Compare commits
16 Commits
pinny/bump
...
main
Author | SHA1 | Date | |
---|---|---|---|
5292606ad1 | |||
ce92965408 | |||
fa3143cc76 | |||
25468e31ed | |||
a1bc7ddf2d | |||
6f040ff03b | |||
92a9f8093f | |||
2265388f6c | |||
089c872190 | |||
0a2f6e4e7a | |||
85e3359831 | |||
e165d3b2cd | |||
a37832dafc | |||
9ae93d1da9 | |||
b0050312a8 | |||
cb932adbb2 |
19
.drone.yml
Normal file
19
.drone.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
kind: pipeline
|
||||||
|
type: kubernetes
|
||||||
|
name: Container
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: build & publish
|
||||||
|
image: spritsail/docker-build
|
||||||
|
context: .
|
||||||
|
settings:
|
||||||
|
repo: bv11-cr01.bessems.eu/library/pinniped-server
|
||||||
|
registry: bv11-cr01.bessems.eu
|
||||||
|
tags: latest
|
||||||
|
build_args:
|
||||||
|
- BUILDPLATFORM=linux/amd64
|
||||||
|
mtu: 1450
|
||||||
|
username:
|
||||||
|
from_secret: harbor_username
|
||||||
|
password:
|
||||||
|
from_secret: harbor_password
|
@ -4,7 +4,7 @@
|
|||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
# Prepare to cross-compile by always running the build stage in the build platform, not the target platform.
|
# Prepare to cross-compile by always running the build stage in the build platform, not the target platform.
|
||||||
FROM --platform=$BUILDPLATFORM golang:1.21.3 as build-env
|
FROM --platform=linux/amd64 golang:1.21.3 as build-env
|
||||||
|
|
||||||
WORKDIR /work
|
WORKDIR /work
|
||||||
|
|
||||||
|
4
go.mod
4
go.mod
@ -38,7 +38,7 @@ require (
|
|||||||
github.com/spf13/cobra v1.7.0
|
github.com/spf13/cobra v1.7.0
|
||||||
github.com/spf13/pflag v1.0.5
|
github.com/spf13/pflag v1.0.5
|
||||||
github.com/stretchr/testify v1.8.4
|
github.com/stretchr/testify v1.8.4
|
||||||
github.com/tdewolff/minify/v2 v2.20.4
|
github.com/tdewolff/minify/v2 v2.20.1
|
||||||
go.uber.org/zap v1.26.0
|
go.uber.org/zap v1.26.0
|
||||||
golang.org/x/crypto v0.14.0
|
golang.org/x/crypto v0.14.0
|
||||||
golang.org/x/net v0.17.0
|
golang.org/x/net v0.17.0
|
||||||
@ -132,7 +132,7 @@ require (
|
|||||||
github.com/spf13/jwalterweatherman v1.1.0 // indirect
|
github.com/spf13/jwalterweatherman v1.1.0 // indirect
|
||||||
github.com/stoewer/go-strcase v1.2.0 // indirect
|
github.com/stoewer/go-strcase v1.2.0 // indirect
|
||||||
github.com/subosito/gotenv v1.4.0 // indirect
|
github.com/subosito/gotenv v1.4.0 // indirect
|
||||||
github.com/tdewolff/parse/v2 v2.7.2 // indirect
|
github.com/tdewolff/parse/v2 v2.7.1 // indirect
|
||||||
go.etcd.io/etcd/api/v3 v3.5.9 // indirect
|
go.etcd.io/etcd/api/v3 v3.5.9 // indirect
|
||||||
go.etcd.io/etcd/client/pkg/v3 v3.5.9 // indirect
|
go.etcd.io/etcd/client/pkg/v3 v3.5.9 // indirect
|
||||||
go.etcd.io/etcd/client/v3 v3.5.9 // indirect
|
go.etcd.io/etcd/client/v3 v3.5.9 // indirect
|
||||||
|
8
go.sum
8
go.sum
@ -482,10 +482,10 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
|
|||||||
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
||||||
github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
|
github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
|
||||||
github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
|
github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
|
||||||
github.com/tdewolff/minify/v2 v2.20.4 h1:rN2rooMxvJKDXdwpNsdHrCduSyBG+vMBs7wbAVpF/SM=
|
github.com/tdewolff/minify/v2 v2.20.1 h1:ARmlyj4gJYXNrPtdatTR9gMusp3AciwZA5o/qYtFbow=
|
||||||
github.com/tdewolff/minify/v2 v2.20.4/go.mod h1:AMF0J/eNujZLDbfMZvWweg5TSG/KuK+/UGKc+k1N8/w=
|
github.com/tdewolff/minify/v2 v2.20.1/go.mod h1:spLa6hfzR2CXXPV92kcHpziPsOobxB7IFov+8k5l5NY=
|
||||||
github.com/tdewolff/parse/v2 v2.7.2 h1:9NdxF0nk/+lPI0YADDonSlpiY15hGcVUhXRj9hnK8sM=
|
github.com/tdewolff/parse/v2 v2.7.1 h1:gdImkv0sIupYr/cXAu5s+CxfVpxMdYZX2Qr+5Q+RdF8=
|
||||||
github.com/tdewolff/parse/v2 v2.7.2/go.mod h1:9p2qMIHpjRSTr1qnFxQr+igogyTUTlwvf9awHSm84h8=
|
github.com/tdewolff/parse/v2 v2.7.1/go.mod h1:9p2qMIHpjRSTr1qnFxQr+igogyTUTlwvf9awHSm84h8=
|
||||||
github.com/tdewolff/test v1.0.10 h1:uWiheaLgLcNFqHcdWveum7PQfMnIUTf9Kl3bFxrIoew=
|
github.com/tdewolff/test v1.0.10 h1:uWiheaLgLcNFqHcdWveum7PQfMnIUTf9Kl3bFxrIoew=
|
||||||
github.com/tdewolff/test v1.0.10/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
|
github.com/tdewolff/test v1.0.10/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
|
||||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||||
|
@ -144,7 +144,10 @@ func FositeOauth2Helper(
|
|||||||
RefreshTokenLifespan: timeoutsConfiguration.RefreshTokenLifespan,
|
RefreshTokenLifespan: timeoutsConfiguration.RefreshTokenLifespan,
|
||||||
|
|
||||||
ScopeStrategy: fosite.ExactScopeStrategy,
|
ScopeStrategy: fosite.ExactScopeStrategy,
|
||||||
EnforcePKCE: true,
|
// The only public client is pinniped-cli, so this combination of PKCE settings requires PKCE for the
|
||||||
|
// pinniped-cli client and does not require PKCE for any dynamically configured OIDCClients.
|
||||||
|
EnforcePKCE: false,
|
||||||
|
EnforcePKCEForPublicClients: true,
|
||||||
|
|
||||||
// "offline_access" as per https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
|
// "offline_access" as per https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
|
||||||
RefreshTokenScopes: []string{oidcapi.ScopeOfflineAccess},
|
RefreshTokenScopes: []string{oidcapi.ScopeOfflineAccess},
|
||||||
|
Loading…
Reference in New Issue
Block a user