James Elliott
2445b2e23a
refactor: apply suggestions from code review
...
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 22:22:08 +10:00
James Elliott
aaeb3aa881
feat(oidc): private key jwt client auth
...
This adds support for the private_key_jwt client authentication method.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 20:43:07 +10:00
James Elliott
602041d37d
feat(oidc): multiple jwk algorithms
...
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 20:42:39 +10:00
James Elliott
7cf907b23d
feat(oidc): client_secret_jwt authentication
...
This adds the authentication machinery for the client_secret_jwt Default Client Authentication Strategy.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 20:42:13 +10:00
James Elliott
fb5c285c25
feat(authentication): suport ldap over unix socket ( #5397 )
...
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott
90d190121d
feat(server): listen on unix sockets ( #5038 )
...
This allows listening on unix sockets.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott
4ba1b6465a
docs: add alert for configuration sections ( #5380 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-04 21:23:15 +10:00
James Elliott
9e8db3c3f3
docs(oidc): faq refresh ( #5254 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:25:21 +10:00
James Elliott
a179775f6f
refactor: misc out of band changes ( #5238 )
...
This just implements some changes from feat-settings-ui that are out of scope.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott
3d2da0b070
feat(oidc): client authentication modes ( #5150 )
...
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott
ff6be40f5e
feat(oidc): pushed authorization requests ( #4546 )
...
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott
e9fd4160e4
docs: add important note for implicit consent ( #4901 )
2023-02-08 13:51:23 +11:00
James Elliott
d1147f9ac4
docs: refactor oidc config docs ( #4892 )
2023-02-08 01:29:43 +11:00
James Elliott
a7ccf3652f
docs: fix rfc references and fix misc issues ( #4879 )
2023-02-05 18:11:30 +11:00
James Elliott
7e285f461f
docs: add common oidc shortcode and update ( #4862 )
2023-02-02 12:30:06 +11:00
James Elliott
a33b37a9cd
docs: make several openid connect areas uniform ( #4824 )
2023-01-26 10:59:18 +11:00
James Elliott
adaf069eab
feat(oidc): per-client pkce enforcement policy ( #4692 )
...
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
James Elliott
b4d9e21387
docs: fix misc url issues ( #4503 )
2022-12-07 20:43:02 +11:00
James Elliott
12e3cd56b1
docs: refactor generator guides ( #4244 )
2022-10-23 18:09:19 +11:00
James Elliott
9e29295bdf
docs(oidc): adjust client secret information ( #4211 )
2022-10-20 15:27:09 +11:00
James Elliott
248f1d49d4
feat(oidc): hashed client secrets ( #4026 )
...
Allow use of hashed OpenID Connect client secrets.
2022-10-20 14:21:45 +11:00
James Elliott
3aaca0604f
feat(oidc): implicit consent ( #4080 )
...
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott
6810c91d34
feat(oidc): issuer jwk certificates ( #3989 )
...
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
James Elliott
a8849f1b9e
docs: misc consistency adjustments ( #3904 )
2022-08-26 13:26:58 +10:00
Northguy
ca423cd1d5
docs: add reference docs for oidc userinfo sig ( #3875 )
...
Documenting details userinfo_signing_algorithm. Related to #3869 .
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-08-26 11:55:48 +10:00
Archef2000
a714190eec
docs: misc grammar fix ( #3655 )
...
Corrected gramma in redirection_uris of clients.
2022-07-13 13:44:22 +10:00
James Elliott
352b360a50
docs: update dates ( #3615 )
2022-06-28 15:27:14 +10:00
James Elliott
e2e1d6d30b
docs: update integration guides to reference get started ( #3573 )
2022-06-22 22:58:23 +10:00
James Elliott
b102ebb6bb
docs: improve secrets documentation ( #3565 )
...
Improve documentation around secrets.
2022-06-21 19:45:08 +10:00
James Elliott
b2c60ef898
feat: major documentation refresh ( #3475 )
...
This marks the launch of the new documentation website.
2022-06-15 17:51:47 +10:00