k-space/dex - dex - Gitea: Git with a cup of tea

Archived

Author	SHA1	Message	Date
seuf	a1c7198738	Rename config header to userHeader Signed-off-by: seuf <seuf76@gmail.com>	2020-12-17 16:50:00 +01:00
seuf	f19bccfc92	Allow configuration of groups for authproxy Signed-off-by: seuf <seuf76@gmail.com>	2020-12-17 16:50:00 +01:00
seuf	a12a919d3e	Allow configuration of returned auth proxy header Signed-off-by: seuf <seuf76@gmail.com>	2020-12-17 16:50:00 +01:00
Stephen Augustus	57640cc7a9	connector/saml: Validate XML roundtrip data before processing request Signed-off-by: Stephen Augustus <saugustus@vmware.com>	2020-12-08 07:26:48 -05:00
Mark Sagi-Kazar	349832b380	Run fixer Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2020-11-03 20:52:14 +01:00
m.nabokikh	a5ad5eaf08	fix: Minor style fixes after merging PKCE implementation Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2020-10-26 23:20:33 +04:00
m.nabokikh	1d83e4749d	Add gocritic Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2020-10-18 01:54:27 +04:00
m.nabokikh	4d63e9cd68	fix: Bump golangci-lint version and fix some linter's problems Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2020-10-18 01:02:29 +04:00
m.nabokikh	ec66cedfcc	feat: Add team groups support to bitbucket connector Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2020-10-04 20:50:59 +03:00
m.nabokikh	4b94469547	fix: Replace teams endpoint for bitbucket connector Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2020-10-03 20:30:23 +03:00
Márk Sági-Kazár	a64e7c2986	Merge pull request #1769 from batara666/master ldap.go: drop else on returned if block	2020-09-16 17:47:52 +02:00
Rui Yang	058202d007	revert changes for user id and user name Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-09-08 13:12:59 -04:00
Rui Yang	0494993326	update oidc documentation and email claim err msg Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-09-08 10:03:57 -04:00
Rui Yang	41207ba265	Combine #1691 and #1776 to unify OIDC provider claim mapping add tests for groups key mapping Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
Scott Lemmon	a783667c57	Add groupsClaimMapping to the OIDC connector The groupsClaimMapping setting allows one to specify which claim to pull group information from the OIDC provider. Previously it assumed group information was always in the "groups" claim, but that isn't the case for many OIDC providers (such as AWS Cognito using the "cognito:groups" claim instead) Signed-off-by: Scott Lemmon <slemmon@aurora.tech> Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
Cyrille Nofficial	61312e726e	Add parameter configuration to override email claim key Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
Rui Yang	52c39fb130	check if upstream contains preferrend username claim first Signed-off-by: Rui Yang <ryang@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
Rui Yang	4812079647	add tests when preferred username key is not set Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
Rui Yang	d9afb7e59c	default to preferred_username claim Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
Josh Winters	9a4e0fcd00	Make OIDC username key configurable Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Mark Huang <mhuang@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	2020-08-11 16:26:55 -04:00
batara666	6499f5bfd3	ldap.go: drop else on returned if block	2020-07-27 22:27:55 +07:00
Nándor István Krácser	62efe7bf07	Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token dexidp#1440 Add offline_access scope, if required	2020-07-08 16:13:26 +02:00
Joel Speed	9d7e472c63	Merge pull request #1720 from candlerb/fix-google Allow the "google" connector to work without a service account	2020-06-19 17:10:23 +01:00
techknowlogick	0a9f56527e	Add Gitea connector (#1715 ) * Add Gitea connector * Add details to readme * resolve lint issue	2020-05-26 13:54:40 +02:00
