This repository has been archived on 2023-08-14. You can view files and clone it, but cannot push or open issues or pull requests.

Rui Yang d658c24e8f add dex config flag for enabling client secret encryption ...

* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>

2021-03-20 20:05:56 +00:00

..

internal

regenerate protobuf code

2019-07-31 08:16:18 +02:00

api_test.go

spelling: including

2020-12-19 22:53:26 -05:00

api.go

Allow public clients created with API to have no client_secret (#1871)

2021-02-19 10:18:54 +01:00

deviceflowhandlers_test.go

Add gocritic

2020-10-18 01:54:27 +04:00

deviceflowhandlers.go

Merge pull request #1946 from flant/prealloc-unparam-sqlclosecheck

2021-02-10 13:24:47 +01:00

doc.go

initial commit

2016-07-26 15:51:24 -07:00

handlers_test.go

refactor: use new health checker

2021-02-11 01:29:25 +01:00

handlers.go

add dex config flag for enabling client secret encryption

2021-03-20 20:05:56 +00:00

oauth2_test.go

Use constants in errors

2021-01-18 14:54:43 +04:00

oauth2.go

Merge pull request #1773 from faro-oss/faro-upstream/add-c_hash-to-id_token

2021-02-10 16:12:54 +01:00

rotation_test.go

spelling: rotator

2020-12-19 22:53:29 -05:00

rotation.go

spelling: signatures

2020-12-19 22:53:29 -05:00

server_test.go

add dex config flag for enabling client secret encryption

2021-03-20 20:05:56 +00:00

server.go

add dex config flag for enabling client secret encryption

2021-03-20 20:05:56 +00:00

templates_test.go

Fix templates with asset paths that point to external URL

2020-07-06 12:02:39 +04:00

templates.go

Make dark theme even darker, add fallback for legacy themes

2020-12-22 11:07:28 +04:00