Commit graph

14 commits

Author SHA1 Message Date
Sam Chow
301cc6992a Remove jwt validation for jschorr to fix later
Refactor oauth validate method to take config over entire appconfig
2018-06-01 15:07:06 -04:00
Joseph Schorr
22a39c3007 Fix bug with missing & in authorization URL for OIDC
Also adds testing to ensure we don't break this again
2018-05-15 14:52:00 -04:00
Joseph Schorr
3cd314874f Add support for defining custom query parameters for OIDC endpoints
Fixes https://jira.coreos.com/browse/QUAY-886
2018-04-06 12:48:03 -04:00
Joseph Schorr
c55ad59f1f Allow admins to configure the login scopes for OIDC login
Some OIDC implementations return a larger set of scopes than is necessary, so we allow admins to override.
2017-12-06 15:54:26 -05:00
Joseph Schorr
bc82edb2d1 Add ability to configure OIDC internal auth engine via superuser panel 2017-09-12 12:23:52 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Joseph Schorr
751598056e Enable support in OIDC for endpoints without user info support
The user info endpoint is apparently optional.
2017-08-01 13:24:27 -04:00
Joseph Schorr
0c7bac26b7 Add additional debug logs to OIDC auth to make debugging easier 2017-04-07 11:48:53 -04:00
Joseph Schorr
002972fc2f Read OIDC issuer from the OIDC discovery document, if present 2017-04-07 11:39:34 -04:00
Joseph Schorr
157640e696 Add config validator for OIDC logins 2017-02-28 16:18:19 -05:00
Joseph Schorr
90b6a534c1 Change verify param in OIDC to read better 2017-01-26 12:00:43 -05:00
Joseph Schorr
a9791ea419 Have external login always make an API request to get the authorization URL
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
2017-01-23 19:06:19 -05:00
Joseph Schorr
fda203e4d7 Add proper and tested OIDC support on the server
Note that this will still not work on the client side; the followup CL for the client side is right after this one.
2017-01-23 17:53:34 -05:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
2017-01-20 15:21:08 -05:00