Brian Candler	442d3de11d	Allow the "google" connector to work without a service account Fixes #1718	2020-05-22 09:24:26 +00:00
Márk Sági-Kazár	709d4169d6	Merge pull request #1694 from flant/fix-openshift-root-ca Fix OpenShift connector rootCA option	2020-05-12 13:55:45 +02:00
m.nabokikh	521aa0802f	Fix OpenShift connector rootCA option Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2020-05-12 15:31:27 +04:00
Stephan Renatus	4a0feaf589	connector/saml: add 'FilterGroups' setting This should make AllowedGroups equivalent to an LDAP group filter: When set to true, only the groups from AllowedGroups will be included in the user's identity. Signed-off-by: Stephan Renatus <srenatus@chef.io>	2020-05-12 13:29:05 +02:00
poh chiat	d87cf1c924	create github oauthconfig with redirecturl (#1700 )	2020-05-12 13:23:00 +02:00
Martijn	0a85a97ba9	Allow preferred_username claim to be set for Crowd connector (#1684 ) * Add atlassiancrowd connector to list in readme * Add TestIdentityFromCrowdUser * Set preferred_username claim when configured * Add preferredUsernameField option to docs * Log warning when mapping invalid crowd field	2020-04-23 20:14:15 +02:00
Ken Perkins	f6476b62f2	Added Email of Keystone to Identity (#1681 ) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>	2020-04-06 15:40:17 +02:00
Joel Speed	30ea963bb6	Merge pull request #1656 from taxibeat/oidc-prompt-type Make prompt configurable for oidc offline_access	2020-02-28 10:56:13 +00:00
Nándor István Krácser	b7cf701032	Merge pull request #1515 from flant/atlassian-crowd-connector new connector for Atlassian Crowd	2020-02-24 10:09:27 +01:00
Andrew Block	76bb453ff3	Setting email for OpenShift connector	2020-02-21 16:53:46 +01:00
Chris Loukas	d33a76fa19	Make prompt configurable for oidc offline_access	2020-02-19 16:10:28 +02:00
Ivan Mikheykin	7ef1179e75	feat: connector for Atlassian Crowd	2020-02-05 12:40:49 +04:00
Joel Speed	30cd592801	Merge pull request #1612 from vi7/multiple-user-to-group-mapping connector/ldap: add multiple user to group mapping	2020-02-02 11:09:05 +00:00
Nándor István Krácser	aca67b0839	Merge pull request #1627 from jfrabaute/master google: Retrieve all the groups for a user	2020-01-20 08:30:17 +01:00
linzhaoming	1d3851b0c5	Update gitlab.go fix typo	2020-01-16 11:26:57 +08:00
Fabrice Rabaute	b85d7849ad	google: Retrieve all the groups for a user The list of groups is paginated (default page is 200), so when a user has more than 200 groups, only the first 200 are retrieve. This change is retrieving all the groups for a user by querying all the pages.	2020-01-14 13:26:37 -08:00
Vitaliy Dmitriev	e20a795a2a	connector/ldap: backward compatibility with single user to group mapping Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>	2020-01-14 11:00:32 +01:00
Carl Henrik Lunde	6104295d5e	microsoft: Add basic tests Implemented similar to connector/github/github_test.go	2020-01-13 08:51:22 +01:00
Carl Henrik Lunde	5db29eb087	microsoft: Make interface testable Enable testing by allowing overriding the API host name in tests	2020-01-13 08:15:07 +01:00
Nándor István Krácser	3cbba11012	Merge pull request #1610 from flant/oidc-email-scope-check Adding oidc email scope check	2020-01-06 10:20:46 +01:00
Vitaliy Dmitriev	f2e7823db9	connector/ldap: add multiple user to group mapping Add an ability to fetch user's membership from groups of a different type by specifying multiple group attribute to user attribute value matchers in the Dex config: userMatchers: - userAttr: uid groupAttr: memberUid - userAttr: DN groupAttr: member In other words the user's groups can be fetched now from ldap structure similar to the following: dn: cn=john,ou=People,dc=example,dc=org objectClass: person objectClass: inetOrgPerson sn: doe cn: john uid: johndoe mail: johndoe@example.com userpassword: bar dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org objectClass: groupOfNames cn: qa member: cn=john,ou=People,dc=example,dc=org dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org objectClass: posixGroup gidNumber: 1000 cn: logger memberUid: johndoe Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>	2020-01-03 10:40:21 +01:00
