ceda5329eb
Merge pull request #1560 from oauth2-proxy/fix-provider-initialisation
...
Fix provider data initialisation
2022-02-17 09:56:00 +00:00
4eb2a35aa8
Fix provider data initialisation
2022-02-16 16:53:43 +00:00
f6aa7600ea
Merge pull request #1555 from oauth2-proxy/provider-options
...
Refactor provider configuration into providers package
2022-02-16 11:50:39 +00:00
eda5eb9243
Add changelog entry for provider refactor
2022-02-16 11:46:32 +00:00
0791aef8cc
Integrate new provider constructor in main
2022-02-16 10:38:07 +00:00
2e15f57b70
Remove provider configuration from validation package
2022-02-16 10:38:06 +00:00
d162b018a8
Move provider initialisation into providers package
2022-02-16 10:38:05 +00:00
95dd2745c7
Remove options dependency on providers package
2022-02-16 10:38:04 +00:00
9832844c8a
Merge pull request #1394 from oauth2-proxy/claim-extractor
...
Add generic claim extractor to get claims from ID Tokens
2022-02-16 10:37:20 +00:00
edb1bc1a11
Add changelog entry for generic claim extractor
2022-02-16 10:31:30 +00:00
967051314e
Integrate claim extractor into providers
2022-02-16 10:28:33 +00:00
537e596904
Add claim extractor provider util
2022-02-16 10:28:32 +00:00
44dc3cad77
Merge pull request #1468 from oauth2-proxy/session-refresh-using-lock
...
Implement session locking with session state lock
2022-02-16 10:23:34 +00:00
da92648e54
Add changelog entry for session locking
2022-02-16 10:16:14 +00:00
54d42c5829
Implement refresh relying on obtaining lock
2022-02-16 10:16:13 +00:00
e2c7ff6ddd
Use session to lock to protect concurrent refreshes
2022-02-16 10:16:12 +00:00
dc5d2a5cd7
Fix table ( #1556 )
...
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk >
2022-02-15 16:39:16 +00:00
25371ea4af
improved audience handling to support client credentials access tokens without aud claims ( #1204 )
...
* implementation draft
* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options
* refactor configs, added logging and add additional claim verification
* simplify logic by just having one configuration similar to oidc-email-claim
* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers
* refactored verification to reduce complexity
* refactored verification to reduce complexity
* added docs
* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options
* extend unit tests and ensure that audience is set with the value of aud claim configuration
* revert filemodes and update docs
* update docs
* remove unneccesary logging, refactor audience existence check and added additional unit tests
* fix linting issues after rebase on origin/main
* cleanup: use new imports for migrated libraries after rebase on origin/main
* adapt mock in keycloak_oidc_test.go
* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation
* fixed formatting issue
* do not pass the whole options struct to minimize complexity and dependency to the configuration structure
* added changelog entry
* update docs
Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com >
Co-authored-by: Christian Zenker <christian.zenker@aoe.com >
2022-02-15 16:12:22 +00:00
2b4c8a9846
Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain.
...
Signed-off-by: Valentin Pichard <github@w3st.fr >
2022-02-14 18:03:20 +01:00
c5a98c6d03
Merge pull request #1550 from mhienle/patch-1
...
Fix broken link
2022-02-11 10:17:45 +00:00
590b7a612e
Fix broken link
2022-02-11 10:28:30 +01:00
ad4f7bcb0e
Merge pull request #1545 from andytson/feature/qs-allowed-groups-bypass
...
Fix issue with query string allowed group panic on skip methods
2022-02-10 14:08:45 +00:00
05ebaf5158
Update changelog
2022-02-10 12:40:42 +00:00
c1b01b5bc0
Fix issue with query string allowed group panic on skip methods
2022-02-10 12:39:32 +00:00
433b93d08a
Merge pull request #1474 from polarctos/feature/tls-min-version-options
...
