djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Commit Graph

  • 016b0e9a8e
         Satisfy the pedantic linter config 🙃. Matt Moyer 2020-12-09 14:41:27 -0600
  • 51c828382f Supervisor token endpoint supports refresh grant type Ryan Richard 2020-12-09 12:12:59 -0800
  • 02d96d731f
         Finish TestTokenExchange unit tests and add missing scope check. Matt Moyer 2020-12-09 13:56:53 -0600
  • cac3a3520f Merge branch 'main' into token-refresh Ryan Richard 2020-12-09 09:58:21 -0800
  • b04db6ad2b
         Fix some false positive gosec warnings. Matt Moyer 2020-12-09 10:42:37 -0600
  • f1aff2faab
         Start extending TestSupervisorLogin to test the token exchange flow (WIP). Matt Moyer 2020-12-09 10:23:10 -0600
  • b1542be7b1
         In oidcclient token exchange request, pass client_id but don't bother with authorization header. Matt Moyer 2020-12-09 10:08:41 -0600
  • 1db2ae3a45
         Add more parameter validations and refactor internal/oidc/token_exchange.go. Matt Moyer 2020-12-09 10:04:58 -0600
  • e25d090ca9
         Merge branch 'main' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint Matt Moyer 2020-12-09 10:00:54 -0600
  • 5f4348c57d
         Merge pull request #266 from ankeesler/fix-jwt-auth-ca-bundle Andrew Keesler 2020-12-09 10:43:33 -0500
  • 644cb687b9
         Grant the Pinniped STS scope in authorize/callback handlers. Matt Moyer 2020-12-09 09:36:45 -0600
  • bebe25c32e
         Merge branch 'main' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint Matt Moyer 2020-12-09 09:25:58 -0600
  • 4c0fb12cf6
         test/integration: only set JWTAuthenticator CA bundle when it exists Andrew Keesler 2020-12-09 09:51:58 -0500
  • 93cfd8c93a
         Fix prepare-for-integration-tests.sh and Tiltfile for kubectl 1.20 Andrew Keesler 2020-12-09 09:50:50 -0500
  • 5f1bd5ec31
         Update TestNullStorage_GetClient with adjusted pinniped-cli scopes. Matt Moyer 2020-12-09 09:12:32 -0600
  • 8fcc176d8b
         Merge pull request #258 from ankeesler/jwt-authenticator Andrew Keesler 2020-12-09 08:21:04 -0500
  • 6420caca94 Bring back the test that was skipped by the previous commit Ryan Richard 2020-12-08 18:25:01 -0800
  • f84dda937b Merge branch 'token-refresh' into token-exchange-endpoint Ryan Richard 2020-12-08 18:12:12 -0800
  • ef4ef583dc token_handler_test.go: Refactor how we specify the expected results Ryan Richard 2020-12-08 18:10:55 -0800
  • f103c02408 Add check for grant type in tokenexchangehandler, Margo Crawford 2020-12-08 17:33:08 -0800
  • ef3f837800 Merge remote-tracking branch 'origin/token-refresh' into token-exchange-endpoint Margo Crawford 2020-12-08 16:58:35 -0800
  • 170982a688 refactor token_handler_test.go: easier to make more requests after initial authcode exchange Ryan Richard 2020-12-08 16:54:58 -0800
  • a852baac75 Merge remote-tracking branch 'origin/token-refresh' into token-exchange-endpoint Margo Crawford 2020-12-08 12:55:44 -0800
  • 381a2e749a
         impotent -> idempotent Andrew Keesler 2020-12-08 15:36:27 -0500
  • 9ed5dcb031
         Only create underlying jwt authenticator when spec has changed Aram Price 2020-12-08 15:14:05 -0500
  • e0ee18a993
         Always close JWTAuthenticator underlying authenticator Andrew Keesler 2020-12-08 11:08:53 -0500
  • 0efc19a1b7
         Support JWTAuthenticator in pinniped CLI Andrew Keesler 2020-12-07 20:40:20 -0500
  • 57103e0a9f
         Add JWTAuthenticator controller Andrew Keesler 2020-12-07 20:39:51 -0500
  • 946b0539d2
         Add JWTAuthenticator API type Andrew Keesler 2020-12-07 20:37:43 -0500
  • a9111f39af Merge branch 'main' into token-refresh Ryan Richard 2020-12-08 12:32:41 -0800
  • 18d90a727e token_handler_test.go: refresh token gets deleted when authcode reused Ryan Richard 2020-12-08 12:12:55 -0800
  • c090eb6a62 Supervisor token endpoint returns refresh tokens when requested Ryan Richard 2020-12-08 11:47:39 -0800
  • 8f51993db2
