- 23 Jan, 2017 2 commits
-
-
Eric Chiang authored
Update kubernetes.md - correct typo
-
Andrew Johnstone authored
-
- 17 Jan, 2017 3 commits
-
-
rithu leena john authored
Documentation: add docs on patch release process.
-
rithu john authored
-
rithu leena john authored
Allow CORS on keys and token endpoints
-
- 14 Jan, 2017 1 commit
-
-
Simon HEGE authored
-
- 13 Jan, 2017 2 commits
-
-
Eric Chiang authored
server: add at_hash claim support
-
Eric Chiang authored
The "at_hash" claim, which provides hash verification for the "access_token," is a required claim for implicit and hybrid flow requests. Previously we did not include it (against spec). This PR implements the "at_hash" logic and adds the claim to all responses. As a cleanup, it also moves some JOSE signing logic out of the storage package and into the server package. For details see: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
-
- 11 Jan, 2017 9 commits
-
-
Eric Chiang authored
Removed extra o typo
-
y2kenny authored
-
Eric Chiang authored
*: update refresh tokens instead of deleting and creating another
-
Eric Chiang authored
-
Eric Chiang authored
-
Eric Chiang authored
The server implements a strategy called "Refresh Token Rotation" to ensure refresh tokens can only be claimed once. ref: https://tools.ietf.org/html/rfc6819#section-5.2.2.3 Previously "refresh_token" values in token responses where just the ID of the internal refresh object. To implement rotation, when a client redeemed a refresh token, the object would be deleted, a new one created, and the new ID returned as the new "refresh_token". However, this means there was no consistent ID for refresh tokens internally, making things like foreign keys very hard to implement. This is problematic for revocation features like showing all the refresh tokens a user or client has out. This PR updates the "refresh_token" to be an encoded protobuf message, which holds the internal ID and a nonce. When a refresh token is used, the nonce is updated to prevent reuse, but the ID remains the same. Additionally it adds the timestamp of each token's last use.
-
Eric Chiang authored
-
Eric Chiang authored
server: fixes for the implicit and hybrid flow
-
Eric Chiang authored
Accept the following response_type for the implicit flow: id_token token id_token And the following for hybrid flow code id_token code token code token id_token This corrects the previous behavior of the implicit flow, which only accepted "token" (now correctly rejected).
-
- 10 Jan, 2017 5 commits
-
-
Eric Chiang authored
Add an experimental SAML connector
-
Eric Chiang authored
-
Eric Chiang authored
-
Eric Chiang authored
-
Eric Chiang authored
-
- 09 Jan, 2017 2 commits
-
-
Eric Chiang authored
storage: Add ConnectorData to storage RefreshToken.
-
rithu john authored
-
- 08 Jan, 2017 3 commits
-
-
Eric Chiang authored
Allow CORS on discovery endpoint
-
Simon HEGE authored
-
Simon HEGE authored
-
- 07 Jan, 2017 1 commit
-
-
rithu leena john authored
Bump go-oidc package
-
- 06 Jan, 2017 2 commits
-
-
rithu john authored
-
rithu john authored
-
- 28 Dec, 2016 1 commit
-
-
rithu leena john authored
connector/ldap: enable groupSearch to be empty
-
- 27 Dec, 2016 1 commit
-
-
rithu john authored
-
- 22 Dec, 2016 5 commits
-
-
rithu leena john authored
*: add 'make revendor' and tests to catch incorrect glide usage
-
Eric Chiang authored
-
Eric Chiang authored
Introducing glide-vc caused us to unknowingly removed our Go protobuf compiler (since it's a main). Add flags to glide-vc usage to remedy this. Since we now require several glide and glide-vc flags, add a Makfile target and tests to catch when PRs don't use the correct flags.
-
Eric Chiang authored
build fails
-
Sandor Szuecs authored
-
- 20 Dec, 2016 2 commits
-
-
Eric Chiang authored
replace bcrypt hash with a working one
-
h0me authored
replace bcrypt hash with an appropriate value for the string "password"
-
- 17 Dec, 2016 1 commit
-
-
rithu leena john authored
server: use UTC timestamps in dex.
-