k-space/dex - dex - Gitea: Git with a cup of tea

Archived

Author	SHA1	Message	Date
m.nabokikh	4b5f1d5289	fix: refresh token only once for all concurrent requests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2022-10-02 23:37:27 +02:00
Bob Callaway	793bcc4b61	address review comments Signed-off-by: Bob Callaway <bcallaway@google.com>	2022-09-26 15:16:18 -04:00
Bob Callaway	cf3b19a952	Merge remote-tracking branch 'upstream/master' into advisory-fix-1 Signed-off-by: Bob Callaway <bcallaway@google.com>	2022-09-26 15:15:58 -04:00
Bob Callaway	fcfbb1ecb0	Add HMAC protection on /approval endpoint Signed-off-by: Bob Callaway <bcallaway@google.com>	2022-07-29 19:45:18 -04:00
Bob Callaway	83e2df821e	add PKCE support to device code flow (#2575 ) Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>	2022-07-27 19:02:18 +03:00
Márk Sági-Kazár	1cc26fab2f	Merge pull request #2468 from flant/cwe-79-device-code fix: prevent cross-site scripting for the device flow	2022-06-30 22:52:33 +03:00
Bob Callaway	6eeba947f1	Merge remote-tracking branch 'upstream/master' into issue2289	2022-05-30 11:52:05 -04:00
Shivansh Vij	65592d0b5a	Updating test cases Fixes https://github.com/dexidp/dex/issues/2537 Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>	2022-05-26 15:54:54 -04:00
Shivansh Vij	cbf158bcc0	Fixes https://github.com/dexidp/dex/issues/2537 Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>	2022-05-26 15:49:49 -04:00
m.nabokikh	bdfb10137a	Add the comment about groups request notification Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2022-05-25 17:50:12 +04:00
m.nabokikh	3d5a3befb4	fix: prevent cross-site scripting for the device flow Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2022-05-20 18:26:49 +04:00
m.nabokikh	ad89e01676	fix: log only errors on refreshing Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2022-04-15 10:54:43 +04:00
m.nabokikh	57e9611ff6	fix: Implicit Grant discovery Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2022-03-08 16:16:25 +04:00
Mark Sagi-Kazar	79721196a8	fix(server): wrap credentials in the correct Dial option Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-12-19 15:41:15 +01:00
Stephen Augustus	243661155e	server: grpc.WithInsecure is now insecure.NewCredentials() Signed-off-by: Stephen Augustus <foo@auggie.dev>	2021-12-17 19:39:03 -05:00
Maksim Nabokikh	9d3471e39b	Merge pull request #2026 from flant/ldap-groups-user-matcher-warning chore: warning about deprecated LDAP groupSearch fields	2021-12-11 13:26:30 +04:00
Maksim Nabokikh	ac02fb04cf	Merge pull request #2344 from flant/invalid_grant_claim_another_client fix: return invalid_grant error on claiming token of another client	2021-12-08 17:30:52 +04:00
Maksim Nabokikh	ca615f7ad7	Update server/refreshhandlers.go Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-12-08 09:13:24 +04:00
m.nabokikh	578cb05f7b	fix: return invalid_grant error on claiming token of another client Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-12-05 23:45:52 +04:00
Joshua Winters	9284ffb8c0	Add generic oauth connector Co-authored-by: Shash Reddy <sreddy@pivotal.io> Signed-off-by: Joshua Winters <jwinters@pivotal.io>	2021-11-17 15:06:53 -05:00
copperyp	5854dd192d	using path.Join replace filepath.Join Signed-off-by: copperyp <copperyp@gmail.com>	2021-10-27 14:44:26 +08:00
copperyp	a1c1076137	fix web static file path slash error for win platform Signed-off-by: copperyp <copperyp@gmail.com>	2021-10-23 12:13:55 +08:00
Maksim Nabokikh	84b241721e	Merge pull request #2300 from flant/do-not-update-offline-session-last-time fix: do not update offlinesession lastUsed field if refresh token was not updated	2021-10-21 20:23:45 +04:00
Márk Sági-Kazár	18311aa44d	Merge pull request #2234 from enj/enj/i/password_grant_access_token Return valid JWT access token from password grant	2021-10-21 17:42:33 +02:00
m.nabokikh	9fad0602ec	fix: do not update offlinesession lastUsed field if refresh token was not change Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-10-19 01:16:34 +04:00
Bob Callaway	2e0041f95f	ensure template does not double-escape URL Signed-off-by: Bob Callaway <bob.callaway@gmail.com>	2021-10-06 10:16:55 -04:00
Márk Sági-Kazár	67ba7a1c70	Merge pull request #2265 from ariary/master Add parametrization of grant type supported in discovery endpoint	2021-10-06 15:54:17 +02:00
ariary	7bc966217d	sort grant type supported Signed-off-by: ariary <ariary9.2@hotmail.fr>	2021-10-06 08:29:14 -04:00
