- Jun 27, 2020
-
-
Joel Speed authored
-
Joel Speed authored
* Add more Open Redirect test cases * Add whitelisted domain to test * Add more test cases * Improve invalid redirect regex
-
İlteriş Eroğlu authored
* Changed how gitlab-group is parsed, from string to []string See #637 * Point out that gitlab-group can be a list See #637 * Reflect to the []string change on pkg/apis/options/options.go See #637 * Move cfg option gitlab_group to gitlab_groups See #637 * Renamed Group to Groups See #637 * Reflect the change on gitlab.go as well See #637 * Added #639 * Added the author of #639 to the CHANGELOG * Add the gitlab_groups env change to CHANGELOG.md See #639 Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
-
Joel Speed authored
helm kubernetes example based on kind cluster and nginx ingress
-
- Jun 26, 2020
-
-
Evgeni Gordeev authored
# Conflicts: # CHANGELOG.md
-
Joel Speed authored
Verify main vs extra JWT bearers differently
-
- Jun 20, 2020
-
-
Evgeni Gordeev authored
-
Evgeni Gordeev authored
-
Evgeni Gordeev authored
# Conflicts: # CHANGELOG.md
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
When using the configured provider JWT Verifier, it makes sense to use the provider `CreateSessionStateFromBearerToken` method. For any extra JWT Issuers, they should use a generic default verifier.
-
Joel Speed authored
Don't log invalid redirect if redirect is empty
-
Joel Speed authored
-
Joel Speed authored
Add HealthCheck middleware
-
- Jun 18, 2020
-
-
Evgeni Gordeev authored
-
- Jun 17, 2020
-
-
Evgeni Gordeev authored
-
Evgeni Gordeev authored
-
Evgeni Gordeev authored
* expose kind to 443 port * make helm optional * rename folder to kubernetes
-
Evgeni Gordeev authored
# Conflicts: # CHANGELOG.md
-
- Jun 15, 2020
-
-
Joel Speed authored
-
Joel Speed authored
-
Joel Speed authored
-
- Jun 14, 2020
-
-
Evgeni Gordeev authored
* Adding one more example - keycloak - alongside with dex IDP. * don't expose keycloak and proxy ports to the host * specify email-domain list option in documentation * get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390 * get rid of the scripts - use static file for keycloak startup * changelog entry * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
-
Joel Speed authored
Encryption efficiency improvements
-
- Jun 13, 2020
-
-
Nick Meves authored
This helper method is only applicable for Base64 wrapped encryption since it operated on string -> string primarily. It wouldn't be used for pure CFB/GCM ciphers. After a messagePack session refactor, this method would further only be used for legacy session compatibility - making its placement in cipher.go not ideal.
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
Have it take in a cipher init function as an argument. Remove the confusing `newCipher` method that matched legacy behavior and returns a Base64Cipher(CFBCipher) -- instead explicitly ask for that in the uses.
-
Nick Meves authored
During the upcoming encoded session refactor, AES GCM is ideal to use as the Redis (and other DB like stores) encryption wrapper around the session because each session is encrypted with a distinct secret that is passed by the session ticket.
-
Nick Meves authored
All Encrypt/Decrypt Cipher implementations will now take and return []byte to set up usage in future binary compatible encoding schemes to fix issues with bloat encrypting to strings (which requires base64ing adding 33% size)
-
Nick Meves authored
Make signedValue & Validate operate on []byte by default and not assume/cast string. Any casting will be done from callers.
-
Nick Meves authored
These will take in []byte and not automatically Base64 encode/decode.
-
Evgeni Gordeev authored
-