dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,133 Commits 3 Branches 0 Tags 75 MiB
20e1f9ded0
Commit Graph

88 Commits

Author SHA1 Message Date
Maxime Besson
20e1f9ded0 Hash JWT to catch tampering (#2419) 
This mechanism's only purpose is to make the introsection endpoint fail
to verify the token when the JWT itself has been tampered with.
 2021-03-30 16:32:14 +02:00
Maxime Besson
a70051e3fe Remove deprecated base64url implementation 
All our target distros now have base64url in Mime::Base64
 2021-03-03 11:03:19 +01:00
Maxime Besson
bb95e681e6 Tidy 2021-03-03 11:03:19 +01:00
Maxime Besson
e10d1e291c Return granted scopes if different from requested scopes (#2424) 2021-03-03 11:03:19 +01:00
Maxime Besson
2d7f9e34a6 OIDC: Return error if multiple client auth used (#2474) 2021-02-24 17:48:12 +01:00
Maxime Besson
cceb6f767e Use a dedicated function for OIDC error reporting (#2465) 2021-02-18 22:06:39 +01:00
Maxime Besson
a1ed57c035 Add typ header to access token jwt (#2419) 2021-02-03 09:43:35 +01:00
Maxime Besson
1cd7dd3d2c Add hook for access token JWT payload (#2419) 2021-02-01 18:20:32 +01:00
Maxime Besson
d86e8ce0df Refactor: remove extractJWT 2021-02-01 18:20:32 +01:00
Maxime Besson
cb04670003 Refactor checksignature 2021-02-01 18:20:32 +01:00
Maxime Besson
435ba82144 Refactor: rename and move getJWTJSONData 2021-02-01 18:20:32 +01:00
Maxime Besson
6aef1a6317 Refactor: getUserInfo now returns a hash 2021-02-01 18:20:32 +01:00
Maxime Besson
f3c97c22dc Refactor access token id lookup into Common::JWT 2021-02-01 18:20:32 +01:00
Maxime Besson
aa877cf0a3 Let newAccessToken emit JWT (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dc0bacd6f0 Accept Access Tokens in JWT format (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
acaaf1c749 Refactor buildUserInfo (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dbddddfba1 Refactor newAccessToken (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
5562d8b1dd Add a function to resolve allowed scopes from rules (#2424) 2021-02-01 16:25:35 +01:00
Maxime Besson
c30b452aa3 Load dynamic scopes from config (#2424) 2021-02-01 16:25:35 +01:00
Christophe Maudoux
d6e351ab90 Tidy 2021-01-19 22:45:05 +01:00
Maxime Besson
5b4e533f44 Add _scope and _clientID to portal (#1987) 2021-01-19 17:06:21 +01:00
Maxime Besson
dd5e9ec156 Tidy 2021-01-19 16:44:06 +01:00
Maxime Besson
f49c1adf17 add oidcGenerateIDToken hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
daef0cf776 add oidcGenerateUserInfoResponse hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
fa2301ab0e Force OIDC claim types according to config (#2330) 2020-11-06 19:00:52 +01:00
Maxime Besson
52c6edb453 Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros (#2280) 2020-08-17 22:06:09 +02:00
Clément OUDOT
d1418952eb Convert mutli-valued attributes into arrays for OIDC UserInfo (#2256) 2020-07-16 20:19:41 +02:00
Clément OUDOT
c5db3bc8bd Add country to address claim (#2257) 2020-07-16 19:58:53 +02:00
Maxime Besson
a3821fc560 Implement additional audiences in ID token (#2177) 2020-04-24 11:10:44 +02:00
Maxime Besson
a217590869 Tidy OIDC 2020-04-22 21:25:56 +02:00
Maxime Besson
168dc75f96 OIDC: return id_token in hybrid flow (#2120) 2020-03-18 21:05:39 +01:00
Clément OUDOT
ae0d455e7f Use base64 URL to decode JWT (#2045) 2019-12-19 17:31:02 +01:00
Maxime Besson
32ecf37be4 OIDC per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Maxime Besson
713737c11f Add an option to return claims in ID token 2019-11-04 18:27:28 +01:00
Maxime Besson
b34a229eda Add doc for buildUserInfoResponseFromId 2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a Allow refresh tokens to be emitted for regular sessions (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98 Implement OIDC Offline sessions through refresh tokens (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Maxime Besson
6f058fb2fa Add manager manpages to deb 2019-07-03 15:17:16 +02:00
Clément OUDOT
e04a6f1983 Reject none algorithm when checking JWT signature (#1835) 2019-07-02 16:36:43 +02:00
Clément OUDOT
60c03010ce Use Base64URL for JWT generation (#1834) 2019-07-01 17:29:35 +02:00
Clément OUDOT
c024952b8f Do not fail if no RP or no OP configured (#1759) 2019-05-17 16:00:33 +02:00
Christophe Maudoux
c8dd4554aa Test if required secret elements are set to sign JWT 2019-05-02 14:33:56 +02:00
Clément OUDOT
926262170b Implement PKCE in OIDC provider (#1722) 2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7 Create a configuration option to allow a Relying Party to be a public client 
Allow unauthenticated requests on OAuth2 token endoint

#1725
 2019-04-29 10:02:16 +02:00
Xavier Guimard
2159957c34 Update versions 2019-04-05 09:54:43 +02:00
dcoutadeur
3af15b139e fix id_token validity not correctly evaluated #1662 2019-02-28 09:56:21 +01:00
Xavier Guimard
c7b4eb5051 tidy with new conf 2019-02-07 09:27:56 +01:00