mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-06 04:51:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • f90b5d48de Merge branch 'token-refresh' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint Matt Moyer 2020-12-09 14:46:57 -06:00
  • 016b0e9a8e Satisfy the pedantic linter config 🙃. Matt Moyer 2020-12-09 14:41:27 -06:00
  • 51c828382f Supervisor token endpoint supports refresh grant type Ryan Richard 2020-12-09 12:12:59 -08:00
  • 02d96d731f Finish TestTokenExchange unit tests and add missing scope check. Matt Moyer 2020-12-09 13:56:53 -06:00
  • cac3a3520f Merge branch 'main' into token-refresh Ryan Richard 2020-12-09 09:58:21 -08:00
  • b04db6ad2b Fix some false positive gosec warnings. Matt Moyer 2020-12-09 10:42:37 -06:00
  • f1aff2faab Start extending TestSupervisorLogin to test the token exchange flow (WIP). Matt Moyer 2020-12-09 10:23:10 -06:00
  • b1542be7b1 In oidcclient token exchange request, pass client_id but don't bother with authorization header. Matt Moyer 2020-12-09 10:08:41 -06:00
  • 1db2ae3a45 Add more parameter validations and refactor internal/oidc/token_exchange.go. Matt Moyer 2020-12-09 10:04:58 -06:00
  • e25d090ca9 Merge branch 'main' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint Matt Moyer 2020-12-09 10:00:54 -06:00
  • 5f4348c57d Merge pull request #266 from ankeesler/fix-jwt-auth-ca-bundle Andrew Keesler 2020-12-09 10:43:33 -05:00
  • 644cb687b9 Grant the Pinniped STS scope in authorize/callback handlers. Matt Moyer 2020-12-09 09:36:45 -06:00
  • bebe25c32e Merge branch 'main' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint Matt Moyer 2020-12-09 09:25:58 -06:00
  • 4c0fb12cf6 test/integration: only set JWTAuthenticator CA bundle when it exists Andrew Keesler 2020-12-09 09:51:58 -05:00
  • 93cfd8c93a Fix prepare-for-integration-tests.sh and Tiltfile for kubectl 1.20 Andrew Keesler 2020-12-09 09:50:50 -05:00
  • 5f1bd5ec31 Update TestNullStorage_GetClient with adjusted pinniped-cli scopes. Matt Moyer 2020-12-09 09:12:32 -06:00
  • 8fcc176d8b Merge pull request #258 from ankeesler/jwt-authenticator Andrew Keesler 2020-12-09 08:21:04 -05:00
  • 6420caca94 Bring back the test that was skipped by the previous commit Ryan Richard 2020-12-08 18:25:01 -08:00
  • f84dda937b Merge branch 'token-refresh' into token-exchange-endpoint Ryan Richard 2020-12-08 18:12:12 -08:00
  • ef4ef583dc token_handler_test.go: Refactor how we specify the expected results Ryan Richard 2020-12-08 18:10:55 -08:00
  • f103c02408 Add check for grant type in tokenexchangehandler, Margo Crawford 2020-12-08 17:33:08 -08:00
  • ef3f837800 Merge remote-tracking branch 'origin/token-refresh' into token-exchange-endpoint Margo Crawford 2020-12-08 16:58:35 -08:00
  • 170982a688 refactor token_handler_test.go: easier to make more requests after initial authcode exchange Ryan Richard 2020-12-08 16:54:58 -08:00
  • a852baac75 Merge remote-tracking branch 'origin/token-refresh' into token-exchange-endpoint Margo Crawford 2020-12-08 12:55:44 -08:00
  • 381a2e749a impotent -> idempotent Andrew Keesler 2020-12-08 15:36:27 -05:00
  • 9ed5dcb031 Only create underlying jwt authenticator when spec has changed Aram Price 2020-12-08 15:14:05 -05:00
  • e0ee18a993 Always close JWTAuthenticator underlying authenticator Andrew Keesler 2020-12-08 11:08:53 -05:00
  • 0efc19a1b7 Support JWTAuthenticator in pinniped CLI Andrew Keesler 2020-12-07 20:40:20 -05:00
  • 57103e0a9f Add JWTAuthenticator controller Andrew Keesler 2020-12-07 20:39:51 -05:00
  • 946b0539d2 Add JWTAuthenticator API type Andrew Keesler 2020-12-07 20:37:43 -05:00
  • a9111f39af Merge branch 'main' into token-refresh Ryan Richard 2020-12-08 12:32:41 -08:00
  • 18d90a727e token_handler_test.go: refresh token gets deleted when authcode reused Ryan Richard 2020-12-08 12:12:55 -08:00
