go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-11 01:30:18 +02:00
Code Issues Releases Activity
2,166 Commits 25 Branches 38 Tags
renovate/golangci-golangci-lint-2.x
Commit Graph

11 Commits

Author SHA1 Message Date
Guillaume "Elektordi" Genty
7b41c8e987 fix: role extraction from access token in keycloak oidc (#1916) 
* Fix wrong token used in Keycloak OIDC provider

* Update CHANGELOG for PR #1916

* Update tests

* fix: keycloak oidc role extraction

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-04-28 10:23:19 +01:00
Koen van Zuijlen
343bd61ebb chore(deps): Updated to ginkgo v2 (#2459) 
* chore(deps): Updated to ginkgo v2

* fix basic auth test suite cleanup

* fix redis store tests

* add changelog entry

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
 2024-07-18 22:41:02 +02:00
Jan Larwig
fc6e7fdbd1 bugfix: OIDCConfig based providers are not respecting flags and configs (#2299) 
* add full support for all oidc config based providers to use and respect all configs set via OIDCConfig

* add changelog entry

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2023-11-25 11:32:31 +00:00
tuunit
7683902a42 bugfix: default scopes for OIDCProvider based providers 2023-09-10 20:10:14 +00:00
Chris
6e02bb496b Extract Keycloak roles while creating a session from token (#1720) 
* extract roles while creating session

* add test

* adjust changelog

* remove unused func

* shorten implementation

Co-authored-by: Christian Hirsch <christian.hirsch@nitrado.net>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2022-08-08 23:28:46 +01:00
Joel Speed
ed3892296e Move OIDC IDToken verifier behind interface 2022-02-19 15:37:54 +00:00
Joel Speed
979c3e8cbc Move internal OIDC package to providers package 2022-02-19 15:37:53 +00:00
Joel Speed
d162b018a8 Move provider initialisation into providers package 2022-02-16 10:38:05 +00:00
Kevin Schu
25371ea4af improved audience handling to support client credentials access tokens without aud claims (#1204) 
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
 2022-02-15 16:12:22 +00:00
Peter Braun
e6223383e5 update keycloak oidc provider and add unit tests 2021-08-02 11:39:50 +02:00
Nick Meves
4c0beb373f Add keycloak-oidc provider based on OIDCProvider 2021-07-30 09:46:13 +02:00