Eric Chiang
a3235d022a
*: verify "state" field before passing request to callback connectors
...
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.
Callbacks now all look like:
https://dex.example.com/callback
Instead of:
https://dex.example.com/callback/ (connector id)
Even when multiple connectors are being used.
2016-10-27 10:23:09 -07:00
Eric Chiang
ba9f6c6cd6
Merge pull request #618 from ericchiang/dev-contrib-ldap-container
...
contrib/openldap: add an OpenLDAP Docker image for testing
2016-10-20 13:14:17 -07:00
Eric Chiang
373ac050f7
contrib/openldap: add a OpenLDAP container for testing
2016-10-20 09:43:06 -07:00
Eric Chiang
ea52bf263b
Merge pull request #623 from ericchiang/dev-port-oob-template
...
*: port oob template
2016-10-19 13:53:02 -07:00
Eric Chiang
7084a801d7
*: port oob template
2016-10-19 12:45:17 -07:00
Eric Chiang
86b2d93966
Merge pull request #594 from ericchiang/dev-proposal-upstream-refreshing
...
Documentation/proposals: add a proposal for keeping data in-sync during refreshes
2016-10-17 11:58:20 -07:00
Eric Chiang
774242f750
Documentation/proposals: added a caveats section to upstream refreshing proposal
2016-10-17 11:54:10 -07:00
Eric Chiang
688d798ff4
Merge pull request #620 from ericchiang/dev-fix-rotation-polling
...
server: fix key rotation polling
2016-10-17 11:13:00 -07:00
Eric Chiang
892fa3fe35
server: rename "rotationStrategy.period" to "rotationFrequency"
...
gorename command run:
gorename \
-from '"github.com/coreos/dex/server".rotationStrategy.period' \
-to rotationFrequency
2016-10-17 10:57:14 -07:00
Eric Chiang
d8033999d5
server: fix key rotation polling
2016-10-17 10:47:47 -07:00
Eric Chiang
3e94e65b68
Merge pull request #617 from ericchiang/dev-aci-path
...
*: build aci at the correct path including version, OS, and arch
2016-10-14 14:40:14 -07:00
Eric Chiang
26b43e19c8
*: build aci at the correct path including version, OS, and arch
2016-10-14 14:29:22 -07:00
Eric Chiang
8b909140fd
Merge pull request #615 from ericchiang/dev-fix-sql-keys-query
...
dev branch: fix sql keys query
2016-10-14 12:30:59 -07:00
Eric Chiang
fe320c1928
storage/sql: fix typo in keys query
2016-10-14 12:28:49 -07:00
Eric Chiang
0a3aabc8ff
storage/conformace: add conformance tests for keys
2016-10-14 12:28:49 -07:00
Eric Chiang
ade27b3d5e
Merge pull request #612 from ericchiang/dev-make-example-config-more-readable
...
*: add more comments to the example config
2016-10-14 09:01:53 -07:00
Eric Chiang
6a9df8ab1c
Merge pull request #606 from ericchiang/dev-self-managed-third-party-resources
...
dev branch: self managed third party resources
2016-10-14 09:00:05 -07:00
Eric Chiang
dc13f09fb7
*: add more comments to the example config
2016-10-14 08:58:57 -07:00
Eric Chiang
e25a364dbe
Merge pull request #611 from ericchiang/dev-gc-reduce-verbosity
...
server: only print gc stats if something has been removed
2016-10-13 22:01:16 -07:00
Eric Chiang
89ecfd2ede
server: only print gc stats if something has been removed
2016-10-13 21:55:56 -07:00
Eric Chiang
7288e49c19
Merge pull request #610 from ericchiang/dev-fix-linting
...
dev branch: fix linting
2016-10-13 18:19:13 -07:00
Eric Chiang
96440e4cc5
*: fix linting
2016-10-13 18:15:20 -07:00
Eric Chiang
e7d7c3500a
Merge pull request #608 from ericchiang/dev-properly-compile-version
...
