djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,381 Commits 30 Branches 34 Tags 22 MiB
3160b5bad1
Commit Graph

69 Commits

Author SHA1 Message Date
Andrew Keesler
58237d0e7d
WIP: start to wire signing key into token handler 
This commit includes a failing test (amongst other compiler failures) for the
dynamic signing key fetcher that we will inject into fosite. We are checking it
in so that we can pass the WIP off.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-03 15:37:25 -05:00
Andrew Keesler
2f1a67ef0d
Merge remote-tracking branch 'upstream/callback-endpoint' into token-endpoint 2020-12-03 11:14:37 -05:00
Andrew Keesler
970be58847
token_handler.go: first draft of token handler, with a bunch of TODOs 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-02 11:14:45 -05:00
Ryan Richard
f38c150f6a Finished tests for pkce storage and added it to kubestorage 
- Also fixed some lint errors with v1.33.0 of the linter

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-01 14:53:22 -08:00
Ryan Richard
e6b6c0e3ab Merge branch 'main' into callback-endpoint 2020-11-20 15:50:26 -08:00
Ryan Richard
ccddeb4cda Merge branch 'main' into callback-endpoint 2020-11-20 15:13:25 -08:00
Monis Khan
d39cc08b66
Set defaults for fosite config 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-20 17:18:52 -05:00
Ryan Richard
72321fc106
Use /callback (without IDP name) path for callback endpoint (part 1) 
This is much nicer UX for an administrator installing a UpstreamOIDCProvider
CRD. They don't have to guess as hard at what the callback endpoint path should
be for their UpstreamOIDCProvider.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-20 16:14:45 -05:00
Andrew Keesler
541019eb98
callback_handler.go: simplify stored ID token claims 
Fosite is gonna set these fields for us.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-20 15:36:51 -05:00
Andrew Keesler
488d1b663a
internal/oidc/provider/manager: route to callback endpoint 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-20 10:44:56 -05:00
Ryan Richard
227fbd63aa Use an interface instead of a concrete type for UpstreamOIDCIdentityProvider 
Because we want it to implement an AuthcodeExchanger interface and
do it in a way that will be more unit test-friendly than the underlying
library that we intend to use inside its implementation.
 2020-11-18 13:38:13 -08:00
Ryan Richard
052cdc40dc
callback_handler.go: add CSRF and version state validations 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-16 14:41:00 -05:00
Andrew Keesler
4138c9244f
callback_handler.go: write 2 invalid cookie tests 
Also common-ize some more constants shared between the auth and callback
endpoints.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-16 11:47:49 -05:00
Andrew Keesler
3ef1171667 Tiny bit more code for Supervisor's callback_handler.go 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-13 15:59:51 -08:00
Ryan Richard
246471bc91 Also run OIDC validations in supervisor authorize endpoint 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-06 14:44:58 -08:00
Ryan Richard
33ce79f89d Expose the Supervisor OIDC authorization endpoint to the public 2020-11-04 17:06:47 -08:00
Andrew Keesler
a36f7c6c07 Test that the port of localhost redirect URI is ignored during validation 
Also move definition of our oauth client and the general fosite
configuration to a helper so we can use the same config to construct
the handler for both test and production code.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-04 15:04:50 -08:00
Ryan Richard
8b7d96f42c Several small refactors related to OIDC providers 2020-10-08 11:28:21 -07:00
Andrew Keesler
fd6a7f5892
supervisor-oidc: hoist OIDC discovery handler for testing 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-06 11:16:57 -04:00