In device-code template, same form tag has method="post", then
followed by method="get".. Chrome can handle that as post just fine,
but in headless environments you might be using Lynx, which uses GET:
it results in 400 Bad Request from Dex server.
Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details. Fix this by using an explicit URL
instead.
Fixes#1851
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
Unify the interface for reading web statics. Now it could read an
OS directory or get the content on live
One could use
//go:embed static
var webFiles embed.FS
anywhere and config dex server to take the file system by setting
WebConfig{WebFS: webFiles}
Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
* Added /device/token handler with associated business logic and storage tests.
Perform user code exchange, flag the device code as complete.
Moved device handler code into its own file for cleanliness. Cleanup
* Removed PKCE code
* Rate limiting for /device/token endpoint based on ietf standards
* Configurable Device expiry
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
Maksim Nabokikh
Logan
Tuomo Tanskanen
Philip Corliss
Pablo Ovelleiro Corral
Alastair Houghton
Márk Sági-Kazár
Mark Sagi-Kazar
Rui Yang
Rui Yang
Brian Candler
Maksim Nabokikh
Justin Slowik
Ivan Mikheykin