  • c090eb6a62 Supervisor token endpoint returns refresh tokens when requested Ryan Richard 2020-12-08 11:47:39 -08:00
  • 8f51993db2 Merge pull request #265 from vmware-tanzu/scope-constants Andrew Keesler 2020-12-08 14:32:09 -05:00
  • 8d2b8ae6b5 Use constants for scope values aram price 2020-12-08 10:46:05 -08:00
  • afbef23a51 WIP implementing TokenExchangeHandler methods Matt Moyer 2020-12-08 10:17:03 -08:00
  • e5ecaf01a0 WIP stubbing out tokenexchangehandler Margo Crawford 2020-12-07 17:28:51 -08:00
  • b7b6816531 Merge pull request #259 from mattmoyer/add-cli-request-audience Margo Crawford 2020-12-08 09:26:19 -08:00
  • bfcd2569e9 Add a --request-audience flag to the pinniped login oidc CLI command. Matt Moyer 2020-12-04 17:33:53 -06:00
  • d91baba240 authorize and callback endpoints now handle the offline_access scope Aram Price 2020-12-07 17:22:34 -08:00
  • 6a90a10123 Merge pull request #249 from vmware-tanzu/token-endpoint Ryan Richard 2020-12-07 15:08:07 -08:00
  • 12e5f94e75 Merge branch 'main' into token-endpoint Ryan Richard 2020-12-07 14:23:40 -08:00
  • e1ae48f2e4 Discovery does not return token_endpoint_auth_signing_alg_values_supported Ryan Richard 2020-12-07 14:15:31 -08:00
  • dcaf9166dc Merge pull request #261 from mattmoyer/remove-goerr113-linter Matt Moyer 2020-12-07 16:07:11 -06:00
  • 9e945d7547 Disable the goerr113 linter. Matt Moyer 2020-12-07 15:51:41 -06:00
  • 648fa4b9ba Backfill test for token endpoint error when JWK is not yet available Aram Price 2020-12-07 11:53:24 -08:00
  • e0b6133bf1 Integration tests call supervisor token endpoint and validate response Ryan Richard 2020-12-04 17:07:04 -08:00
  • ac19782405 Merge branch 'main' into token-endpoint Aram Price 2020-12-04 15:52:49 -08:00
  • 858356610c Make assertions about how many secrets were stored by fosite in tests Ryan Richard 2020-12-04 15:40:17 -08:00
  • 040ad3293a Merge pull request #255 from mattmoyer/reduce-default-cli-scopes Matt Moyer 2020-12-04 17:04:03 -06:00
  • 66270fded0 Merge pull request #257 from mattmoyer/prefactoring-for-cli-request-audience Matt Moyer 2020-12-04 17:03:38 -06:00
  • 26a8747509 Use the more specific label name of "storage.pinniped.dev/type" Aram Price 2020-12-04 14:39:11 -08:00
  • ac83633888 Add fosite kube storage for access and refresh tokens Ryan Richard 2020-12-04 14:31:06 -08:00
  • c6ead9d7dd Remove "email" and "profile" from default scopes requested by CLI. Matt Moyer 2020-12-04 11:21:30 -06:00
  • 8c3be3ffb2 Refactor UpstreamOIDCIdentityProviderI claim handling. Matt Moyer 2020-12-04 15:33:36 -06:00
  • 014d760f3d Add validated ID token claims to the oidctypes.Token structure. Matt Moyer 2020-12-04 15:15:33 -06:00
  • 8d5f4a93ed Get rid of an unnecessary comment from 58237d0e7d Andrew Keesler 2020-12-04 11:16:32 -05:00
  • 37631b41ea Don't set our TokenURL - we don't need it right now Andrew Keesler 2020-12-04 10:18:45 -05:00
  • 03806629b8 Cleanup code via TODOs accumulated during token endpoint work Andrew Keesler 2020-12-04 10:06:55 -05:00
  • 83e0934864 Add logging in dynamic OIDC ECDSA strategy Andrew Keesler 2020-12-04 09:05:39 -05:00
  • 2dc3ab1840 Merge remote-tracking branch 'upstream/main' into token-endpoint Andrew Keesler 2020-12-04 08:58:18 -05:00
  • 7b088d611d Merge pull request #252 from mattmoyer/fix-csrf-cookie-same-site Matt Moyer 2020-12-03 21:53:24 -06:00
  • f0ebd808d7 Switch CSRF cookie from Same-Site=Strict to Same-Site=Lax. Matt Moyer 2020-12-03 21:23:58 -06:00
  • 0bb2b10b3b Passing signing key through to the token endpoint Margo Crawford 2020-12-03 17:16:08 -08:00
  • fa94ebfbd1 Merge pull request #229 from vmware-tanzu/callback-endpoint Matt Moyer 2020-12-03 16:28:02 -06:00
  • c18c670765 Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-03 14:53:26 -06:00
