dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,815 Commits 3 Branches 0 Tags 75 MiB
c3724a618f
Commit Graph

184 Commits

Author SHA1 Message Date
Yadd
c3724a618f Fix versions 2022-02-01 17:09:31 +01:00
Maxime Besson
8cc84d9461 Missing openid scope should be an explicit error 2022-01-21 15:23:20 +01:00
Maxime Besson
fe4172a50a Change invalid_scope http code to 400 (#2622) 2021-10-27 00:17:28 +02:00
Maxime Besson
b21500122d Fix #2622 2021-10-26 16:53:24 +02:00
Maxime Besson
5ea7a0916d Add _oidc_grant_type variable (#2602) 2021-09-01 17:32:15 +02:00
Yadd
83b45db614 Fix versions 2021-06-28 15:36:29 +02:00
Clément OUDOT
262210398d Remove OIDC check session iframe from metadata (#2554) 2021-06-25 12:49:51 +02:00
Maxime Besson
8db02a693f Only release IDtoken when scope contains openid (#2550) 2021-06-21 09:38:03 +02:00
Maxime Besson
beaacca9a0 Refactor _handleRefreshTokenGrant to use _generateIDToken (#2550) 2021-06-21 09:38:03 +02:00
Maxime Besson
c931b30263 Refactor _generateIDToken (#2550) 2021-06-21 09:38:03 +02:00
Maxime Besson
e98aafd6f7 add oidcGenerateCode hook (#2532) 2021-05-31 11:16:28 +02:00
Maxime Besson
8695a633a7 Force type of JSON fields in token response (#2511) 2021-04-20 11:31:32 +02:00
Maxime Besson
c1e059eeb3 Use authChoiceAuthBasic to select Choice (#2502) 2021-04-07 16:40:32 +02:00
Maxime Besson
20e1f9ded0 Hash JWT to catch tampering (#2419) 
This mechanism's only purpose is to make the introsection endpoint fail
to verify the token when the JWT itself has been tampered with.
 2021-03-30 16:32:14 +02:00
Maxime Besson
02b680df30 fix #2489 2021-03-19 16:45:37 +01:00
Maxime Besson
44abc1e889 Add hook for client credentials (#2484) 2021-03-10 15:47:19 +01:00
Maxime Besson
0f626ad94c Add expiration time to Client Credential sessions (#2481) 2021-03-03 15:43:18 +01:00
Maxime Besson
e10d1e291c Return granted scopes if different from requested scopes (#2424) 2021-03-03 11:03:19 +01:00
Maxime Besson
6b9670c29d Use computed scopes to fill claims in ID token (#2424) 2021-03-03 11:03:19 +01:00
Maxime Besson
534745e5a2 Use computer scopes in Implicit/Hybrid responses (#2424) 2021-03-03 11:03:18 +01:00
Maxime Besson
4841c7755e Fix OAuth2 error code when supplying invalid code 2021-02-24 17:48:12 +01:00
Maxime Besson
5a8c20584b Fix OIDC message when calling technical endpoints with cookies (#2475) 2021-02-24 17:48:12 +01:00
Maxime Besson
cceb6f767e Use a dedicated function for OIDC error reporting (#2465) 2021-02-18 22:06:39 +01:00
Maxime Besson
09dda56cb8 Refactor: rename method in issuer 2021-02-01 18:20:32 +01:00
Maxime Besson
435ba82144 Refactor: rename and move getJWTJSONData 2021-02-01 18:20:32 +01:00
Maxime Besson
aa877cf0a3 Let newAccessToken emit JWT (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dc0bacd6f0 Accept Access Tokens in JWT format (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dbddddfba1 Refactor newAccessToken (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
5303b4fc3e Fix error format when sending an expired refresh token 2021-02-01 18:15:55 +01:00
Maxime Besson
4c1f49a90f Use dynamic scope in issuer (#2424) 2021-02-01 16:25:35 +01:00
Christophe Maudoux
24cec1e08f Fix warning 2021-01-23 23:27:46 +01:00
Maxime Besson
25fb8ca0f0 Implement client credentials grant (#1987) 2021-01-19 17:06:21 +01:00
Maxime Besson
5e439b2f24 Advertise client credentials grant (#1987) 2021-01-19 16:47:21 +01:00
Maxime Besson
dd5e9ec156 Tidy 2021-01-19 16:44:06 +01:00
Maxime Besson
daef0cf776 add oidcGenerateUserInfoResponse hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
faadb3f059 add oidcGotRequest hook (#2359) 2020-11-27 14:00:58 +01:00
Christophe Maudoux
c742d8320e Set user and oldpassword fields into reset password form & Improve unit tests (#2377) 2020-11-09 13:27:16 +01:00
Christophe Maudoux
e704fe24ea Fix warning if no path given & code refactoring 2020-10-26 19:21:54 +01:00
Maxime Besson
7a36489b73 oidc issuer: check auth level and reauth if insufficient (#2124) 2020-09-04 17:15:34 +02:00
Maxime Besson
8bfa5179cc Issuers: Store required auth level in pdata (#2124) 2020-09-04 17:14:04 +02:00
Maxime Besson
52c6edb453 Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros (#2280) 2020-08-17 22:06:09 +02:00
Clément OUDOT
2da914cc90 Publish support for refresh_token grant_type (#2242) 2020-06-18 09:43:56 +02:00
Maxime Besson
33a5496e55 Fix regression in #2085 (#2224) 
Clearing all hidden form values was a mistake as it breaks SAML when the
redirection URL contains a query string. We should keep existing hidden
fields. In the context of OIDC request, we clear them before redirection
to avoid #2085
 2020-05-29 15:51:51 +02:00
Maxime Besson
e607d8281f OIDC: do not advertise missing functionality (#1194) 
Back-Channel logout is not supported yet
 2020-04-24 12:15:51 +02:00
Clément OUDOT
138ee4284f Disable cache when registering a new OIDC client (#2058) 2020-04-24 11:52:04 +02:00
Maxime Besson
a3821fc560 Implement additional audiences in ID token (#2177) 2020-04-24 11:10:44 +02:00
Maxime Besson
6ccf078432 Implement Resource Owner Password Credentials grant (#2155) 2020-04-23 17:49:25 +02:00
Maxime Besson
ded6c74fe0 Allow special characters in scope names (#2168) 2020-04-23 14:50:53 +02:00
Maxime Besson
31f05b9e2d Make Introspection endpoint look for offline sessions (#2171) 2020-04-23 10:29:08 +02:00
Maxime Besson
626715a580 Prevent duplicate consents in psession (#2169) 2020-04-22 21:26:38 +02:00