m.nabokikh	383c2fe8b6	Adding oidc email scope check This helps to avoid "no email claim" error if email scope was not specified. Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2019-12-28 15:28:01 +04:00
Andrew Block	d31f6eabd4	Corrected logic in group verification	2019-12-26 20:32:12 -06:00
Andrew Block	296659cb50	Reduced OpenShift scopes and enhanced documentation	2019-12-26 03:14:20 -06:00
Andrew Block	075ab0938e	Fixed formatting	2019-12-22 02:53:10 -05:00
Andrew Block	7e89d8ca24	Resolved newline issues	2019-12-22 02:27:11 -05:00
Andrew Block	02c8f85e4d	Resolved newline issues	2019-12-22 02:27:11 -05:00
Andrew Block	db7711d72a	Test cleanup	2019-12-22 02:27:10 -05:00
Andrew Block	5881a2cfca	Test cleanup	2019-12-22 02:27:10 -05:00
Andrew Block	48954ca716	Corrected test formatting	2019-12-22 02:27:09 -05:00
Andrew Block	92e63771ac	Added OpenShift connector	2019-12-22 02:27:09 -05:00
Nándor István Krácser	a901e2f204	Merge pull request #1604 from dexidp/fix-linters Fix linters	2019-12-20 07:10:22 +01:00
Lars Lehtonen	8e0ae82034	connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle	2019-12-18 08:27:40 -08:00
Mark Sagi-Kazar	65c77e9db2	Fix bodyclose	2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar	2f8d1f8e42	Fix unconvert	2019-12-18 15:56:46 +01:00
Mark Sagi-Kazar	f141f2133b	Fix whitespace	2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar	9bd5ae5197	Fix goimports	2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar	367b187cf4	Fix missspell	2019-12-18 15:51:44 +01:00
Mark Sagi-Kazar	142c96c210	Fix stylecheck	2019-12-18 15:50:36 +01:00
Mark Sagi-Kazar	8c3dc0ca66	Remove unused code (fixed: unused, structcheck, deadcode linters)	2019-12-18 15:46:49 +01:00
Mark Sagi-Kazar	d2095bb2d8	Rewrite LDAP tests to use Docker	2019-12-08 20:21:28 +01:00
Nandor Kracser	a38e215891	connector/google: support group whitelisting Signed-off-by: Nandor Kracser <bonifaido@gmail.com>	2019-12-03 16:27:07 +01:00
Nándor István Krácser	c41035732f	Merge pull request #1434 from jacksontj/groups Add option to enable groups for oidc connectors	2019-11-27 14:00:36 +01:00
Joel Speed	658a2cc477	Make directory service during init	2019-11-19 17:12:44 +00:00
Joel Speed	554870cea0	Add todo for configurable groups key	2019-11-19 17:12:43 +00:00
Joel Speed	6a9bc889b5	Update comments	2019-11-19 17:12:40 +00:00
Joel Speed	c03c98b951	Check config before getting groups	2019-11-19 17:12:39 +00:00
Joel Speed	3f55e2da72	Get groups from directory api	2019-11-19 17:12:38 +00:00
Joel Speed	36370f8f2a	No need to configure issuer	2019-11-19 17:12:37 +00:00
Joel Speed	97ffa21262	Create separate Google connector	2019-11-19 17:12:36 +00:00
Joel Speed	3156553843	OIDC: Rename refreshToken to RefreshToken	2019-11-19 15:43:25 +00:00
Joel Speed	77fcf9ad77	Use a struct for connector data within OIDC connector	2019-11-19 15:43:22 +00:00
Joel Speed	f6077083c9	Identify error as failure to retrieve refresh token	2019-11-19 15:43:21 +00:00
Joel Speed	8b344fe4d3	Fix Refresh comment	2019-11-19 15:43:20 +00:00
Joel Speed	433bb2afec	Remove duplicate code	2019-11-19 15:43:12 +00:00
Joel Speed	4076eed17b	Build opts based on scope	2019-11-19 15:43:11 +00:00
Joel Speed	0857a0fe09	Implement refresh in OIDC connector This has added the access=offline parameter and prompt=consent parameter to the initial request, this works with google, assuming other providers will ignore the prompt parameter	2019-11-19 15:43:04 +00:00
Nándor István Krácser	6d41541964	Merge pull request #1544 from kenperkins/saml-groups Adding support for allowed groups in SAML Connector	2019-10-30 13:28:34 +01:00
Nándor István Krácser	f2590ee07d	Merge pull request #1545 from jacksontj/getUserInfo Run getUserInfo prior to claim enforcement	2019-10-30 13:26:18 +01:00
