Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat:Add support for Public OIDC Providers #3195

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat:Add support for Public OIDC Providers #3195

wants to merge 2 commits into from

Conversation

cameronbrunner
Copy link

Add S256 verification support to the OIDC connector.

Overview

This implementation is a concrete solution to what I reported in issue #3194. It adds a new mode to the OIDC connector allowing Dex to operated as an OAuth2 'Public Application' secured by a S256 PKCE verifier.

What this PR does / why we need it

This change increases the use cases Dex can address. With Public Application support Dex can support a configuration that has no secrets and can be reused across multiple instances of a given application.

Special notes for your reviewer

I think the biggest question regarding the PR is the cache choice and behavior.

Does this PR introduce a user-facing change?

Yes. Configuration options in the OIDC connector.

* Add new Public Application mode to the OIDC connector.  This mode can be configured by setting the connector option 'Public' to true.  Additionally 'maxConcurrentPublicConnections' option can be used to control the max number of concurrent inflight authentications.

@cameronbrunner
Issue 3194 - Add support for Public OIDC Providers
c1ca957 
Add S256 verification support to the OIDC connector.

Signed-off-by: Cameron Brunner <brunner@altair.com>
@cameronbrunner
Only allow one attempt per state
e7889c4 
Remove the cached verifier after one successful lookup.

Signed-off-by: Cameron Brunner <brunner@altair.com>
@cameronbrunner cameronbrunner mentioned this pull request Dec 5, 2023
Open
@cameronbrunner cameronbrunner changed the title Issue 3194 - Add support for Public OIDC Providers feat:Add support for Public OIDC Providers Jan 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@cameronbrunner