ContainerImage.Pinniped/internal/oidc/login
Ryan Richard 0bb2c7beb7 Always add the azp claim to ID tokens to show the original client ID
When the token exchange grant type is used to get a cluster-scoped
ID token, the returned token has a new audience value. The client ID
of the client which performed the authorization was lost. This didn't
matter before, since the only client was `pinniped-cli`, but now that
dynamic clients can be registered, the information would be lost in the
cluster-scoped ID token. It could be useful for logging, tracing, or
auditing, so preserve the information by putting the client ID into the
`azp` claim in every ID token (authcode exchange, clsuter-scoped, and
refreshed ID tokens).
2022-08-09 16:07:23 -07:00
..
loginhtml Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
get_login_handler_test.go Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
get_login_handler.go Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
login_handler_test.go Login page styling/structure for users, screen readers, passwd managers 2022-05-05 13:13:25 -07:00
login_handler.go Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
post_login_handler_test.go Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
post_login_handler.go Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00