Commit Graph

312 Commits

Author SHA1 Message Date
Mark Sagi-Kazar
261adee26b
fix(connector/google): make admin email optional for default creds
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-10-04 09:07:37 +02:00
Mark Sagi-Kazar
19b3aab323
Revert "fix: check for no serviceAccountFilePath and no email (#2679)"
This reverts commit 49477729ce.

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-10-04 09:07:30 +02:00
Bob Callaway
49477729ce
fix: check for no serviceAccountFilePath and no email (#2679)
Signed-off-by: Bob Callaway <bcallaway@google.com>
2022-09-28 19:59:28 +02:00
Erwin van Eyk
d96f384f2a
Reduce HTTP client creations in the Keystone connector (#2659)
Signed-off-by: erwinvaneyk <erwinvaneyk@gmail.com>
2022-09-24 01:02:02 +04:00
Hoang Quoc Trung
a1a3ed5b25
Implement Application Default Credentials for the google connector (#2530)
Signed-off-by: Trung <trung.hoang@pricehubble.com>
2022-09-07 15:56:56 +04:00
Marcelo Clavel
29b3523e07
feat(connector/authproxy): support multiple groups (#2643)
Signed-off-by: Marcelo Clavel <mclavel00@gmail.com>
2022-09-01 15:46:24 +04:00
Joost Buskermolen
72dd3c60c0
fix: Fallback when group claim is a string instead of an array of strings (#2639)
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
Co-authored-by: Michiel van Pouderoijen <michiel@pouderoijen.nl>
2022-08-25 11:55:30 +03:00
Bob Callaway
e1a407830d
add config to explicitly set scopes for microsoft connector (#2582)
Signed-off-by: Bob Callaway <bcallaway@google.com>
2022-07-27 19:03:29 +03:00
Joe Knight
27c25d00be
Add domainHint parameter to Microsoft Connector (#2586)
Signed-off-by: Joe Knight <josephtknight@users.noreply.github.com>
2022-07-25 23:12:55 +04:00
dhaus67
100246328b
Use GitLab's refresh_token during Refresh. (#2352)
Signed-off-by: Daniel Haus <dhaus@redhat.com>
2022-07-20 13:16:12 +04:00
Mark Sagi-Kazar
a02f2e8fac
chore: fix lint violations
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-05-25 11:17:34 +02:00
Anthony Brandelli
5fe1647fc7 Fix issues to make the linter happy
Signed-off-by: Anthony Brandelli <abrandel@cisco.com>
2022-05-19 22:35:05 -06:00
Anthony Brandelli
7c335e9337 Add support for IDPs that do not send ID tokens in the reply when using a refresh grant. Add tests for the aforementioned functionality.
Signed-off-by: Anthony Brandelli <abrandel@cisco.com>
2022-05-19 22:13:10 -06:00
Maksim Nabokikh
9cd29bdee0
Merge pull request #2511 from Blorpy/remove_hd_oidc
Remove google specific hd / hosted domain claim config from oidc connector
2022-05-13 07:48:14 +04:00
Maksim Nabokikh
997ec94a4a
Merge pull request #2483 from tsl0922/master
Add numeric user ID support for oauth connector
2022-05-11 14:58:58 +04:00
Anthony Brandelli
f07a58a7f1 Remove google specific hd / hosted domain claim config
Signed-off-by: Anthony Brandelli <abrandel@cisco.com>
2022-05-06 13:54:19 -06:00
Shuanglei Tao
691f8be785 Fix unparam lint error in oauth_test
Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>
2022-05-05 16:03:53 +08:00
Maksim Nabokikh
453504c450
Merge pull request #2430 from dhaus67/openshift-connector-system-root-cas
Create setting to allow to trust the system root CAs
2022-05-05 11:37:25 +04:00
Shuanglei Tao
7b75e1e0cc Add numeric user ID support for oauth connector
Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>
2022-04-22 23:18:26 +08:00
techknowlogick
1067641e53 Feature: groups in Gitea
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
2022-04-19 16:58:05 -04:00
Daniel Haus
4088d4f897
Remove external setting, enable injection of HTTP client to config.
Signed-off-by: Daniel Haus <dhaus@redhat.com>
2022-04-12 17:38:59 +02:00
Daniel Haus
2b262ff5d6
Create setting to allow to trust the system root CAs
Previously, when rootCA was set, the trusted system root CAs were ignored. Now, allow for both being able to be configured and used