dev branch: properly compile version into docker images
2016-10-13 18:03:56 -07:00
Eric Chiang
3dac0063df
*: properly compile version into docker images
2016-10-13 17:58:40 -07:00
Eric Chiang
b7c6eea341
examples/k8s: update documentation
2016-10-13 17:41:52 -07:00
Eric Chiang
691476b477
storage/kubernetes: manage third party resources and drop support for 1.3
2016-10-13 17:41:52 -07:00
Eric Chiang
f37836490b
Merge pull request #603 from ericchiang/dev-add-license-and-developer-certificate-of-origin
...
dev branch: add DCO and LICENSE
2016-10-13 11:59:14 -07:00
Eric Chiang
63179e319a
*: add DCO and LICENSE
2016-10-13 11:33:32 -07:00
Eric Chiang
5bec61d73f
Merge pull request #602 from ericchiang/dev-add-garbage-collect-method-to-storage
...
dev branch: add garbage collect method to storage
2016-10-12 22:08:53 -07:00
Eric Chiang
449f34ed2a
storage/sql: print error before calling t.Fatal
2016-10-12 22:00:08 -07:00
Eric Chiang
4296604f11
{cmd,server}: move garbage collection logic to server
2016-10-12 21:50:20 -07:00
Eric Chiang
3e20a080fe
server: fix auth request expiry
2016-10-12 18:51:13 -07:00
Eric Chiang
558059ee58
storage/kubernetes: add garbage collection method
2016-10-12 18:48:23 -07:00
Eric Chiang
9ce05ecf73
storage/sql: add garbage collection method
2016-10-12 18:48:09 -07:00
Eric Chiang
c14ab3c44e
storage/memory: add garbage collection method
2016-10-12 18:47:47 -07:00
Eric Chiang
d27f5e411f
storage/conformance: add garbage collection tests
2016-10-12 18:47:15 -07:00
Eric Chiang
df6cfa0b7a
storage: add GC method to interface to standardize handling
2016-10-12 18:46:10 -07:00
Eric Chiang
13554ee735
Merge pull request #601 from ericchiang/dev-allow-extra-space-in-scopes
...
server: allow extra spaces in scopes
2016-10-12 15:39:22 -07:00
Eric Chiang
2834da443f
server: allow extra spaces in scopes
...
go-oidc sends an extra space before the list of scopes. This is bad
but we have to support it, so we'll be more lenient and ignore
duplicated whitespace.
2016-10-12 15:37:12 -07:00
Eric Chiang
cf8801dcec
Merge pull request #596 from ericchiang/dev-refreshing-with-scopes-tests
...
dev branch: add tests for refreshing with explicit scopes
2016-10-10 15:02:40 -07:00
Eric Chiang
ac6e419d48
server: add tests for refreshing with explicit scopes
2016-10-10 11:02:27 -07:00
Eric Chiang
0f758f11cc
Merge pull request #595 from ericchiang/dev-example-app-fix-refreshing-with-google
...
dev branch: check if a provider supports a refresh token scope
2016-10-10 08:54:27 -07:00
Eric Chiang
fdc529ee0d
cmd/example-app: check if a provider supports a refresh token scope
...
Some OpenID Connect providers, notably Google, don't follow the spec
and allow refresh tokens to be requested with the "offline_access"
scope. Try to determine which we're talking to by checking the
supported_scopes listed by the provider discovery.
2016-10-10 08:52:07 -07:00
Eric Chiang
1e5133a98d
Documentation/proposals: add a proposal for keeping data in-sync during refreshes
2016-10-08 11:45:55 -07:00
Eric Chiang
8518c30123
Merge pull request #593 from ericchiang/dev-expose-skip-approval
...
dev branch: expose skip approval screen option
2016-10-07 11:56:09 -07:00
Eric Chiang
dcbe67d89c
{cmd/dex,server}: expose skip approval screen option
2016-10-07 11:53:01 -07:00
Eric Chiang
b7841fb9ed
Merge pull request #592 from ericchiang/fix-audience-scope
...
server: fix cross client scope prefix
2016-10-07 11:52:23 -07:00
Eric Chiang
6dbb5c4de6
server: fix cross client scope prefix
2016-10-07 11:40:41 -07:00
Eric Chiang
182f14fb30
Merge pull request #590 from ericchiang/dev-add-password-resource
...
dev branch: add a password resource for local email/password login
2016-10-06 10:41:24 -07:00
Eric Chiang
2909929b17
*: add the ability to define passwords statically
2016-10-06 10:35:54 -07:00