djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ContainerImage.Pinniped/internal/oidc
History
Ryan Richard 79ca1d7fb0 Perform an upstream refresh during downstream refresh for OIDC upstreams 
- If the upstream refresh fails, then fail the downstream refresh
- If the upstream refresh returns an ID token, then validate it (we
  use its claims in the future, but not in this commit)
- If the upstream refresh returns a new refresh token, then save it
  into the user's session in storage
- Pass the provider cache into the token handler so it can use the
  cached providers to perform upstream refreshes
- Handle unexpected errors in the token handler where the user's session
  does not contain the expected data. These should not be possible
  in practice unless someone is manually editing the storage, but
  handle them anyway just to be safe.
- Refactor to share the refresh code between the CLI and the token
  endpoint by moving it into the UpstreamOIDCIdentityProviderI
  interface, since the token endpoint needed it to be part of that
  interface anyway
 		2021-10-13 12:31:20 -07:00
..
auth Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
callback Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
clientregistry Add "response_mode=form_post" to CLI client. 2021-07-09 12:08:42 -05:00
csrftoken Add some trivial unit tests to internal/oidc/csrftoken. 2021-02-02 09:38:17 -06:00
discovery Extract Supervisor authorize endpoint string constants into apis pkg 2021-08-18 10:20:33 -07:00
downstreamsession Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
dynamiccodec internal/oidc/dynamiccodec: loosen test to reduce flakes 2020-12-11 11:49:27 -05:00
idpdiscovery Merge branch 'main' of github.com:vmware-tanzu/pinniped into active-directory-identity-provider 2021-08-24 12:19:29 -07:00
jwks WIP: start to wire signing key into token handler 2020-12-03 15:37:25 -05:00
provider Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
token Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
dynamic_oauth2_hmac_strategy.go Rename off of main 2020-12-16 14:27:09 -08:00
dynamic_open_id_connect_ecdsa_strategy.go Implement upstream LDAP support in auth_handler.go 2021-04-08 17:28:01 -07:00
dynamic_open_id_connect_ecdsa_strategy_test.go Implement upstream LDAP support in auth_handler.go 2021-04-08 17:28:01 -07:00
kube_storage.go Use a custom type for our static CLI client (smaller change). 2021-06-15 15:31:48 -05:00
nullstorage.go Use a custom type for our static CLI client (smaller change). 2021-06-15 15:31:48 -05:00
oidc.go Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
token_exchange.go Update internal/oidc/token_exchange.go for latest Fosite version. 2021-03-01 13:08:41 -06:00