Nandor Kracser	c1b421fa04	add preffered_username to idToken Signed-off-by: Nandor Kracser <bonifaido@gmail.com>	2019-10-30 13:06:37 +01:00
Thomas Jackson	21ab30d207	Add option to enable groups for oidc connectors There's been some discussion in #1065 regarding what to do about refreshing groups. As it stands today dex doesn't update any of the claims on refresh (groups would just be another one). The main concern with enabling it is that group claims may change more frequently. While we continue to wait on the upstream refresh flows, this adds an option to enable the group claim. This is disabled by default (so no behavioral change) but enables those that are willing to have the delay in group claim change to use oidc IDPs. Workaround to #1065	2019-09-13 15:50:33 -07:00
Thomas Jackson	512cb3169e	Run getUserInfo prior to claim enforcement If you have an oidc connector configured and that IDP provides thin tokens (e.g. okta) then the majority of the requested claims come in the getUserInfo call (such as email_verified). So if getUserInfo is configured it should be run before claims are validated.	2019-09-13 11:10:44 -07:00
Ken Perkins	285c1f162e	connector/saml: Adding group filtering - 4 new tests - Doc changes to use the group filtering	2019-09-10 10:53:19 -07:00
wassan128	42e8619830	Fix typo	2019-09-06 09:55:09 +09:00
Nandor Kracser	ef08ad8317	gitlab: add groups scope by default when filtering is requested	2019-08-14 13:33:46 +02:00
Stephan Renatus	d9487e553b	*: fix some lint issues Mostly gathered these using golangci-lint's deadcode and ineffassign linters. Signed-off-by: Stephan Renatus <srenatus@chef.io>	2019-07-30 11:29:08 +02:00
Nandor Kracser	ff34e570b4	connector/gitlab: implement useLoginAsID as in GitHub connector	2019-07-28 19:49:49 +02:00
Maxime Desrosiers	458585008b	microsoft: option for group UUIDs instead of name and group whitelist	2019-07-25 09:14:33 -04:00
Stephan Renatus	51f50fcad8	connectors: refactor filter code into a helper package I hope I didn't miss any :D Signed-off-by: Stephan Renatus <srenatus@chef.io>	2019-07-03 13:09:40 +02:00
Stephan Renatus	d6fad19d95	Merge pull request #1459 from flarno11/master make userName configurable	2019-06-04 09:47:19 +02:00
tan	8613c78863	update LinkedIn connector to use v2 APIs This updates LinkedIn connector to use the more recent v2 APIs. Necessary because v1 APIs are not able to retrieve email ids any more with the default permissions. The API URLs are now different. Fetching the email address is now a separate call, made after fetching the profile details. The `r_basicprofile` permission is not needed any more, and `r_liteprofile` (which seems to be the one assigned by default) is sufficient. The relevant API specifications are at: - https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api - https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api - https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq#how-do-i-retrieve-the-members-email-address	2019-06-03 22:59:37 +05:30
flarno11	8c1716d356	make userName configurable	2019-06-03 14:09:07 +02:00
Stephan Renatus	4e8cbf0f61	connectors/oidc: truely ignore "email_verified" claim if configured that way Fixes #1455, I hope. Signed-off-by: Stephan Renatus <srenatus@chef.io>	2019-05-28 16:15:06 +02:00
cappyzawa	9650836851	make userID configurable	2019-05-24 19:52:33 +09:00
Thomas Jackson	52d09a2dfa	Add option in oidc to hit the optional userinfo endpoint Some oauth providers return "thin tokens" which won't include all of the claims requested. This simply adds an option which will make the oidc connector use the userinfo endpoint to fetch all the claims.	2019-05-23 09:20:48 -07:00
jimmythedog	b189d07d53	dexidp#1440 Add offline_access scope, if required Without this scope, a refresh token will not be returned from Microsoft	2019-05-14 05:15:13 +01:00

1 2 3 4 5 ...

283 Commits