mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-06 04:51:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 9419b7392d WIP: start to validate ID token returned from token endpoint Margo Crawford 2020-12-02 16:26:47 -05:00
  • 09e6c86c46 token_handler.go: complete some TODOs and strengthen double auth code test Andrew Keesler 2020-12-02 15:14:01 -05:00
  • 7e78c9322c Remove duplicate documentation images from the repo and change all links to point to the Hugo site Rajat Goyal 2020-12-02 23:57:34 +05:30
  • 31810a97e1 Remove duplicate docs from the repo and change all links to point to the Hugo site Rajat Goyal 2020-11-22 20:14:02 +05:30
  • 8e4c85d816 WIP: get linting and unit tests passing after token endpoint first draft Andrew Keesler 2020-12-02 11:16:02 -05:00
  • 970be58847 token_handler.go: first draft of token handler, with a bunch of TODOs Andrew Keesler 2020-12-01 16:25:12 -05:00
  • d60c184424 Add pkce and openidconnect storage Margo Crawford 2020-12-01 17:18:32 -08:00
  • f38c150f6a Finished tests for pkce storage and added it to kubestorage Ryan Richard 2020-12-01 14:53:22 -08:00
  • c8eaa3f383 WIP towards using k8s fosite storage in the supervisor's callback endpoint Margo Crawford 2020-12-01 11:01:23 -08:00
  • be8f11fe5a Merge pull request #246 from mattmoyer/build-on-go-1.14 Matt Moyer 2020-11-30 17:38:19 -06:00
  • b272b3f331 Refactor oidcclient.Login to use new upstreamoidc package. Matt Moyer 2020-11-30 17:14:57 -06:00
  • 4b60c922ef Add generated mock of UpstreamOIDCIdentityProviderI. Matt Moyer 2020-11-30 17:09:01 -06:00
  • 25ee99f93a Add ValidateToken method to UpstreamOIDCIdentityProviderI interface. Matt Moyer 2020-11-30 17:08:27 -06:00
  • d32583dd7f Move OIDC Token structs into a new oidctypes package. Matt Moyer 2020-11-30 17:02:03 -06:00
  • d64acbb5a9 Add upstreamoidc.ProviderConfig type implementing provider.UpstreamOIDCIdentityProviderI. Matt Moyer 2020-11-30 14:54:11 -06:00
  • 24c4bc0dd4 Tweak some stdlib usage so we compile under Go 1.14. Matt Moyer 2020-11-24 13:38:28 -06:00
  • 58a3e35c51 Revert "test/integration: skip TestSupervisorLogin until new callback logic is on main" Andrew Keesler 2020-11-30 11:07:25 -05:00
  • 25bbd28527 Merge remote-tracking branch 'upstream/main' into callback-endpoint Andrew Keesler 2020-11-30 11:06:20 -05:00
  • 385d2db445 Merge pull request #245 from ankeesler/fix-supervisor-login-test Andrew Keesler 2020-11-30 11:05:43 -05:00
  • eae6d355f8 test/integration: skip TestSupervisorLogin until new callback logic is on main Andrew Keesler 2020-11-30 10:01:31 -05:00
  • 5be46d0bb7 test/integration: get downstream issuer path from upstream redirect Andrew Keesler 2020-11-30 09:58:08 -05:00
  • 5b04192945 Run TestSupervisorLogin only on valid HTTP/HTTPS supervisor addresses Andrew Keesler 2020-11-30 09:23:12 -05:00
  • e6b6c0e3ab Merge branch 'main' into callback-endpoint Ryan Richard 2020-11-20 15:50:26 -08:00
  • dfb6544171 Merge pull request #238 from jknostman3/patch-1 Matt Moyer 2020-11-20 17:15:26 -06:00
  • 3596610f40 Merge pull request #239 from enj/enj/f/fosite_defaults Matt Moyer 2020-11-20 17:14:05 -06:00
  • ccddeb4cda Merge branch 'main' into callback-endpoint Ryan Richard 2020-11-20 15:13:25 -08:00
  • d39cc08b66 Set defaults for fosite config Monis Khan 2020-11-20 15:45:29 -05:00
  • c4ff1ca304 auth_handler.go: Ignore invalid CSRF cookies rather than return error Ryan Richard 2020-11-20 13:56:35 -08:00
  • b21f0035d7 callback_handler.go: Get upstream name from state instead of path Andrew Keesler 2020-11-20 13:33:08 -08:00
  • ad9439eef2 Merge pull request #207 from vmware-tanzu/dependabot/docker/golang-1.15.5 Matt Moyer 2020-11-20 15:18:23 -06:00
  • 72321fc106 Use /callback (without IDP name) path for callback endpoint (part 1) Ryan Richard 2020-11-20 16:14:45 -05:00
