mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-05-18 22:01:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • ac19782405 Merge branch 'main' into token-endpoint Aram Price 2020-12-04 15:52:49 -08:00
  • 858356610c Make assertions about how many secrets were stored by fosite in tests Ryan Richard 2020-12-04 15:40:17 -08:00
  • 040ad3293a Merge pull request #255 from mattmoyer/reduce-default-cli-scopes Matt Moyer 2020-12-04 17:04:03 -06:00
  • 66270fded0 Merge pull request #257 from mattmoyer/prefactoring-for-cli-request-audience Matt Moyer 2020-12-04 17:03:38 -06:00
  • 26a8747509 Use the more specific label name of "storage.pinniped.dev/type" Aram Price 2020-12-04 14:39:11 -08:00
  • ac83633888 Add fosite kube storage for access and refresh tokens Ryan Richard 2020-12-04 14:31:06 -08:00
  • c6ead9d7dd Remove "email" and "profile" from default scopes requested by CLI. Matt Moyer 2020-12-04 11:21:30 -06:00
  • 8c3be3ffb2 Refactor UpstreamOIDCIdentityProviderI claim handling. Matt Moyer 2020-12-04 15:33:36 -06:00
  • 014d760f3d Add validated ID token claims to the oidctypes.Token structure. Matt Moyer 2020-12-04 15:15:33 -06:00
  • 8d5f4a93ed Get rid of an unnecessary comment from 58237d0e7d Andrew Keesler 2020-12-04 11:16:32 -05:00
  • 37631b41ea Don't set our TokenURL - we don't need it right now Andrew Keesler 2020-12-04 10:18:45 -05:00
  • 03806629b8 Cleanup code via TODOs accumulated during token endpoint work Andrew Keesler 2020-12-04 10:06:55 -05:00
  • 83e0934864 Add logging in dynamic OIDC ECDSA strategy Andrew Keesler 2020-12-04 09:05:39 -05:00
  • 2dc3ab1840 Merge remote-tracking branch 'upstream/main' into token-endpoint Andrew Keesler 2020-12-04 08:58:18 -05:00
  • 7b088d611d Merge pull request #252 from mattmoyer/fix-csrf-cookie-same-site Matt Moyer 2020-12-03 21:53:24 -06:00
  • f0ebd808d7 Switch CSRF cookie from Same-Site=Strict to Same-Site=Lax. Matt Moyer 2020-12-03 21:23:58 -06:00
  • 0bb2b10b3b Passing signing key through to the token endpoint Margo Crawford 2020-12-03 17:16:08 -08:00
  • fa94ebfbd1 Merge pull request #229 from vmware-tanzu/callback-endpoint Matt Moyer 2020-12-03 16:28:02 -06:00
  • c18c670765 Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-03 14:53:26 -06:00
  • f410da0ed2 Merge pull request #242 from rajat404/refactor-docs Matt Moyer 2020-12-03 14:52:51 -06:00
  • 58237d0e7d WIP: start to wire signing key into token handler Andrew Keesler 2020-12-03 15:34:58 -05:00
  • c8abc79d9b Fix this comment (and retrigger CI). Matt Moyer 2020-12-03 14:24:26 -06:00
  • 9455a66be8 This trailing dash is now taken care of by the library method. Matt Moyer 2020-12-03 13:56:24 -06:00
  • 05085d8e23 Use anonymous interface in test for Storage aram price 2020-12-03 11:26:36 -08:00
  • 8563c05baf Tweak these timeouts to be a bit faster (and retrigger CI). Matt Moyer 2020-12-03 13:22:27 -06:00
  • 67bf54a9f9 Use an interface for storage in token_handler_test.go Ryan Richard 2020-12-03 11:05:47 -08:00
  • 408fbe4f76 Parameterize the supervisor_redirect_uri in the test env Dex. Matt Moyer 2020-12-03 12:45:56 -06:00
  • cb5e494815 Dump out proxy access logs in TestSupervisorLogin. Matt Moyer 2020-12-03 11:28:48 -06:00
  • 954591d2db Add some debugging logs to our proxy client code. Matt Moyer 2020-12-03 10:25:26 -06:00
  • 2f1a67ef0d Merge remote-tracking branch 'upstream/callback-endpoint' into token-endpoint Andrew Keesler 2020-12-03 11:14:37 -05:00
  • d7b1ab8e43 Try to capture more logs from the TestSupervisorLogin test. Matt Moyer 2020-12-03 09:35:28 -06:00
  • 1d44a0cdfa Add a small integration test library to dump pod logs on test failures. Matt Moyer 2020-12-03 09:34:46 -06:00
  • 1fa41c4d0a Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-03 08:50:31 -06:00
  • 0deb7cc09a Merge pull request #250 from mattmoyer/fix-ipv6-test-regression Matt Moyer 2020-12-03 08:48:57 -06:00
