go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-03-27 22:01:28 +02:00
Code Issues Releases Activity
1,515 Commits 28 Branches 37 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
Nick Meves
7eeaea0b3f
Support nonce checks in OIDC Provider (#967) 
* Set and verify a nonce with OIDC

* Create a CSRF object to manage nonces & cookies

* Add missing generic cookie unit tests

* Add config flag to control OIDC SkipNonce

* Send hashed nonces in authentication requests

* Encrypt the CSRF cookie

* Add clarity to naming & add more helper methods

* Make CSRF an interface and keep underlying nonces private

* Add ReverseProxy scope to cookie tests

* Align to new 1.16 SameSite cookie default

* Perform SecretBytes conversion on CSRF cookie crypto

* Make state encoding signatures consistent

* Mock time in CSRF struct via Clock

* Improve InsecureSkipNonce docstring
 2021-04-21 10:33:27 +01:00
Nick Meves
57a8ef06b4
Fix method renaming in comments and tests 2020-11-28 10:25:12 -08:00
Nick Meves
e9f787957e
Standardize provider interface method names 2020-11-28 10:25:11 -08:00
Nick Meves
eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
Nick Meves
2b9e1bbba0
Add EnrichSessionState as main post-Redeem session updater 2020-10-19 14:09:45 -07:00
Mitsuo Heijo
3fa42edb73
Fix import path for v7 (#800) 
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-09-29 17:44:42 +01:00
Joel Speed
eb234011eb
Integrate sessions middlewares 2020-07-19 17:24:12 +01:00
Nick Meves
a3eef1709a
Improve default CreateSessionStateFromBearerToken tests 2020-06-19 11:48:23 -07:00
Nick Meves
c2c1caa404
Set User = Subject in ExtraJWTBearer sessions 2020-06-19 11:48:23 -07:00
Nick Meves
788d8ecc1b
Verify main v extra JWT bearers differently 
When using the configured provider JWT Verifier, it makes
sense to use the provider `CreateSessionStateFromBearerToken`
method. For any extra JWT Issuers, they should use a generic
default verifier.
 2020-06-19 11:47:36 -07:00
Scott Guymer
3aeca4368c
ACR values should not be automatically added when blank (#598) 
* ACR values should not be automatically added when blank

* Added changelog
 2020-06-02 18:17:27 +01:00
Joel Speed
f7b28cb1d3
Improvements to Session State code (#536) 
* Drop SessionStateJSON wrapper
* Use EncrpytInto/DecryptInto to reduce sessionstate

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-30 08:53:38 +01:00
Mitsuo Heijo
e642daef4e Support context in providers (#519) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-10 13:34:59 +01:00
Joel Speed
802754caad
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
Joel Speed
2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
Tanvir Alam
8a77cfcac3 Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert 2017-10-23 12:24:17 -04:00
Jehiah Czebotar
d49c3e167f SessionState refactoring; improve token renewal and cookie refresh 
* New SessionState to consolidate email, access token and refresh token
* split ServeHttp into individual methods
* log on session renewal
* log on access token refresh
* refactor cookie encription/decription and session state serialization
 2015-07-02 23:09:11 -04:00