  • 541019eb98 callback_handler.go: simplify stored ID token claims Andrew Keesler 2020-11-20 15:36:51 -05:00
  • 15bffc6b16 Update site demo to use pinniped-concierge namespace Jake Knostman 2020-11-20 12:31:23 -08:00
  • 901242c1e1 Bump golang from 1.15.3 to 1.15.5 dependabot[bot] 2020-11-20 20:19:51 +00:00
  • fd0e0bb4c9 Merge pull request #234 from rajat404/main Matt Moyer 2020-11-20 13:29:35 -06:00
  • 53bece2186 Avoid printing the error message twice from client Rajat Goyal 2020-11-20 23:49:52 +05:30
  • 1a881e4f2b Merge pull request #232 from mattmoyer/adjust-test-environment-upstream-clients Matt Moyer 2020-11-20 09:46:04 -06:00
  • 488d1b663a internal/oidc/provider/manager: route to callback endpoint Andrew Keesler 2020-11-20 10:42:43 -05:00
  • 8f5d1709a1 callback_handler.go: assert behavior about PKCE and IDSession storage Andrew Keesler 2020-11-20 09:41:49 -05:00
  • bc700d58ae Split test environment variables so there's a specific supervisor upstream client. Matt Moyer 2020-11-19 15:05:31 -06:00
  • f8d76066c5 callback_handler.go: assert nonce is stored correctly Andrew Keesler 2020-11-20 08:38:23 -05:00
  • b8fb37b9f6 Merge pull request #233 from enj/enj/i/tmp_disable_max_flight Mo Khan 2020-11-19 22:51:03 -05:00
  • 4a28d1f800 Temporarily disable max inflight checks for mutating requests Monis Khan 2020-11-19 21:21:10 -05:00
  • b25696a1fb callback_handler.go: Prepend iss to sub when making default username Andrew Keesler 2020-11-19 17:57:07 -08:00
  • b49d37ca54 callback_handler.go: test invalid upstream ID token username/groups Andrew Keesler 2020-11-19 15:53:21 -05:00
  • 20b62b8841 Merge pull request #231 from enj/enj/f/fosite_kube_storage Mo Khan 2020-11-19 15:34:55 -05:00
  • 83101eefce callback_handler.go: start to test upstream token corner cases Ryan Richard 2020-11-19 14:19:01 -05:00
  • 86865d155a Switch fuzzing test to UTC Monis Khan 2020-11-19 14:04:25 -05:00
  • 3575be7742 Add authorization code storage Monis Khan 2020-11-18 23:30:05 -05:00
  • b7d823a077 Add generic Kube API based CRUD storage Monis Khan 2020-11-17 11:42:11 -05:00
  • a47617cad0 callback_handler.go: Add JWT Audience claim to storage Ryan Richard 2020-11-19 08:53:53 -08:00
  • ee84f31f42 callback_handler.go: Add JWT Issuer claim to storage Ryan Richard 2020-11-19 08:35:23 -08:00
  • ace861f722 callback_handler.go: get some thoughts down about default upstream claims Andrew Keesler 2020-11-19 11:08:21 -05:00
  • 2e62be3ebb callback_handler.go: assert correct args are passed to token exchange Andrew Keesler 2020-11-19 10:20:46 -05:00
  • 48e0250649 callback_handler.go: test that we request openid scope correctly Andrew Keesler 2020-11-19 09:28:56 -05:00
  • 6c72507bca callback_handler.go: add test for failed upstream exchange/validation Andrew Keesler 2020-11-19 09:00:41 -05:00
  • 63b8c6e4b2 callback_handler.go: test when state missing a needed param Andrew Keesler 2020-11-19 08:51:23 -05:00
  • ffdb7fa795 callback_handler.go: add a test for invalid state auth params Andrew Keesler 2020-11-19 08:41:44 -05:00
  • 652ea6bd2a Start using fosite in the Supervisor's callback handler Ryan Richard 2020-11-18 17:15:01 -08:00
  • 3bc5952f7e Merge pull request #227 from mattmoyer/add-authorizationconfig-omitempty Mo Khan 2020-11-18 20:10:55 -05:00
  • 7520dadbdd Use omitempty on UpstreamOIDCProvider spec.authorizationConfig field. Matt Moyer 2020-11-18 14:29:13 -06:00
  • 8a4be431f6 Merge pull request #230 from vmware-tanzu/scc Mo Khan 2020-11-18 17:46:01 -05:00
  • c32e452db8 Add nonroot SCC to work on OpenShift clusters Mo Khan 2020-11-18 17:08:45 -05:00
  • 24bd8b2e42 Merge pull request #226 from absoludity/fix-getting-started4 Ryan Richard 2020-11-18 13:39:04 -08:00
  • 227fbd63aa Use an interface instead of a concrete type for UpstreamOIDCIdentityProvider Ryan Richard 2020-11-18 13:38:13 -08:00