         Merge pull request #265 from vmware-tanzu/scope-constants Andrew Keesler 2020-12-08 14:32:09 -0500
  • 8d2b8ae6b5 Use constants for scope values aram price 2020-12-08 10:46:05 -0800
  • afbef23a51 WIP implementing TokenExchangeHandler methods Matt Moyer 2020-12-08 10:17:03 -0800
  • e5ecaf01a0 WIP stubbing out tokenexchangehandler Margo Crawford 2020-12-07 17:28:51 -0800
  • b7b6816531
         Merge pull request #259 from mattmoyer/add-cli-request-audience Margo Crawford 2020-12-08 09:26:19 -0800
  • bfcd2569e9
         Add a --request-audience flag to the pinniped login oidc CLI command. Matt Moyer 2020-12-04 17:33:53 -0600
  • d91baba240 authorize and callback endpoints now handle the offline_access scope Aram Price 2020-12-07 17:22:34 -0800
  • 6a90a10123
         Merge pull request #249 from vmware-tanzu/token-endpoint Ryan Richard 2020-12-07 15:08:07 -0800
  • 12e5f94e75 Merge branch 'main' into token-endpoint Ryan Richard 2020-12-07 14:23:40 -0800
  • e1ae48f2e4 Discovery does not return token_endpoint_auth_signing_alg_values_supported Ryan Richard 2020-12-07 14:15:31 -0800
  • dcaf9166dc
         Merge pull request #261 from mattmoyer/remove-goerr113-linter Matt Moyer 2020-12-07 16:07:11 -0600
  • 9e945d7547
         Disable the goerr113 linter. Matt Moyer 2020-12-07 15:51:41 -0600
  • 648fa4b9ba Backfill test for token endpoint error when JWK is not yet available Aram Price 2020-12-07 11:53:24 -0800
  • e0b6133bf1 Integration tests call supervisor token endpoint and validate response Ryan Richard 2020-12-04 17:07:04 -0800
  • ac19782405 Merge branch 'main' into token-endpoint Aram Price 2020-12-04 15:52:49 -0800
  • 858356610c Make assertions about how many secrets were stored by fosite in tests Ryan Richard 2020-12-04 15:40:17 -0800
  • 040ad3293a
         Merge pull request #255 from mattmoyer/reduce-default-cli-scopes Matt Moyer 2020-12-04 17:04:03 -0600
  • 66270fded0
         Merge pull request #257 from mattmoyer/prefactoring-for-cli-request-audience Matt Moyer 2020-12-04 17:03:38 -0600
  • 26a8747509 Use the more specific label name of "storage.pinniped.dev/type" Aram Price 2020-12-04 14:39:11 -0800
  • ac83633888 Add fosite kube storage for access and refresh tokens Ryan Richard 2020-12-04 14:31:06 -0800
  • c6ead9d7dd
         Remove "email" and "profile" from default scopes requested by CLI. Matt Moyer 2020-12-04 11:21:30 -0600
  • 8c3be3ffb2
         Refactor UpstreamOIDCIdentityProviderI claim handling. Matt Moyer 2020-12-04 15:33:36 -0600
  • 014d760f3d
         Add validated ID token claims to the oidctypes.Token structure. Matt Moyer 2020-12-04 15:15:33 -0600
  • 8d5f4a93ed
         Get rid of an unnecessary comment from 58237d0e7d Andrew Keesler 2020-12-04 11:16:32 -0500
  • 37631b41ea
         Don't set our TokenURL - we don't need it right now Andrew Keesler 2020-12-04 10:18:45 -0500
  • 03806629b8
         Cleanup code via TODOs accumulated during token endpoint work Andrew Keesler 2020-12-04 10:06:55 -0500
  • 83e0934864
         Add logging in dynamic OIDC ECDSA strategy Andrew Keesler 2020-12-04 09:05:39 -0500
  • 2dc3ab1840
         Merge remote-tracking branch 'upstream/main' into token-endpoint Andrew Keesler 2020-12-04 08:58:18 -0500
  • 97ac852279
         Bump golang from 1.15.5 to 1.15.6 dependabot[bot] 2020-12-04 06:21:28 +0000
  • 7b088d611d
         Merge pull request #252 from mattmoyer/fix-csrf-cookie-same-site Matt Moyer 2020-12-03 21:53:24 -0600
  • f0ebd808d7
         Switch CSRF cookie from Same-Site=Strict to Same-Site=Lax. Matt Moyer 2020-12-03 21:23:58 -0600
  • 0bb2b10b3b Passing signing key through to the token endpoint Margo Crawford 2020-12-03 17:16:08 -0800
  • fa94ebfbd1
         Merge pull request #229 from vmware-tanzu/callback-endpoint Matt Moyer 2020-12-03 16:28:02 -0600
  • c18c670765
         Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-03 14:53:26 -0600
  • f410da0ed2
         Merge pull request #242 from rajat404/refactor-docs Matt Moyer 2020-12-03 14:52:51 -0600
