Stephan Renatus
8561a66365
server/{handler,oauth2}: cleanup error returns
...
Now, we'll return a standard error, and have the caller act upon this
being an instance of authErr.
Also changes the storage.AuthRequest return to a pointer, and returns
nil in error cases.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-25 13:40:06 +02:00
Stephan Renatus
d7c7d42466
cmd/example-app: check all errors, pass claims as string to renderToken
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-24 12:26:51 +02:00
Stephan Renatus
c4e0587df1
cmd/example-app: expose connector_id
...
As a piece of "living documentation" for #1481 .
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-24 12:17:14 +02:00
Joel Speed
20a858da3b
Merge pull request #1495 from pbochynski/patch-1
...
Update ADOPTERS.md
2019-07-24 08:51:10 +01:00
Piotr
74023ba9ad
Update ADOPTERS.md
...
Add Kyma project as an adopter.
2019-07-24 08:50:49 +02:00
Stephan Renatus
9c211132b2
Merge pull request #1494 from tanmaykm/patch-1
...
Update Adopters.md
2019-07-24 08:27:51 +02:00
Tanmay Mohapatra
56f8e60545
Update Adopters.md
...
Adding JuliaBox to the list of production adopters of Dex.
2019-07-23 22:48:29 -04:00
Stephan Renatus
e3203382fc
Merge pull request #1493 from srenatus/sr/adopters
...
ADOPTERS: replace Documentation/production-users.md, add Chef
2019-07-23 17:08:11 +02:00
Stephan Renatus
7409d16541
ADOPTERS: add pusher
...
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
2019-07-23 16:58:26 +02:00
Stephan Renatus
bc27a617c5
Merge pull request #1485 from bonifaido/mysql-storage
...
MySQL storage - Take 2
2019-07-23 15:25:15 +02:00
Stephan Renatus
b8cdc88803
Merge pull request #1492 from srenatus/sr/add-bonifaido-to-maintainers
...
MAINTAINERS: add @bonifaido
2019-07-23 15:03:43 +02:00
Nandor Kracser
a572ad8fec
storage/sql: rework of the original MySQL PR
2019-07-23 14:27:10 +02:00
Pavel Borzenkov
e53bdfabb9
storage/sql: initial MySQL storage implementation
...
It will be shared by both Postgres and MySQL configs.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2019-07-23 14:26:21 +02:00
Stephan Renatus
447f24a81b
ADOPTERS: replace Documentation/production-users.md, add Chef
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-23 14:01:17 +02:00
Stephan Renatus
af81297d4e
MAINTAINERS: add @bonifaido
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-23 13:03:18 +02:00
Stephan Renatus
421c26fdf5
Merge pull request #1481 from LanceH/master
...
Added "connector_id" to skip straight to a connector (similar to when len(connector) is 1.
2019-07-23 11:31:25 +02:00
LanceH
07a77e0dac
Use connector_id param to skip directly to a specific connector
2019-07-22 10:47:11 -05:00
Stephan Renatus
6379403a68
Merge pull request #1486 from AlbanSeurat/tc/add-verify-password-api
...
Add VerifyPassword to API
2019-07-22 10:29:43 +02:00
Tyler Cloke
dd84e73c0e
Add VerifyPassword to API
...
It takes in an email and plain text password to verify. If it fails to find a password stored for email, it returns not_found. If it finds the password hash stored but that hash doesn't match the password passed via the API, it returns verified = false, else it returns verified = true.
Co-authored-by: Alban Seurat <alban.seurat@me.com>
2019-07-22 10:23:07 +02:00
Stephan Renatus
92920c86ea
Merge pull request #1480 from srenatus/sr/deduplicate-filter-groups
...
connectors: refactor filter code into a helper package
2019-07-08 10:29:01 +02:00
Stephan Renatus
10611f3156
deps: revendor (github.com/stretchr/testify)
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-03 13:30:59 +02:00
Stephan Renatus
51f50fcad8
connectors: refactor filter code into a helper package
...
I hope I didn't miss any :D
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-03 13:09:40 +02:00
Eric Chiang
39dc5dcfb7
Merge pull request #1478 from ericchiang/maintainers
...
MAINTAINERS: remove ericchiang@
2019-07-02 09:10:50 -07:00
Eric Chiang
645a441527
MAINTAINERS: remove ericchiang@
...
I haven't had time to contribute to dex recently and it's been over a
year since I've worked on Kubernetes. Going to make this official and
remove myself from the MAINTAINERS list. I'll still be around if you
need to know why any of the code is so crazy :)
2019-07-02 07:32:05 -07:00
Stephan Renatus
8b4dbb9fe7
Merge pull request #1473 from alindeman/add-user-endpoint
...