  • fe2e2bdff1 Our ID token signing algorithm is ES256, not RS256 Andrew Keesler 2020-12-03 07:46:07 -05:00
  • 95093ab0af Use kube storage for the supervisor callback endpoint's fosite sessions Ryan Richard 2020-12-02 17:39:45 -08:00
  • 1dd7c82af6 Added id token verification Margo Crawford 2020-12-02 16:55:48 -08:00
  • 64ef53402d In TestSupervisorLogin, wrap the discovery request in an Eventually(). Matt Moyer 2020-12-02 18:07:52 -06:00
  • 37c5e121c4 Fix a test issue with IPv6 localhost interfaces. Matt Moyer 2020-12-02 17:49:21 -06:00
  • 879525faac Clean up the browsertest package a bit. Matt Moyer 2020-12-02 17:20:24 -06:00
  • 6ed9107df0 Remove a couple of todos that will be resolved in Slack conversations Ryan Richard 2020-12-02 14:20:03 -08:00
  • c320132289 Back-fill some more unit tests on authorizationcode_test.go Ryan Richard 2020-12-02 14:10:41 -08:00
  • ae9bdc1d61 Fix a lint warning by simplifying this append operation. Matt Moyer 2020-12-02 16:11:22 -06:00
  • c0f13ef4ac Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-02 16:09:08 -06:00
  • f40144e1a9 Update TestSupervisorLogin to test the callback flow using a browser. Matt Moyer 2020-12-02 15:50:42 -06:00
  • 0ccf14801e Expose the MaskTokens function so other test code can use it. Matt Moyer 2020-12-02 15:43:17 -06:00
  • 273ac62ec2 Extend the test client helpers in ./test/library/client.go. Matt Moyer 2020-12-02 15:32:54 -06:00
  • 545c26e5fe Refactor browser-related test functions to a ./test/library/browsertest package. Matt Moyer 2020-12-02 15:29:54 -06:00
  • 22953cdb78 Add a CA.Pool() method to ./internal/certauthority. Matt Moyer 2020-12-02 14:33:07 -06:00
  • fe0481c304 In integration test env, deploy a ClusterIP service and register that with Dex. Matt Moyer 2020-12-02 10:47:01 -06:00
  • fde56164cd Add a redirectURI parameter to ExchangeAuthcodeAndValidateTokens() method. Matt Moyer 2020-12-02 10:36:07 -06:00
  • 4fe691de92 Save an http.Client with each upstreamoidc.ProviderConfig object. Matt Moyer 2020-12-02 10:27:20 -06:00
  • c23c54f500 Add an explicit Path=/; to our CSRF cookie, per the spec. Matt Moyer 2020-12-01 17:01:22 -06:00
  • 9419b7392d WIP: start to validate ID token returned from token endpoint Margo Crawford 2020-12-02 16:26:47 -05:00
  • 09e6c86c46 token_handler.go: complete some TODOs and strengthen double auth code test Andrew Keesler 2020-12-02 15:14:01 -05:00
  • 7e78c9322c Remove duplicate documentation images from the repo and change all links to point to the Hugo site Rajat Goyal 2020-12-02 23:57:34 +05:30
  • 31810a97e1 Remove duplicate docs from the repo and change all links to point to the Hugo site Rajat Goyal 2020-11-22 20:14:02 +05:30
  • 8e4c85d816 WIP: get linting and unit tests passing after token endpoint first draft Andrew Keesler 2020-12-02 11:16:02 -05:00
  • 970be58847 token_handler.go: first draft of token handler, with a bunch of TODOs Andrew Keesler 2020-12-01 16:25:12 -05:00
  • d60c184424 Add pkce and openidconnect storage Margo Crawford 2020-12-01 17:18:32 -08:00
  • f38c150f6a Finished tests for pkce storage and added it to kubestorage Ryan Richard 2020-12-01 14:53:22 -08:00
  • c8eaa3f383 WIP towards using k8s fosite storage in the supervisor's callback endpoint Margo Crawford 2020-12-01 11:01:23 -08:00
  • be8f11fe5a Merge pull request #246 from mattmoyer/build-on-go-1.14 Matt Moyer 2020-11-30 17:38:19 -06:00
  • b272b3f331 Refactor oidcclient.Login to use new upstreamoidc package. Matt Moyer 2020-11-30 17:14:57 -06:00
  • 4b60c922ef Add generated mock of UpstreamOIDCIdentityProviderI. Matt Moyer 2020-11-30 17:09:01 -06:00
  • 25ee99f93a Add ValidateToken method to UpstreamOIDCIdentityProviderI interface. Matt Moyer 2020-11-30 17:08:27 -06:00
  • d32583dd7f Move OIDC Token structs into a new oidctypes package. Matt Moyer 2020-11-30 17:02:03 -06:00
