go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-24 08:52:25 +02:00
Code Issues Releases Activity
1,679 Commits 27 Branches 34 Tags 79 MiB
c3158ebc48
Commit Graph

1679 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joel Speed
c3158ebc48
Ensure required PKCE information is exposed from provider 2022-02-19 15:38:33 +00:00
Joel Speed
474a3b049e
Add changelog entry for new ProviderVerifier code 2022-02-19 15:38:30 +00:00
Joel Speed
82710a7ac1
Fix other packages that rely on verifiers 2022-02-19 15:37:58 +00:00
Joel Speed
1f992b3f87
Integrate new provider verifier into providers 2022-02-19 15:37:57 +00:00
Joel Speed
e3678aaaff
Add ProviderVerifier to providers/oidc 2022-02-19 15:37:56 +00:00
Joel Speed
3bb9621f5d
Add DiscoveryProvider to perform OIDC discovery 2022-02-19 15:37:55 +00:00
Joel Speed
ed3892296e
Move OIDC IDToken verifier behind interface 2022-02-19 15:37:54 +00:00
Joel Speed
979c3e8cbc
Move internal OIDC package to providers package 2022-02-19 15:37:53 +00:00
Joel Speed
1578d90d0b
Merge pull request #1563 from oauth2-proxy/fix-profile-url 
Ensure claim extractor does not attempt profile call when URL is empty
 2022-02-19 15:37:18 +00:00
Joel Speed
25ef843115
Ensure claim extractor does not attempt profile call when URL is empty 2022-02-19 15:33:30 +00:00
Joel Speed
07aba7db09
Tidy go mod file 2022-02-19 15:32:04 +00:00
Joel Speed
74e2f5069c
Merge pull request #1561 from mgiessing/mgiessing-patch-1 
Add ppc64le support
 2022-02-19 15:20:53 +00:00
mgiessing
515d0f255e
Update CHANGELOG.md 
Add ppc64le support
 2022-02-18 14:20:25 +01:00
mgiessing
873ce3f1c3
Update README.md 
Add ppc64le support
 2022-02-17 23:19:26 +01:00
mgiessing
ac3b36f57a
Update Makefile 2022-02-17 23:08:53 +01:00
mgiessing
e4c32df61e
Update dist.sh 
Add ppc64le support
 2022-02-17 22:59:11 +01:00
mgiessing
24c826c883
Update Makefile 
Add ppc64le support
 2022-02-17 22:57:54 +01:00
mgiessing
f9fb530c11
Update Dockerfile 
Add ppc64le support
 2022-02-17 22:55:57 +01:00
Joel Speed
263a5df820
Merge pull request #1286 from instadeepai/allowed_email_domains-on-auth_request-endpoint 
Add allowed_email_domains on auth_request endpoint
 2022-02-17 17:10:43 +00:00
Joel Speed
ceda5329eb
Merge pull request #1560 from oauth2-proxy/fix-provider-initialisation 
Fix provider data initialisation
 2022-02-17 09:56:00 +00:00
Joel Speed
4eb2a35aa8
Fix provider data initialisation 2022-02-16 16:53:43 +00:00
Joel Speed
f6aa7600ea
Merge pull request #1555 from oauth2-proxy/provider-options 
Refactor provider configuration into providers package
 2022-02-16 11:50:39 +00:00
Joel Speed
eda5eb9243
Add changelog entry for provider refactor 2022-02-16 11:46:32 +00:00
Joel Speed
0791aef8cc
Integrate new provider constructor in main 2022-02-16 10:38:07 +00:00
Joel Speed
2e15f57b70
Remove provider configuration from validation package 2022-02-16 10:38:06 +00:00
Joel Speed
d162b018a8
Move provider initialisation into providers package 2022-02-16 10:38:05 +00:00
Joel Speed
95dd2745c7
Remove options dependency on providers package 2022-02-16 10:38:04 +00:00
Joel Speed
9832844c8a
Merge pull request #1394 from oauth2-proxy/claim-extractor 
Add generic claim extractor to get claims from ID Tokens
 2022-02-16 10:37:20 +00:00
Joel Speed
edb1bc1a11
Add changelog entry for generic claim extractor 2022-02-16 10:31:30 +00:00
Joel Speed
967051314e
Integrate claim extractor into providers 2022-02-16 10:28:33 +00:00
Joel Speed
537e596904
Add claim extractor provider util 2022-02-16 10:28:32 +00:00
Joel Speed
44dc3cad77
Merge pull request #1468 from oauth2-proxy/session-refresh-using-lock 
Implement session locking with session state lock
 2022-02-16 10:23:34 +00:00
Joel Speed
da92648e54
Add changelog entry for session locking 2022-02-16 10:16:14 +00:00
Joel Speed
54d42c5829
Implement refresh relying on obtaining lock 2022-02-16 10:16:13 +00:00
Kevin Kreitner
e2c7ff6ddd
Use session to lock to protect concurrent refreshes 2022-02-16 10:16:12 +00:00
Michael Hienle
dc5d2a5cd7
Fix table (#1556) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2022-02-15 16:39:16 +00:00
Kevin Schu
25371ea4af
improved audience handling to support client credentials access tokens without aud claims (#1204) 
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
 2022-02-15 16:12:22 +00:00
Valentin Pichard
2b4c8a9846 Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain. 
Signed-off-by: Valentin Pichard <github@w3st.fr>
 2022-02-14 18:03:20 +01:00
Joel Speed
c5a98c6d03
Merge pull request #1550 from mhienle/patch-1 
Fix broken link
 2022-02-11 10:17:45 +00:00
Michael Hienle
590b7a612e Fix broken link 2022-02-11 10:28:30 +01:00
Joel Speed
ad4f7bcb0e
Merge pull request #1545 from andytson/feature/qs-allowed-groups-bypass 
Fix issue with query string allowed group panic on skip methods
 2022-02-10 14:08:45 +00:00
Andy Thompson
05ebaf5158 Update changelog 2022-02-10 12:40:42 +00:00
Andy Thompson
c1b01b5bc0 Fix issue with query string allowed group panic on skip methods 2022-02-10 12:39:32 +00:00
Joel Speed
433b93d08a
Merge pull request #1474 from polarctos/feature/tls-min-version-options 
Add option to specify the tls.Config.MinVersion for the server to be able to restrict it to TLS 1.3
 2022-02-09 19:29:53 +00:00
polarctos
cbbecb81bd Add changelog entry for tls-min-version 2022-02-09 20:20:03 +01:00
polarctos
e03cf87dd8 Add option to specify the tls-min-version for the server 2022-02-09 20:19:01 +01:00
Preston Sheldon
11699a822a
Add ValidateSession function to LoginGovProvder to include Auth Header (#1509) 
* Add ValidateSession function to LoginGovProvder to include Auth Header

* Update CHANGELOG for PR 1509

* Update logingov_test to include ValidationURL
 2022-02-04 09:22:33 +00:00
Joel Speed
88709d8b69
Merge pull request #1489 from oauth2-proxy/fix-docker-push 
Fix Docker Buildx push to include build version
 2022-02-03 21:56:43 +00:00
Joel Speed
bd0c4a3296
Fix Docker Buildx push to include build version 2022-02-03 19:23:22 +00:00
ThomasKalten
4f5efd4074
Update auth.md (#1518) 2022-01-18 13:54:52 +00:00