  • 58237d0e7d
         WIP: start to wire signing key into token handler Andrew Keesler 2020-12-03 15:34:58 -0500
  • c8abc79d9b
         Fix this comment (and retrigger CI). Matt Moyer 2020-12-03 14:24:26 -0600
  • 9455a66be8
         This trailing dash is now taken care of by the library method. Matt Moyer 2020-12-03 13:56:24 -0600
  • 05085d8e23 Use anonymous interface in test for Storage aram price 2020-12-03 11:26:36 -0800
  • 8563c05baf
         Tweak these timeouts to be a bit faster (and retrigger CI). Matt Moyer 2020-12-03 13:22:27 -0600
  • 67bf54a9f9 Use an interface for storage in token_handler_test.go Ryan Richard 2020-12-03 11:05:47 -0800
  • 408fbe4f76
         Parameterize the supervisor_redirect_uri in the test env Dex. Matt Moyer 2020-12-03 12:45:56 -0600
  • cb5e494815
         Dump out proxy access logs in TestSupervisorLogin. Matt Moyer 2020-12-03 11:28:48 -0600
  • 954591d2db
         Add some debugging logs to our proxy client code. Matt Moyer 2020-12-03 10:25:26 -0600
  • 2f1a67ef0d
         Merge remote-tracking branch 'upstream/callback-endpoint' into token-endpoint Andrew Keesler 2020-12-03 11:14:37 -0500
  • d7b1ab8e43
         Try to capture more logs from the TestSupervisorLogin test. Matt Moyer 2020-12-03 09:35:28 -0600
  • 1d44a0cdfa
         Add a small integration test library to dump pod logs on test failures. Matt Moyer 2020-12-03 09:34:46 -0600
  • 1fa41c4d0a
         Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-03 08:50:31 -0600
  • 0deb7cc09a
         Merge pull request #250 from mattmoyer/fix-ipv6-test-regression Matt Moyer 2020-12-03 08:48:57 -0600
  • fe2e2bdff1
         Our ID token signing algorithm is ES256, not RS256 Andrew Keesler 2020-12-03 07:46:07 -0500
  • 95093ab0af Use kube storage for the supervisor callback endpoint's fosite sessions Ryan Richard 2020-12-02 17:39:45 -0800
  • 1dd7c82af6 Added id token verification Margo Crawford 2020-12-02 16:55:48 -0800
  • 64ef53402d
         In TestSupervisorLogin, wrap the discovery request in an Eventually(). Matt Moyer 2020-12-02 18:07:52 -0600
  • 37c5e121c4
         Fix a test issue with IPv6 localhost interfaces. Matt Moyer 2020-12-02 17:49:21 -0600
  • 879525faac
         Clean up the browsertest package a bit. Matt Moyer 2020-12-02 17:20:24 -0600
  • 6ed9107df0 Remove a couple of todos that will be resolved in Slack conversations Ryan Richard 2020-12-02 14:20:03 -0800
  • c320132289 Back-fill some more unit tests on authorizationcode_test.go Ryan Richard 2020-12-02 14:10:41 -0800
  • ae9bdc1d61
         Fix a lint warning by simplifying this append operation. Matt Moyer 2020-12-02 16:11:22 -0600
  • c0f13ef4ac
         Merge remote-tracking branch 'origin/main' into callback-endpoint Matt Moyer 2020-12-02 16:09:08 -0600
  • f40144e1a9
         Update TestSupervisorLogin to test the callback flow using a browser. Matt Moyer 2020-12-02 15:50:42 -0600
  • 0ccf14801e
         Expose the MaskTokens function so other test code can use it. Matt Moyer 2020-12-02 15:43:17 -0600
  • 273ac62ec2
         Extend the test client helpers in ./test/library/client.go. Matt Moyer 2020-12-02 15:32:54 -0600
  • 545c26e5fe
         Refactor browser-related test functions to a ./test/library/browsertest package. Matt Moyer 2020-12-02 15:29:54 -0600
  • 22953cdb78
         Add a CA.Pool() method to ./internal/certauthority. Matt Moyer 2020-12-02 14:33:07 -0600
  • fe0481c304
         In integration test env, deploy a ClusterIP service and register that with Dex. Matt Moyer 2020-12-02 10:47:01 -0600
  • fde56164cd
         Add a redirectURI parameter to ExchangeAuthcodeAndValidateTokens() method. Matt Moyer 2020-12-02 10:36:07 -0600
  • 4fe691de92
         Save an http.Client with each upstreamoidc.ProviderConfig object. Matt Moyer 2020-12-02 10:27:20 -0600
  • c23c54f500
         Add an explicit Path=/; to our CSRF cookie, per the spec. Matt Moyer 2020-12-01 17:01:22 -0600