  • f410da0ed2 Merge pull request #242 from rajat404/refactor-docs Matt Moyer 2020-12-03 14:52:51 -06:00
  • 58237d0e7d WIP: start to wire signing key into token handler Andrew Keesler 2020-12-03 15:34:58 -05:00
  • c8abc79d9b Fix this comment (and retrigger CI). Matt Moyer 2020-12-03 14:24:26 -06:00
  • 9455a66be8 This trailing dash is now taken care of by the library method. Matt Moyer 2020-12-03 13:56:24 -06:00
  • 05085d8e23 Use anonymous interface in test for Storage aram price 2020-12-03 11:26:36 -08:00
  • 8563c05baf Tweak these timeouts to be a bit faster (and retrigger CI). Matt Moyer 2020-12-03 13:22:27 -06:00
  • 67bf54a9f9 Use an interface for storage in token_handler_test.go Ryan Richard 2020-12-03 11:05:47 -08:00
  • 408fbe4f76 Parameterize the supervisor_redirect_uri in the test env Dex. Matt Moyer 2020-12-03 12:45:56 -06:00
  • cb5e494815 Dump out proxy access logs in TestSupervisorLogin. Matt Moyer 2020-12-03 11:28:48 -06:00
  • 954591d2db Add some debugging logs to our proxy client code. Matt Moyer 2020-12-03 10:25:26 -06:00
  • 2f1a67ef0d Merge remote-tracking branch 'upstream/callback-endpoint' into token-endpoint Andrew Keesler 2020-12-03 11:14:37 -05:00
  • d7b1ab8e43 Try to capture more logs from the TestSupervisorLogin test. Matt Moyer 2020-12-03 09:35:28 -06:00
  • 1d44a0cdfa Add a small integration test library to dump pod logs on test failures. Matt Moyer 2020-12-03 09:34:46 -06:00
  • 1fa41c4d0a Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-03 08:50:31 -06:00
  • 0deb7cc09a Merge pull request #250 from mattmoyer/fix-ipv6-test-regression Matt Moyer 2020-12-03 08:48:57 -06:00
  • fe2e2bdff1 Our ID token signing algorithm is ES256, not RS256 Andrew Keesler 2020-12-03 07:46:07 -05:00
  • 95093ab0af Use kube storage for the supervisor callback endpoint's fosite sessions Ryan Richard 2020-12-02 17:39:45 -08:00
  • 1dd7c82af6 Added id token verification Margo Crawford 2020-12-02 16:55:48 -08:00
  • 64ef53402d In TestSupervisorLogin, wrap the discovery request in an Eventually(). Matt Moyer 2020-12-02 18:07:52 -06:00
  • 37c5e121c4 Fix a test issue with IPv6 localhost interfaces. Matt Moyer 2020-12-02 17:49:21 -06:00
  • 879525faac Clean up the browsertest package a bit. Matt Moyer 2020-12-02 17:20:24 -06:00
  • 6ed9107df0 Remove a couple of todos that will be resolved in Slack conversations Ryan Richard 2020-12-02 14:20:03 -08:00
  • c320132289 Back-fill some more unit tests on authorizationcode_test.go Ryan Richard 2020-12-02 14:10:41 -08:00
  • ae9bdc1d61 Fix a lint warning by simplifying this append operation. Matt Moyer 2020-12-02 16:11:22 -06:00
  • c0f13ef4ac Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-02 16:09:08 -06:00
  • f40144e1a9 Update TestSupervisorLogin to test the callback flow using a browser. Matt Moyer 2020-12-02 15:50:42 -06:00
  • 0ccf14801e Expose the MaskTokens function so other test code can use it. Matt Moyer 2020-12-02 15:43:17 -06:00
  • 273ac62ec2 Extend the test client helpers in ./test/library/client.go. Matt Moyer 2020-12-02 15:32:54 -06:00
  • 545c26e5fe Refactor browser-related test functions to a ./test/library/browsertest package. Matt Moyer 2020-12-02 15:29:54 -06:00
  • 22953cdb78 Add a CA.Pool() method to ./internal/certauthority. Matt Moyer 2020-12-02 14:33:07 -06:00
  • fe0481c304 In integration test env, deploy a ClusterIP service and register that with Dex. Matt Moyer 2020-12-02 10:47:01 -06:00
  • fde56164cd Add a redirectURI parameter to ExchangeAuthcodeAndValidateTokens() method. Matt Moyer 2020-12-02 10:36:07 -06:00
  • 4fe691de92 Save an http.Client with each upstreamoidc.ProviderConfig object. Matt Moyer 2020-12-02 10:27:20 -06:00
  • c23c54f500 Add an explicit Path=/; to our CSRF cookie, per the spec. Matt Moyer 2020-12-01 17:01:22 -06:00