Maxime Besson
826308fbbf
Fix check after saveConf ( #2742 )
2022-04-26 19:09:18 +02:00
Yadd
b88a72c267
tidy
2022-02-16 17:43:29 +01:00
Yadd
c3724a618f
Fix versions
2022-02-01 17:09:31 +01:00
Maxime Besson
8cc84d9461
Missing openid scope should be an explicit error
2022-01-21 15:23:20 +01:00
Maxime Besson
fe4172a50a
Change invalid_scope http code to 400 ( #2622 )
2021-10-27 00:17:28 +02:00
Maxime Besson
b21500122d
Fix #2622
2021-10-26 16:53:24 +02:00
Maxime Besson
5ea7a0916d
Add _oidc_grant_type variable ( #2602 )
2021-09-01 17:32:15 +02:00
Yadd
83b45db614
Fix versions
2021-06-28 15:36:29 +02:00
Clément OUDOT
262210398d
Remove OIDC check session iframe from metadata ( #2554 )
2021-06-25 12:49:51 +02:00
Maxime Besson
8db02a693f
Only release IDtoken when scope contains openid ( #2550 )
2021-06-21 09:38:03 +02:00
Maxime Besson
beaacca9a0
Refactor _handleRefreshTokenGrant to use _generateIDToken ( #2550 )
2021-06-21 09:38:03 +02:00
Maxime Besson
c931b30263
Refactor _generateIDToken ( #2550 )
2021-06-21 09:38:03 +02:00
Maxime Besson
e98aafd6f7
add oidcGenerateCode hook ( #2532 )
2021-05-31 11:16:28 +02:00
Maxime Besson
8695a633a7
Force type of JSON fields in token response ( #2511 )
2021-04-20 11:31:32 +02:00
Maxime Besson
c1e059eeb3
Use authChoiceAuthBasic to select Choice ( #2502 )
2021-04-07 16:40:32 +02:00
Maxime Besson
20e1f9ded0
Hash JWT to catch tampering ( #2419 )
...
This mechanism's only purpose is to make the introsection endpoint fail
to verify the token when the JWT itself has been tampered with.
2021-03-30 16:32:14 +02:00
Maxime Besson
02b680df30
fix #2489
2021-03-19 16:45:37 +01:00
Maxime Besson
44abc1e889
Add hook for client credentials ( #2484 )
2021-03-10 15:47:19 +01:00
Maxime Besson
0f626ad94c
Add expiration time to Client Credential sessions ( #2481 )
2021-03-03 15:43:18 +01:00
Maxime Besson
e10d1e291c
Return granted scopes if different from requested scopes ( #2424 )
2021-03-03 11:03:19 +01:00
Maxime Besson
6b9670c29d
Use computed scopes to fill claims in ID token ( #2424 )
2021-03-03 11:03:19 +01:00
Maxime Besson
534745e5a2
Use computer scopes in Implicit/Hybrid responses ( #2424 )
2021-03-03 11:03:18 +01:00
Maxime Besson
4841c7755e
Fix OAuth2 error code when supplying invalid code
2021-02-24 17:48:12 +01:00
Maxime Besson
5a8c20584b
Fix OIDC message when calling technical endpoints with cookies ( #2475 )
2021-02-24 17:48:12 +01:00
Maxime Besson
cceb6f767e
Use a dedicated function for OIDC error reporting ( #2465 )
2021-02-18 22:06:39 +01:00
Maxime Besson
09dda56cb8
Refactor: rename method in issuer
2021-02-01 18:20:32 +01:00
Maxime Besson
435ba82144
Refactor: rename and move getJWTJSONData
2021-02-01 18:20:32 +01:00
Maxime Besson
aa877cf0a3
Let newAccessToken emit JWT ( #2419 )
2021-02-01 18:15:55 +01:00
Maxime Besson
dc0bacd6f0
Accept Access Tokens in JWT format ( #2419 )
2021-02-01 18:15:55 +01:00
Maxime Besson
dbddddfba1
Refactor newAccessToken ( #2419 )
2021-02-01 18:15:55 +01:00
Maxime Besson
5303b4fc3e
Fix error format when sending an expired refresh token
2021-02-01 18:15:55 +01:00
Maxime Besson
4c1f49a90f
Use dynamic scope in issuer ( #2424 )
2021-02-01 16:25:35 +01:00
Christophe Maudoux
24cec1e08f
Fix warning
2021-01-23 23:27:46 +01:00
Maxime Besson
25fb8ca0f0
Implement client credentials grant ( #1987 )
2021-01-19 17:06:21 +01:00
Maxime Besson
5e439b2f24
Advertise client credentials grant ( #1987 )
2021-01-19 16:47:21 +01:00
Maxime Besson
dd5e9ec156
Tidy
2021-01-19 16:44:06 +01:00
Maxime Besson
daef0cf776
add oidcGenerateUserInfoResponse hook ( #2359 )
2020-11-27 14:00:58 +01:00
Maxime Besson
faadb3f059
add oidcGotRequest hook ( #2359 )
2020-11-27 14:00:58 +01:00
Christophe Maudoux
c742d8320e
Set user and oldpassword fields into reset password form & Improve unit tests ( #2377 )
2020-11-09 13:27:16 +01:00
Christophe Maudoux
e704fe24ea
Fix warning if no path given & code refactoring
2020-10-26 19:21:54 +01:00
Maxime Besson
7a36489b73
oidc issuer: check auth level and reauth if insufficient ( #2124 )
2020-09-04 17:15:34 +02:00
Maxime Besson
8bfa5179cc
Issuers: Store required auth level in pdata ( #2124 )
2020-09-04 17:14:04 +02:00
Maxime Besson
52c6edb453
Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros ( #2280 )
2020-08-17 22:06:09 +02:00
Clément OUDOT
2da914cc90
Publish support for refresh_token grant_type ( #2242 )
2020-06-18 09:43:56 +02:00
Maxime Besson
33a5496e55
Fix regression in #2085 ( #2224 )
...
Clearing all hidden form values was a mistake as it breaks SAML when the
redirection URL contains a query string. We should keep existing hidden
fields. In the context of OIDC request, we clear them before redirection
to avoid #2085
2020-05-29 15:51:51 +02:00
Maxime Besson
e607d8281f
OIDC: do not advertise missing functionality ( #1194 )
...
Back-Channel logout is not supported yet
2020-04-24 12:15:51 +02:00
Clément OUDOT
138ee4284f
Disable cache when registering a new OIDC client ( #2058 )
2020-04-24 11:52:04 +02:00
Maxime Besson
a3821fc560
Implement additional audiences in ID token ( #2177 )
2020-04-24 11:10:44 +02:00
Maxime Besson
6ccf078432
Implement Resource Owner Password Credentials grant ( #2155 )
2020-04-23 17:49:25 +02:00
Maxime Besson
ded6c74fe0
Allow special characters in scope names ( #2168 )
2020-04-23 14:50:53 +02:00