  • c83cec341b Merge branch 'main' into fix-getting-started4 Ryan Richard 2020-11-17 15:02:36 -08:00
  • 7404ee4531 Merge pull request #224 from mattmoyer/make-oidcclient-public Matt Moyer 2020-11-17 15:13:50 -06:00
  • e0a9bef6ce Move ./internal/oidcclient to ./pkg/oidcclient. Matt Moyer 2020-11-17 12:46:54 -06:00
  • 428b9f2758 Merge pull request #223 from mattmoyer/refactor-cert-gen Matt Moyer 2020-11-17 12:45:20 -06:00
  • 0d1ad6e1df Fix some broken resource grouping/ordering in Tiltfile. Matt Moyer 2020-11-17 12:21:15 -06:00
  • 6ce2f109bf Refactor certificate generation for integration test Dex. Matt Moyer 2020-11-17 11:24:38 -06:00
  • 3b9fb71dd1 Merge pull request #222 from mattmoyer/readd-supervisor-login-tests Matt Moyer 2020-11-17 11:16:01 -06:00
  • 97552aec5f Merge branch 'main' into callback-endpoint Ryan Richard 2020-11-17 09:06:54 -08:00
  • d6d808d185 Re-add the TestSupervisorLogin integration test. Matt Moyer 2020-11-17 09:21:17 -06:00
  • b75a6cdb76 Merge pull request #221 from mattmoyer/use-https-dex Matt Moyer 2020-11-16 20:47:16 -06:00
  • b31deff0fb Update integration tests to use HTTPS Dex for UpstreamOIDCProvider testing. Matt Moyer 2020-11-16 18:16:16 -06:00
  • ee978fdde8 Add controller support for spec.tls field. Matt Moyer 2020-11-16 18:15:58 -06:00
  • e867fb82b9 Add spec.tls field to UpstreamOIDCProvider API. Matt Moyer 2020-11-16 14:42:43 -06:00
  • b17ac6ec0b Update integration tests to run Dex over HTTPS. Matt Moyer 2020-11-16 14:04:08 -06:00
  • dd2133458e Add --ca-bundle flag to "pinniped login oidc" command. Matt Moyer 2020-11-16 11:54:13 -06:00
  • e7ecfd3954 Merge pull request #219 from mattmoyer/add-test-proxy Matt Moyer 2020-11-16 17:48:16 -06:00
  • c8b17978a9 Convert CLI tests to work through an HTTP forward proxy. Matt Moyer 2020-11-16 10:40:18 -06:00
  • a4733025ce Merge pull request #220 from jonasrosland/fix-landing-text Matt Moyer 2020-11-16 16:36:44 -06:00
  • 1c7601a2b5 callback_handler.go: start happy path test with redirect Andrew Keesler 2020-11-16 17:07:34 -05:00
  • 052cdc40dc callback_handler.go: add CSRF and version state validations Ryan Richard 2020-11-16 14:41:00 -05:00
  • 332ed8e50b Fix landing page use cases jonasrosland 2020-11-16 12:00:06 -05:00
  • 4138c9244f callback_handler.go: write 2 invalid cookie tests Andrew Keesler 2020-11-16 11:47:49 -05:00
  • 57a2dc9fc1 Update default namespace for pinniped-concierge to match install-pinniped-concierge.yaml Michael Nelson 2020-11-05 17:29:43 +11:00
  • 9bb9402e89 Updated doc/demo.md with required namespace Michael Nelson 2020-11-05 17:27:34 +11:00
  • 3ef1171667 Tiny bit more code for Supervisor's callback_handler.go Andrew Keesler 2020-11-13 15:59:51 -08:00
  • 84b61fac88 Merge pull request #215 from mattmoyer/fix-upstream-oidc-provider Matt Moyer 2020-11-13 17:23:10 -06:00
  • c10393b495 Mask the raw error messages from go-oidc, since they are dangerous. Matt Moyer 2020-11-13 15:29:32 -06:00
  • d3d8ef44a0 Make more fields in UpstreamOIDCProvider optional. Matt Moyer 2020-11-13 15:28:37 -06:00
  • d5ee925e62 Merge pull request #213 from mattmoyer/more-categories Mo Khan 2020-11-13 15:51:42 -05:00
  • 47d216caae Merge pull request #209 from alexbrand/doc-fixes Mo Khan 2020-11-13 15:51:13 -05:00
  • 406d6b5544 docs/scope.md: Fix link to contrib guide Alexander Brand 2020-11-13 09:18:48 -05:00
  • ab87977c08 Put our TokenCredentialRequest API into the "pinniped" category. Matt Moyer 2020-11-13 12:09:22 -06:00
  • f4dfc22f8e Merge pull request #212 from enj/enj/i/restore_cert_ttl Matt Moyer 2020-11-13 14:11:44 -06:00
  • 785a1d14fb Merge pull request #199 from mattmoyer/add-oidc-upstream-crd Matt Moyer 2020-11-13 13:01:13 -06:00
  • d68a4b85f4 Add integration tests for UpstreamOIDCProvider status. Matt Moyer 2020-11-11 18:28:42 -06:00