Bob Callaway	8fd69c16f5	correctly handle path escaping for connector IDs Signed-off-by: Bob Callaway <bob.callaway@gmail.com>	2021-10-01 16:04:34 -04:00
Eng Zer Jun	f0186ff265	refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2021-09-17 14:12:39 +08:00
ariary	c6f6dd69e9	lint comment Signed-off-by: ariary <ariary9.2@hotmail.fr>	2021-09-15 03:58:27 -04:00
kali	1497e70225	Add parametrization of grant type supported in discovery endpoint Signed-off-by: ariary <ariary9.2@hotmail.fr>	2021-09-03 05:50:59 -04:00
Monis Khan	3009ae3b5d	Return valid JWT access token from password grant This change updates the password grant handler to issue a valid JWT access token instead of just returning a random value as the access token. This makes it possible to use the access token against the user info endpoint. Signed-off-by: Monis Khan <i@monis.app>	2021-08-11 14:57:58 -04:00
Maksim Nabokikh	3fac2ab6bc	Merge pull request #1862 from tkleczek/fix-rfc-errors Improve auth flow error handling	2021-08-03 00:34:54 +04:00
Tomasz Kleczek	4ffaa60d21	Improve auth flow error handling Signed-off-by: Tomasz Kleczek <tomasz.kleczek@gmail.com>	2021-07-21 09:33:39 +02:00
Henning	138364ceeb	handlePasswordGrant: insert connectorData into OfflineSession (#2199 ) * handlePasswordGrant: insert connectorData into OfflineSession This change will insert the ConnectorData from the initial Login into the OfflineSession, as already done in handlePasswordLogin. Signed-off-by: Henning Surmeier <h.surmeier@mittwald.de>	2021-07-21 00:05:35 +04:00
Mark Sagi-Kazar	ceb4324c18	test: quick fix flaky test Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-06-28 23:30:14 +02:00
Márk Sági-Kazár	f6904c38ef	Merge pull request #1865 from WorldProgrammingLtd/fix-1849 fix: defer creation of auth request.	2021-06-25 19:05:41 +02:00
m.nabokikh	21a01ee811	Add sprig v3 functions to web templates Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-06-02 11:11:45 +04:00
m.nabokikh	4b54433ec2	Bump golag-ci lint version to 1.40.1 Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-05-27 19:27:06 +04:00
Mark Sagi-Kazar	0bef10ef80	chore(deps): update gosundheit Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-05-26 14:50:35 +02:00
m.nabokikh	dea1d3383c	Deprecation warning log message Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-05-24 19:40:28 +04:00
Alastair Houghton	cd0c24ec4d	fix: add an extra endpoint to avoid refresh generating AuthRequests. By adding an extra endpoint and a redirect, we can avoid a situation where it's trivially easy to generate a large number of AuthRequests by hitting F5/refresh in the browser. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:42:52 +01:00
Alastair Houghton	030a6459d6	fix: reinstate TestHandleAuthCode. Reinstating this test as it shouldn't have been removed. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:30 +01:00
Alastair Houghton	88025b3d7c	fix: remove some additional dependencies. Accidentally added some of these back during merge. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:30 +01:00
Alastair Houghton	0284a4c3c9	fix: back link on password page needs to be explicit. The back link on the password page was using Javascript to tell the browser to navigate back, which won't work if the user has entered a set of incorrect log-in details. Fix this by using an explicit URL instead. Fixes #1851 Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:30 +01:00
Alastair Houghton	cdbb5dd94d	fix: defer creation of auth request. Rather than creating the auth request when the user hits /auth, pass the arguments through to /auth/{connector} and have the auth request created there. This prevents a database error when using the "Select another login method" link, and also avoids a few other error cases. Fixes #1849, #646. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:23 +01:00
Maksim Nabokikh	20875c972e	Discard package "version" (#2107 ) * Discard package "version" Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Inject api version Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Pass version arg to the dex API Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-05-18 00:55:24 +02:00
Márk Sági-Kazár	18d1f70cee	Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync Use constant time comparison for client secret verification	2021-05-17 17:27:42 +02:00
Rui Yang	fe8085b886	remove client secret encryption option constant time compare for client secret verification will be kept Signed-off-by: Rui Yang <ruiya@vmware.com>	2021-05-17 10:16:50 -04:00

1 2 3 4 5 ...

330 Commits