Add option to specify the tls.Config.MinVersion for the server to be able to restrict it to TLS 1.3
2022-02-09 19:29:53 +00:00
cbbecb81bd
Add changelog entry for tls-min-version
2022-02-09 20:20:03 +01:00
e03cf87dd8
Add option to specify the tls-min-version for the server
2022-02-09 20:19:01 +01:00
11699a822a
Add ValidateSession function to LoginGovProvder to include Auth Header ( #1509 )
...
* Add ValidateSession function to LoginGovProvder to include Auth Header
* Update CHANGELOG for PR 1509
* Update logingov_test to include ValidationURL
2022-02-04 09:22:33 +00:00
88709d8b69
Merge pull request #1489 from oauth2-proxy/fix-docker-push
...
Fix Docker Buildx push to include build version
2022-02-03 21:56:43 +00:00
bd0c4a3296
Fix Docker Buildx push to include build version
2022-02-03 19:23:22 +00:00
4f5efd4074
Update auth.md ( #1518 )
2022-01-18 13:54:52 +00:00
92c4ca9c58
Update auth.md ( #1519 )
2022-01-18 13:54:35 +00:00
dede6fd531
Fixing a typo, pointing to correct compose file ( #1493 )
...
Fixing a typo for the docker-compose-alpha-config.yaml
2021-12-29 19:50:36 +00:00
0e10fb8967
Remove the information about Microsoft Azure AD in the provider documentation ( #1477 )
...
* Remove the information about `Microsoft Azure AD`
* Put `proxy_buffer_size` in a code tag
* Update `CHANGELOG.md`
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk >
2021-12-23 17:24:31 +00:00
576184924d
Merge pull request #1481 from oauth2-proxy/release-v7.2.1
...
Prepare changelog for release v7.2.1
2021-12-22 17:09:59 +00:00
5515918436
Prepare changelog for release v7.2.1
2021-12-18 12:59:55 +00:00
95839a2896
Merge pull request #1479 from polarctos/feature/go-1.17
...
Update go version to 1.17
2021-12-18 12:34:40 +00:00
7eaf98b5fe
Update go version to 1.17
...
This includes the change to the pruned module graph with the converted go.mod for Go 1.17
https://go.dev/doc/go1.17#go-command
2021-12-17 16:51:13 +01:00
c278e0aa4e
Merge pull request #1471 from AlexanderBabel/feature/update-aline
...
[Security] Update alpine to 3.15
2021-12-14 19:19:09 +00:00
8a951b2b4a
doc: update changelog
2021-12-14 02:21:28 +01:00
a654c9ec24
fix(Dockerfile): bump alpine to 3.15
2021-12-14 02:09:59 +01:00
5933000b86
Merge pull request #1247 from oauth2-proxy/adfs-default-claims
...
Use `upn` as EmailClaim throughout ADFSProvider
2021-12-06 14:24:41 +00:00
0fa8fca276
Update ADFS to new jwt lib
2021-12-01 19:16:42 -08:00
bdfca925a3
Handle UPN fallback when profileURL isn't set
2021-12-01 19:08:15 -08:00
1621ea3bba
ADFS supports IDToken nonce, use it
2021-12-01 19:08:15 -08:00
4980f6af7d
Use upn claim as a fallback in Enrich & Refresh
...
Only when `email` claim is missing, fallback to `upn` claim which may have it.
2021-12-01 19:08:10 -08:00
a53198725e
Use upn as EmailClaim throughout ADFSProvider
...
By only overriding in the EnrichSession, any Refresh calls
would've overriden it with the `email` claim.
2021-12-01 19:06:02 -08:00
1b335a056d
Merge pull request #1447 from oauth2-proxy/docker-fixes
...
Fix docker build/push issues found during last release
2021-11-24 17:31:20 +00:00
ceb015ee22
Update changelog for docker fixes
2021-11-24 17:20:25 +00:00
8dea8134eb
Drop old makefiles in favour of buildx
2021-11-24 17:20:23 +00:00