Add UserInfo endpoint
2019-07-02 09:26:26 +02:00
Andy Lindeman
5b66bf05c8
Fixed shadowed variable declaration
2019-06-27 19:12:18 -04:00
Andy Lindeman
59b6595c37
userinfo_endpoint is required
2019-06-25 12:17:03 -04:00
Andy Lindeman
8959dc4275
ctx is not used
2019-06-24 09:43:12 -04:00
Andy Lindeman
21174c06a1
Remove comment
...
We have a story around user info now
2019-06-24 09:42:46 -04:00
Andy Lindeman
840065faaf
Assert something about the returned userinfo
2019-06-24 09:39:54 -04:00
Andy Lindeman
46f5726d11
Use oidc.Verifier to verify tokens
2019-06-22 13:18:35 -04:00
Andy Lindeman
157c359f3e
Bump go-oidc to latest v2
2019-06-20 12:27:47 -04:00
mdbraber
3dd1bac821
Fix comments
2019-06-05 22:14:31 +02:00
Maarten den Braber
74f4e749b9
Formatting
2019-06-05 22:14:31 +02:00
Maarten den Braber
d7750b1e26
Fix changes
2019-06-05 22:14:31 +02:00
Maarten den Braber
a8d059a237
Add userinfo endpoint
...
Co-authored-by: Yuxing Li <360983+jackielii@users.noreply.github.com>
Co-authored-by: Francisco Santiago <1737357+fjbsantiago@users.noreply.github.com>
2019-06-05 22:11:21 +02:00
Stephan Renatus
d6fad19d95
Merge pull request #1459 from flarno11/master
...
make userName configurable
2019-06-04 09:47:19 +02:00
Stephan Renatus
c19ada3236
Merge pull request #1460 from tanmaykm/tan/linkedin
...
Update LinkedIn connector to use v2 APIs
This updates LinkedIn connector to use the more recent v2 APIs. Necessary because v1 APIs are not able to retrieve email ids any more with the default permissions.
The API URLs are now different. Fetching the email address is now a separate call, made after fetching the profile details. The r_basicprofile permission is not needed any more, and r_liteprofile (which seems to be the one assigned by default) is sufficient.
The relevant API specifications are at:
https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api
https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq#how-do-i-retrieve-the-members-email-address
2019-06-03 19:35:55 +02:00
tan
8613c78863
update LinkedIn connector to use v2 APIs
...
This updates LinkedIn connector to use the more recent v2 APIs. Necessary because v1 APIs are not able to retrieve email ids any more with the default permissions.
The API URLs are now different. Fetching the email address is now a separate call, made after fetching the profile details. The `r_basicprofile` permission is not needed any more, and `r_liteprofile` (which seems to be the one assigned by default) is sufficient.
The relevant API specifications are at:
- https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
- https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api
- https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq#how-do-i-retrieve-the-members-email-address
2019-06-03 22:59:37 +05:30
flarno11
8c1716d356
make userName configurable
2019-06-03 14:09:07 +02:00
Stephan Renatus
dfb2dfd333
Merge pull request #1456 from srenatus/sr/post-1448/fix-1455/restore-error-semantics
...
connectors/oidc: truely ignore "email_verified" claim if configured that way
2019-05-28 16:23:00 +02:00
Stephan Renatus
4e8cbf0f61
connectors/oidc: truely ignore "email_verified" claim if configured that way
...
Fixes #1455 , I hope.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-05-28 16:15:06 +02:00
Stephan Renatus
e137db978d
Merge pull request #1457 from srenatus/sr/travis/use-go-1.1{1,2}.x
...
travis: replace golang 1.10 and 1.11 with 1.12
2019-05-28 16:14:43 +02:00
Stephan Renatus
11913a28c6
travis: replace golang 1.{10,11}.x with 1.12.x
...
This is because I suspect the gofmt rules change between these versions to
make half the travis CI tests fail sometimes?
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-05-28 16:07:20 +02:00
Stephan Renatus
49e59fb54f
Merge pull request #1448 from cappyzawa/user-id-key
...
oidc: Make userID configurable
2019-05-24 13:32:41 +02:00
cappyzawa
9650836851
make userID configurable
2019-05-24 19:52:33 +09:00
Eric Chiang
59560c9919
Merge pull request #1433 from jacksontj/userinfo
...
Add option in oidc to hit the optional userinfo endpoint
2019-05-23 09:42:13 -07:00
Thomas Jackson
52d09a2dfa
Add option in oidc to hit the optional userinfo endpoint
...
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
2019-05-23 09:20:48 -07:00
Eric Chiang
cd3c6983da
Merge pull request #1429 from tsuna/master
...
server: add metrics for CORS handlers.
2019-05-12 10:40:23 -07:00
Eric Chiang
35f51957c0
Merge pull request #1430 from mkontani/fix/typo
...
fix typo
2019-05-12 10:39:18 -07:00