Signed-off-by: Daniel Haus <dhaus@redhat.com>
2022-04-12 17:38:58 +02:00
Engin Diri
5d9d68106a
feat: Add acr_values support for OIDC
Signed-off-by: Engin Diri <engin.diri@mail.schwarz>
2022-03-05 09:25:27 +01:00
Maksim Nabokikh
5f9abc5be8
Merge pull request #2371 from seuf/authproxy-groups-configuration
Allow configuration of returned groups via authproxy connector
2022-03-04 00:44:56 +04:00
Maksim Nabokikh
5b0cb0704a
Merge pull request #2342 from dhaus67/refresh-token-openshift-connector
Add support for RefreshConnector for openshift connector.
2022-03-02 11:46:21 +04:00
seuf
4ee9658dfe [authproxy] Allow configuration of returned groups
Via HTTP Header if present and with manually configured staticGroups in authproxy connector

Signed-off-by: seuf <seuf76@gmail.com>
2022-01-31 10:36:54 +01:00
Rahul M Chheda
2bc4ad6b56 [fix] Replace /teams API w/ /workspaces endpoints
Signed-off-by: Rahul M Chheda <rahul.chheda@accurics.com>
2022-01-27 14:08:48 +05:30
Happy2C0de
419db81c67 Remove overrideWithMissingCustomEmailClaim
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Happy2C0de
55605751f5 Add overrideWithMissingCustomEmailClaim test
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Happy2C0de
b28098dde8 Revert querying preferrredUsernameKey
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Happy2C0de
1608b473eb Remove false failed errors.
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Happy2C0de
2b6bb1997c Revert ClaimMapping struct
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Happy2C0de
14a0aecc81 Move claimMapping.enforce to overrideClaimMapping
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Happy2C0de
45143c98b3 Add claimMapping enforcement
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
2022-01-19 13:38:09 +01:00
Maksim Nabokikh
9d3471e39b
Merge pull request #2026 from flant/ldap-groups-user-matcher-warning
chore: warning about deprecated LDAP groupSearch fields
2021-12-11 13:26:30 +04:00
Daniel Haus
6256b863b0
Fix linting issues.
Signed-off-by: Daniel Haus <dhaus@redhat.com>
2021-12-06 13:28:25 +01:00
Daniel Haus
6d55fe1c80
Add support for refresh tokens for openshift connector.
Signed-off-by: Daniel Haus <dhaus@redhat.com>
2021-12-03 16:38:56 +01:00
Rui Yang
539e08ba50 small refactors and cleanup
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-12-01 12:45:25 -05:00
Rui Yang
8b865169bd fix minor compilation error for group claim
us 'os' insteak of 'io/ioutil'

Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-11-17 17:58:34 -05:00
Vlad Safronov
7c80e44caf Add a test case
Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
2021-11-17 15:06:54 -05:00
Vlad Safronov
45932bd38a skymarshal: behaviour: Handle groups as maps
There are cases when groups are represented as a list
of maps, not strings e.g. "groups":[{"id":"1",
"name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups
represented as a list of maps.

concourse/dex#23

Signed-off-by: Vlad Safronov <vladislav.safronov@oracle.com>
2021-11-17 15:06:54 -05:00
Rui Yang
f980d3e0a7 cleanup and optimization
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-11-17 15:06:54 -05:00
Rui Yang
8ea121b45a move oauth connector doc to dex website repo
move default key values configure to connector construct function

Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-11-17 15:06:54 -05:00
Rui Yang
02860da8b6 use claim mappings when retrieving user identity
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-11-17 15:06:54 -05:00
Rui Yang
60b8875780 use testify in oauth tests
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-11-17 15:06:54 -05:00
Rui Yang
9952851cc4 add configurable preferred_username key
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-11-17 15:06:54 -05:00
Rui Yang
930b331a5b use PreferredUsername
Signed-off-by: Rui Yang <ryang@pivotal.io>
2021-11-17 15:06:53 -05:00
Josh Winters
a087c05ebf Make oauth user name and user id configurable
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
2021-11-17 15:06:53 -05:00
Joshua Winters
9284ffb8c0 Add generic oauth connector
Co-authored-by: Shash Reddy <sreddy@pivotal.io>
Signed-off-by: Joshua Winters <jwinters@pivotal.io>
2021-11-17 15:06:53 -05:00
Matt Hoey
ee5b5b25bd Resolves #2111 Option to fetch transitive group membership
Signed-off-by: Matt Hoey <matt.hoey@missionlane.com>
2021-10-17 12:48:22 -07:00