k-space
/
dex
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,689 Commits 1 Branch 0 Tags 18 MiB
Commit Graph

284 Commits

Author SHA1 Message Date
m.nabokikh dea1d3383c Deprecation warning log message 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-24 19:40:28 +04:00
Maksim Nabokikh 20875c972e
Discard package "version" (#2107) 
* Discard package "version"

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Inject api version

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Pass version arg to the dex API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-18 00:55:24 +02:00
Márk Sági-Kazár 18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync 
Use constant time comparison for client secret verification
 2021-05-17 17:27:42 +02:00
Rui Yang fe8085b886 remove client secret encryption option 
constant time compare for client secret verification will be kept

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-17 10:16:50 -04:00
Rui Yang ecea593ddd fix a bug in hash comparison function 
the client secret coming in should be hashed and the one in storage
is the one in plaintext

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-14 13:32:27 -04:00
Márk Sági-Kazár 94a2b3ed87
Merge pull request #2010 from flant/switch-device-token-endpoint-to-token 
fix: use /token endpoint to get tokens with device flow
 2021-05-01 13:24:55 +02:00
Márk Sági-Kazár 551229a986
Merge pull request #1846 from flant/refresh-token-expiration-policy 
feat: Add refresh token expiration and rotation settings
 2021-04-24 11:03:40 +02:00
Mark Sagi-Kazar 95796b04a3
chore(deps): upgrade protobuf and grpc 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-03-24 19:17:26 +01:00
Mark Sagi-Kazar d25051c867
chore(deps): upgrade protobuf in server/internal package 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-03-22 19:27:47 +01:00
Mark Sagi-Kazar d1e8b085e2
feat: use embedded assets by default 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-03-22 15:44:03 +01:00
Rui Yang 2f28fc7451 default to ./web when Dir and WebFS are not set 
update WebFS doc

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang 4e569024fd use go 1.16 new package io/fs 
Unify the interface for reading web statics. Now it could read an
OS directory or get the content on live

One could use

//go:embed static
var webFiles embed.FS

anywhere and config dex server to take the file system by setting

WebConfig{WebFS: webFiles}

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang 7b50cbf0ac use pkger for embedding static contents 
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-03-20 20:05:59 +00:00
Rui Yang 1eab25f89f use web host url for asset hosting 
Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang 10e9054811 Use http.FileSystem for web assets 
Signed-off-by: Rui Yang <ryang@pivotal.io>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
 2021-03-20 20:05:59 +00:00
Rui Yang d658c24e8f add dex config flag for enabling client secret encryption 
* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-03-20 20:05:56 +00:00
Josh Winters ec6f3a2f19 use bcrypt when comparing client secrets 
- this assumes that the client is already bcrytped
when passed to dex. Similar to user passwords.

Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
 2021-03-20 20:05:56 +00:00
Maksim Nabokikh 568fc06520 Update server/refreshhandlers.go 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-03-09 09:41:41 +04:00
m.nabokikh 3bd0e91a68 Make /device/token deprecation warning more concise 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-25 11:53:25 +04:00
m.nabokikh 9ed5cc00cf Add deprecation warning for /device/token endpoint 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-24 17:14:28 +04:00
m.nabokikh 1211a86d58 fix: use /token endpoint to get tokens with device flow 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-24 16:03:25 +04:00
Steffen Pøhner Henriksen 0f68fadb9a
Allow public clients created with API to have no client_secret (#1871) 
Signed-off-by: Steffen Pøhner Henriksen <str3sses@gmail.com>
 2021-02-19 10:18:54 +01:00
Mark Sagi-Kazar 7da0a89936
refactor: remove unused health checker 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 01:29:27 +01:00
Mark Sagi-Kazar 316da70545
refactor: use new health checker 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-11 01:29:25 +01:00
m.nabokikh 9340fee011 Fixes after rebasing to the actual main branch 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:46:17 +04:00
m.nabokikh 89295a5b4a More refresh token handler refactoring, more tests 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:43:19 +04:00
m.nabokikh 4e73f39f57 Do not refresh id token claims if refresh token is allowed to reuse 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:43:19 +04:00
m.nabokikh 0c75ed12e2 Add refresh token expiration tests and some refactoring 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:43:19 +04:00
m.nabokikh 06c8ab5aa7 Fixes of naming and code style 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:37:57 +04:00
m.nabokikh 91de99d57e feat: Add refresh token expiration and rotation settings 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-10 23:37:57 +04:00
Márk Sági-Kazár 5a667bbee0
Merge pull request #1773 from faro-oss/faro-upstream/add-c_hash-to-id_token 
Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow
 2021-02-10 16:12:54 +01:00
Márk Sági-Kazár 9b1ecac0d9
Merge pull request #1952 from flant/auth-code-iinvalid-grant 
fix: return invalid_grant error for invalid or expired auth codes
 2021-02-10 15:50:18 +01:00
Márk Sági-Kazár 1c551fd86b
Merge pull request #1946 from flant/prealloc-unparam-sqlclosecheck 
Enable unparam, prealloc, sqlclosecheck linters
 2021-02-10 13:24:47 +01:00
m.nabokikh d6b5105d9b fix: check code presence 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-25 18:50:36 +04:00
m.nabokikh a7667dff38 fix: remove empty RefreshTokens 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-25 14:53:19 +04:00
Márk Sági-Kazár f7156c26eb
Merge pull request #1956 from flant/request-not-supported 
fix: unsupported request parameter error
 2021-01-23 19:43:22 +01:00
Márk Sági-Kazár 186a719ecb
Merge pull request #1948 from flant/add-cache-headers 
Add Cache-control headers to token responses
 2021-01-23 14:13:51 +01:00
m.nabokikh 30a5dade0f fix: unsupported request parameter error 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-22 18:01:24 +04:00
m.nabokikh 123185c456 fix: return invalid_grant error for invalid or expired auth codes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-21 01:31:38 +04:00
m.nabokikh 283a87855a fix: update auth methods and claims in discovery endpoint 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-20 15:15:30 +04:00
m.nabokikh bb503dbd81 Use constants in errors 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-18 14:54:43 +04:00
m.nabokikh a7978890c7 Add Cache-control headers to token responses 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-18 11:13:28 +04:00
m.nabokikh b2e9f67edc Enable unparam, prealloc, sqlclosecheck linters 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-15 19:29:13 +04:00
Márk Sági-Kazár afba7577bb
Merge pull request #1918 from flant/log-device-flow-gc 
fix: log device flow entities GC result if no auth entities collected
 2021-01-14 18:02:20 +01:00
Mark Sagi-Kazar b8ac640c4f
Update oidc library 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-01-13 19:56:09 +01:00
Maksim Nabokikh 35da73de38
chore: add frontend section to dev config (#1913) 
* chore: add frontend section to dev config

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-12 19:20:38 +01:00
m.nabokikh 30c3d78365 fix: log device flow entities GC result if no auth entities collected 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-11 12:33:10 +04:00
Márk Sági-Kazár 01f7bf73a0
Merge pull request #1891 from jsoref/spelling 
Spelling
 2021-01-01 16:27:49 +01:00
m.nabokikh 1e88cca59a Make dark theme even darker, add fallback for legacy themes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-12-22 11:07:28 +04:00
Josh Soref 5d659a108c spelling: templates 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:29 -05:00