k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,683 Commits 1 Branch 0 Tags
20875c972ec26a58e65c07a41394311c5ffc3bf0
Commit Graph

127 Commits

Author SHA1 Message Date
Maksim Nabokikh
20875c972e Discard package "version" (#2107) 
* Discard package "version"

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Inject api version

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Pass version arg to the dex API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-18 00:55:24 +02:00
m.nabokikh
11859166d0 feat: Add ent-based sqlite3 storage 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-04-30 17:47:54 +04:00
Márk Sági-Kazár
551229a986 Merge pull request #1846 from flant/refresh-token-expiration-policy 
feat: Add refresh token expiration and rotation settings
 2021-04-24 11:03:40 +02:00
Mark Sagi-Kazar
a050f3228a feat: add DEX_FRONTEND_DIR env var for setting the frontend dir 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-03-22 15:44:05 +01:00
Maksim Nabokikh
568fc06520 Update server/refreshhandlers.go 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-03-09 09:41:41 +04:00
Mark Sagi-Kazar
24a1103f11 refactor: rename gr to group 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-25 12:33:19 +01:00
Mark Sagi-Kazar
9cffca70f2 refactor: relocate run group initialization 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-25 12:32:28 +01:00
m.nabokikh
87ebbaf834 fix: close storage on shutdown 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-12 22:31:13 +04:00
Mark Sagi-Kazar
316da70545 refactor: use new health checker 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 01:29:25 +01:00
Mark Sagi-Kazar
d77147f7cf refactor: fix router variable name 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 00:13:47 +01:00
Mark Sagi-Kazar
024f69b2c7 feat: add health check to telemetry server 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 00:13:07 +01:00
m.nabokikh
06c8ab5aa7 Fixes of naming and code style 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:37:57 +04:00
m.nabokikh
91de99d57e feat: Add refresh token expiration and rotation settings 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:37:57 +04:00
Maksim Nabokikh
6664b5702d Apply suggestions from code review 
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-05 13:16:41 +04:00
Maksim Nabokikh
65a8bf2af3 feat: graceful shutdown fixes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-26 16:45:10 +04:00
m.nabokikh
f82c217e12 feat: graceful shutdown 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-26 12:16:30 +04:00
Mark Sagi-Kazar
6742008fc2 refactor: version command 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-01-14 15:55:07 +01:00
Mark Sagi-Kazar
c55d84b5d2 feat: add flags for bind address config options 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-01-14 15:50:19 +01:00
Mark Sagi-Kazar
cdefd1f788 refactor: serve command 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-01-14 15:30:03 +01:00
Martin Heide
4cb5577e11 Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false 
Signed-off-by: Martin Heide <martin.heide@faro.com>
 2020-12-30 20:11:18 +00:00
Mark Sagi-Kazar
349832b380 Run fixer 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2020-11-03 20:52:14 +01:00
m.nabokikh
1d83e4749d Add gocritic 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-18 01:54:27 +04:00
Joel Speed
336c73c0a2 Merge pull request #1706 from justin-slowik/device_flow 
Implementing the OAuth2 Device Authorization Grant
 2020-08-28 11:35:46 +01:00
Mark Sagi-Kazar
6dadc26ca2 Move the example app to th examples folder 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2020-07-16 09:48:35 +02:00
justin-slowik
1ea2892b79 fix merge error in config.go 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:31:44 -04:00
Justin Slowik
9bbdc721d5 Device flow token code exchange (#2) 
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
krishnadurai
6698f1f80a Corrects imports after merge 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:24:25 -04:00
krishnadurai
776aa9dd53 Option to add staticPasswords from environment variables 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:24:25 -04:00
Mark Sagi-Kazar
e84682d7b9 Add v2 api module 2020-07-01 14:20:57 +02:00
Tomasz Kleczek
c830d49884 allow no secret for static public clients 
For statically-configured public clients it should be allowed for both
Secret and SecretEnv fields to be empty.
 2020-05-05 17:09:09 +02:00
Yann Soubeyrand
99c3ec6820 Add ability to set ID and Secret from environment variables for static clients 
Having ID and Secret in clear inside configuration files for static
clients is not ideal. This commit allows setting these from environment
variables.

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@gmx.fr>
 2020-03-03 08:27:13 +01:00
Nándor István Krácser
1160649c31 Merge pull request #1621 from concourse/pr/passowrd-grant-synced 
Rework - add support for Resource Owner Password Credentials Grant
 2020-02-20 08:27:50 +01:00
Zach Brown
13be146d2a Add support for password grant #926 2020-01-10 13:18:09 -05:00
krishnadurai
321790870f Fixes lint 2020-01-07 16:34:32 -08:00
krishnadurai
2d5619e4e8 Corrects imports after merge 2020-01-07 11:48:35 -08:00
Krishna Durai
9560899496 Merge branch 'master' into feature/static_password_env 2020-01-06 23:21:20 -08:00
Mark Sagi-Kazar
f141f2133b Fix whitespace 2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar
9bd5ae5197 Fix goimports 2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar
142c96c210 Fix stylecheck 2019-12-18 15:50:36 +01:00
krishnadurai
1fd5dd7b0e Change env var prefix to DEX and add to ci.yaml 2019-12-13 17:03:56 -08:00
krishnadurai
af9c2880a6 Corrects validation logic for static password check 2019-12-13 16:52:10 -08:00
krishnadurai
91cbd466a5 Option to add staticPasswords from environment variables 2019-12-13 16:33:21 -08:00
Steven Danna
46f48b33a1 Use a more conservative set of CipherSuites 
The default cipher suites used by Go include a number of ciphers that
have known weaknesses. In addition to leaving users open to these
weaknesses, the inclusion of these weaker ciphers causes problems with
various automated scanning tools.

This PR disables the CBC-mode, RC4, and 3DES ciphers included in the
Go standard library by passing an explicit cipher suite list.

The ciphers included here are more line with those recommended by
Mozilla for "Intermediate" compatibility. [0]

*Performance Implications*

The Go standard library does capability-based cipher ordering,
preferring AES ciphers if the underlying hardware has AES specific
instructions. [1] Since all of the relevant code is internal modules,
to do the same thing ourselves would require duplicating that
code. Here, I've placed AES based ciphers first.

*Compatibility Implications*

This does reduce the number of clients who will be able to communicate
with dex.

[0] https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&hsts=false&ocsp=false
[1] a8c2e5c6ad/src/crypto/tls/common.go (L1091)

Signed-off-by: Steven Danna <steve@chef.io>
 2019-08-31 17:34:55 +01:00
Stephan Renatus
d9f6ab4a68 Merge pull request #1512 from venezia/add_reflection 
Add reflection to gRPC API (configurable)
 2019-08-07 13:56:33 +02:00
Michael Venezia
b65966d744 cmd/dex: adding reflection to grpc api, enabled through configuration 2019-08-07 07:37:39 -04:00
Stephan Renatus
e1afe771cb Merge pull request #1505 from MarcDufresne/show-login-page 
Add option to always display connector selection even if there's only one
 2019-08-07 09:23:42 +02:00
Marc-André Dufresne
0dbb642f2c Add option to always display connector selection even if there's only one 2019-08-06 13:18:46 -04:00
Marc-André Dufresne
d458e882aa Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
Stephan Renatus
ea7fd6d470 cmd/dex: adapt to prometheus API change 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-31 08:09:58 +02:00
Stephan Renatus
128d5da89e Merge pull request #1500 from dexidp/sr/fix-some-lint-issues 
*: fix some lint issues
 2019-07-30 11:41:27 +02:00