenced in the offline session: the database is
essentially corrupted.

There doesn't seem to be a good reason to fail the auth request if the
old refresh token is gone. This changes the logic in `handleAuthCode` to
not fail the entire transaction if the old refresh token could not be
deleted because it was not present. This has the effect of installing
the new refresh token, and unpdating the offline storage, thereby fixing
the issue, however it occured.
 2020-03-18 12:56:37 -04:00
Nándor István Krácser
277272502b Merge pull request #1674 from dexidp/githubci-mysql 
ci: add mysql service
 2020-03-18 15:01:57 +01:00
Nandor Kracser
8ab1ea9334 ci: add mysql service 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2020-03-18 11:58:41 +01:00
Nándor István Krácser
d820fd45d8 Merge pull request #1664 from lhotrifork/static-client-env-vars 
storage/static.go: expand environment variables in client ID and secret
 2020-03-03 11:05:08 +01:00
Yann Soubeyrand
99c3ec6820 Add ability to set ID and Secret from environment variables for static clients 
Having ID and Secret in clear inside configuration files for static
clients is not ideal. This commit allows setting these from environment
variables.

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@gmx.fr>
 2020-03-03 08:27:13 +01:00
Joel Speed
30ea963bb6 Merge pull request #1656 from taxibeat/oidc-prompt-type 
Make prompt configurable for oidc offline_access
 2020-02-28 10:56:13 +00:00
Nándor István Krácser
b7cf701032 Merge pull request #1515 from flant/atlassian-crowd-connector 
new connector for Atlassian Crowd
 2020-02-24 10:09:27 +01:00
Nándor István Krácser
2bd4886517 Merge pull request #1661 from sabre1041/openshift-connector-mail 
Setting email for OpenShift connector
 2020-02-21 17:02:50 +01:00
Andrew Block
76bb453ff3 Setting email for OpenShift connector 2020-02-21 16:53:46 +01:00
Márk Sági-Kazár
b9787d48ac Merge pull request #1660 from dexidp/checkout-v2 
ci: use checkout@v2
 2020-02-21 16:16:22 +01:00
Nándor István Krácser
fab0da7b69 ci: use checkout@v2 2020-02-21 15:53:13 +01:00
Nándor István Krácser
edd3a40141 Merge pull request #1659 from dexidp/sql-specific-migrations 
storage/sql: allow specifying sql flavor specific migrations
 2020-02-21 14:47:14 +01:00
Nandor Kracser
c7e9960c7e storage/mysql: increase auth_request.state length to 4096 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2020-02-21 12:53:18 +01:00
Nandor Kracser
80749ffd3f storage/sql: allow specifying sql flavor specific migrations 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2020-02-21 12:53:18 +01:00
Nándor István Krácser
1160649c31 Merge pull request #1621 from concourse/pr/passowrd-grant-synced 
Rework - add support for Resource Owner Password Credentials Grant
 2020-02-20 08:27:50 +01:00
Chris Loukas
d33a76fa19 Make prompt configurable for oidc offline_access 2020-02-19 16:10:28 +02:00
Nándor István Krácser
f17fa67715 Merge pull request #1653 from sdarwin/doc-dex-healthz 
update doc regarding health check
 2020-02-19 12:44:17 +01:00
Nándor István Krácser
0f8c4db9f6 Merge pull request #1650 from sdarwin/k8s-doc 
update kubernetes.md document
 2020-02-18 10:18:10 +01:00