New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump github.com/golang/protobuf from 1.3.2 to 1.5.1 #17
build(deps): bump github.com/golang/protobuf from 1.3.2 to 1.5.1 #17
Commits on Mar 12, 2021
-
Add new connector for Cloudfoundry
- Verifies user is part of orgs and spaces for group claims Signed-off-by: Joshua Winters <jwinters@pivotal.io> Co-authored-by: Shash Reddy <sreddy@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
update cf connector to use 'authorization_endpoint' from /v2/info
Co-authored-by: Topher Bullock <tbullock@pivotal.io> Signed-off-by: Josh Winters <jwinters@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
Added support for CF resources pagination
Signed-off-by: Daniel Lavoie <dlavoie@live.ca>
-
Signed-off-by: Joshua Winters <jwinters@pivotal.io> Co-authored-by: Rui Yang <ryang@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
cf: add org guid to groups claims
Co-authored-by: Rui Yang <ryang@pivotal.io> Signed-off-by: Joshua Winters <jwinters@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
add unit test and api call to
audited_spaces
andmanaged_spaces
Signed-off-by: Zoe Tian <ztian@pivotal.io> Co-authored-by: Ciro S. Costa <cscosta@pivotal.io> Signed-off-by: w3tian <w3tian@uwaterloo.ca>
2 people authored and CI Bot committedMar 12, 2021 -
Signed-off-by: Rui Yang <ryang@pivotal.io> Co-authored-by: Joshua Winters <jwinters@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
add cf org:space:role group claim to token
Signed-off-by: Joshua Winters <jwinters@pivotal.io> Co-authored-by: Rui Yang <ryang@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
gofumpt-ed Signed-off-by: Rui Yang <ryang@pivotal.io>
Rui Yang authored and CI Bot committedMar 12, 2021 -
Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang authored and CI Bot committedMar 12, 2021 -
use bcrypt when comparing client secrets
- this assumes that the client is already bcrytped when passed to dex. Similar to user passwords. Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
2 people authored and CI Bot committedMar 12, 2021 -
add dex config flag for enabling client secret encryption
* if enabled, it will make sure client secret is bcrypted correctly * if not, it falls back to old behaviour that allowing empty client secret and comparing plain text, though now it will do ConstantTimeCompare to avoid a timing attack. So in either way it should provide more secure of client secret verification. Co-authored-by: Alex Surraci <suraci.alex@gmail.com> Signed-off-by: Rui Yang <ruiya@vmware.com>
Commits on Mar 15, 2021
-
Co-authored-by: Shash Reddy <sreddy@pivotal.io> Signed-off-by: Joshua Winters <jwinters@pivotal.io>
2 people authored and Rui Yang committedMar 15, 2021 -
Make oauth user name and user id configurable
Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Mark Huang <mhuang@pivotal.io>
-
Signed-off-by: Rui Yang <ryang@pivotal.io>
Rui Yang authored and Rui Yang committedMar 15, 2021 -
Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang committedMar 15, 2021 -
add configurable preferred_username key
Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang committedMar 15, 2021 -
Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang committedMar 15, 2021 -
use claim mappings when retrieving user identity
Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang committedMar 15, 2021 -
readme minor fix for oauth connector
Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang committedMar 15, 2021
Commits on Mar 16, 2021
-
move oauth connector doc to dex website repo
move default key values configure to connector construct function Signed-off-by: Rui Yang <ruiya@vmware.com>
Rui Yang committedMar 16, 2021 -
Add support for client_credentials grant type
Co-authored-by: Rui Yang <ruiya@vmware.com> Signed-off-by: Josh Winters <jwinters@pivotal.io>
Josh Winters and Rui Yang committedMar 16, 2021 -
Use http.FileSystem for web assets
Signed-off-by: Rui Yang <ryang@pivotal.io> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
Rui Yang and Aidan Oldershaw committedMar 16, 2021 -
use web host url for asset hosting
Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2 people authored and Rui Yang committedMar 16, 2021 -
use pkger for embedding static contents
Co-authored-by: Vikram Yadav <vyadav@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>
2 people authored and Rui Yang committedMar 16, 2021 -
Unify the interface for reading web statics. Now it could read an OS directory or get the content on live One could use //go:embed static var webFiles embed.FS anywhere and config dex server to take the file system by setting WebConfig{WebFS: webFiles} Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2 people authored and Rui Yang committedMar 16, 2021 -
default to ./web when Dir and WebFS are not set
update WebFS doc Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2 people authored and Rui Yang committedMar 16, 2021 -
allow configuring CAs/skip verify for OIDC
Co-authored-by: Rui Yang <ruiya@vmware.com> Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
-
Merge remote-tracking branch 'origin/pr/add-oauth-connector-sync'
CI Bot committedMar 16, 2021 -
Merge remote-tracking branch 'origin/pr/bcrypt-for-client-secret-sync'
CI Bot committedMar 16, 2021 -
Merge remote-tracking branch 'origin/pr/client-credentials-grant-sync'
CI Bot committedMar 16, 2021 -
Merge remote-tracking branch 'origin/pr/http-filesystem'
CI Bot committedMar 16, 2021 -
Merge remote-tracking branch 'origin/pr/oidc-CA-configure-sync'
CI Bot committedMar 16, 2021 -
The official docker release for this release can be pulled from ``` ghcr.io/dexidp/dex:v2.28.0 ``` **Features:** - Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow (dexidp#1773, @HEllRZA) - Allow configuration of returned auth proxy header (dexidp#1839, @seuf) - Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false (dexidp#1902, @heidemn-faro) - Added the possibility to activate lowercase for UPN-Strings (dexidp#1888, @VF-mbrauer) - Add "Cache-control: no-store" and "Pragma: no-cache" headers to token responses (dexidp#1948, @nabokihms) - Add gomplate to the docker image (dexidp#1893, @nabokihms) - Graceful shutdown (dexidp#1963, @nabokihms) - Allow public clients created with API to have no client_secret (dexidp#1871, @spohner) **Bugfixes:** - Fix the etcd PKCE AuthCode deserialization (dexidp#1908, @bnu0) - Fix garbage collection logging of device codes and device request (dexidp#1918, @nabokihms) - Discovery endpoint contains updated claims and auth methods (dexidp#1951, @nabokihms) - Return invalid_grant error if auth code is invalid or expired (dexidp#1952, @nabokihms) - Return an error to auth requests with the "request" parameter (dexidp#1956, @nabokihms) **Minor changes:** - Change default themes to light/dark (dexidp#1858, @nabokihms) - Various developer experience improvements - Dependency upgrades - Tons of small fixes and changes
CI Bot committedMar 16, 2021
Commits on Mar 18, 2021
-
build(deps): bump github.com/golang/protobuf from 1.3.2 to 1.5.1
Bumps [github.com/golang/protobuf](https://github.com/golang/protobuf) from 1.3.2 to 1.5.1. - [Release notes](https://github.com/golang/protobuf/releases) - [Commits](golang/protobuf@v1.3.2...v1.5.1) Signed-off-by: dependabot[bot] <support@github.com>