  • d64acbb5a9 Add upstreamoidc.ProviderConfig type implementing provider.UpstreamOIDCIdentityProviderI. Matt Moyer 2020-11-30 14:54:11 -06:00
  • 24c4bc0dd4 Tweak some stdlib usage so we compile under Go 1.14. Matt Moyer 2020-11-24 13:38:28 -06:00
  • 58a3e35c51 Revert "test/integration: skip TestSupervisorLogin until new callback logic is on main" Andrew Keesler 2020-11-30 11:07:25 -05:00
  • 25bbd28527 Merge remote-tracking branch 'upstream/main' into callback-endpoint Andrew Keesler 2020-11-30 11:06:20 -05:00
  • 385d2db445 Merge pull request #245 from ankeesler/fix-supervisor-login-test Andrew Keesler 2020-11-30 11:05:43 -05:00
  • eae6d355f8 test/integration: skip TestSupervisorLogin until new callback logic is on main Andrew Keesler 2020-11-30 10:01:31 -05:00
  • 5be46d0bb7 test/integration: get downstream issuer path from upstream redirect Andrew Keesler 2020-11-30 09:58:08 -05:00
  • 5b04192945 Run TestSupervisorLogin only on valid HTTP/HTTPS supervisor addresses Andrew Keesler 2020-11-30 09:23:12 -05:00
  • e6b6c0e3ab Merge branch 'main' into callback-endpoint Ryan Richard 2020-11-20 15:50:26 -08:00
  • dfb6544171 Merge pull request #238 from jknostman3/patch-1 Matt Moyer 2020-11-20 17:15:26 -06:00
  • 3596610f40 Merge pull request #239 from enj/enj/f/fosite_defaults Matt Moyer 2020-11-20 17:14:05 -06:00
  • ccddeb4cda Merge branch 'main' into callback-endpoint Ryan Richard 2020-11-20 15:13:25 -08:00
  • d39cc08b66 Set defaults for fosite config Monis Khan 2020-11-20 15:45:29 -05:00
  • c4ff1ca304 auth_handler.go: Ignore invalid CSRF cookies rather than return error Ryan Richard 2020-11-20 13:56:35 -08:00
  • b21f0035d7 callback_handler.go: Get upstream name from state instead of path Andrew Keesler 2020-11-20 13:33:08 -08:00
  • ad9439eef2 Merge pull request #207 from vmware-tanzu/dependabot/docker/golang-1.15.5 Matt Moyer 2020-11-20 15:18:23 -06:00
  • 72321fc106 Use /callback (without IDP name) path for callback endpoint (part 1) Ryan Richard 2020-11-20 16:14:45 -05:00
  • 541019eb98 callback_handler.go: simplify stored ID token claims Andrew Keesler 2020-11-20 15:36:51 -05:00
  • 15bffc6b16 Update site demo to use pinniped-concierge namespace Jake Knostman 2020-11-20 12:31:23 -08:00
  • 901242c1e1 Bump golang from 1.15.3 to 1.15.5 dependabot[bot] 2020-11-20 20:19:51 +00:00
  • fd0e0bb4c9 Merge pull request #234 from rajat404/main Matt Moyer 2020-11-20 13:29:35 -06:00
  • 53bece2186 Avoid printing the error message twice from client Rajat Goyal 2020-11-20 23:49:52 +05:30
  • 1a881e4f2b Merge pull request #232 from mattmoyer/adjust-test-environment-upstream-clients Matt Moyer 2020-11-20 09:46:04 -06:00
  • 488d1b663a internal/oidc/provider/manager: route to callback endpoint Andrew Keesler 2020-11-20 10:42:43 -05:00
  • 8f5d1709a1 callback_handler.go: assert behavior about PKCE and IDSession storage Andrew Keesler 2020-11-20 09:41:49 -05:00
  • bc700d58ae Split test environment variables so there's a specific supervisor upstream client. Matt Moyer 2020-11-19 15:05:31 -06:00
  • f8d76066c5 callback_handler.go: assert nonce is stored correctly Andrew Keesler 2020-11-20 08:38:23 -05:00
  • b8fb37b9f6 Merge pull request #233 from enj/enj/i/tmp_disable_max_flight Mo Khan 2020-11-19 22:51:03 -05:00
  • 4a28d1f800 Temporarily disable max inflight checks for mutating requests Monis Khan 2020-11-19 21:21:10 -05:00
  • b25696a1fb callback_handler.go: Prepend iss to sub when making default username Andrew Keesler 2020-11-19 17:57:07 -08:00
  • b49d37ca54 callback_handler.go: test invalid upstream ID token username/groups Andrew Keesler 2020-11-19 15:53:21 -05:00
  • 20b62b8841 Merge pull request #231 from enj/enj/f/fosite_kube_storage Mo Khan 2020-11-19 15:34:55 -05:00
  • 83101eefce callback_handler.go: start to test upstream token corner cases Ryan Richard 2020-11-19 14:19:01 -05:00