The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details. Fix this by using an explicit URL
instead.
Fixes#1851
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
Unify the interface for reading web statics. Now it could read an
OS directory or get the content on live
One could use
//go:embed static
var webFiles embed.FS
anywhere and config dex server to take the file system by setting
WebConfig{WebFS: webFiles}
Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
* Added /device/token handler with associated business logic and storage tests.
Perform user code exchange, flag the device code as complete.
Moved device handler code into its own file for cleanliness. Cleanup
* Removed PKCE code
* Rate limiting for /device/token endpoint based on ietf standards
* Configurable Device expiry
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
* common - both personal and business/school accounts
* organizations - only business/school accounts
* consumers - only personal accounts
* <tenant uuid> - only account of specific tenant
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
This way, the user who has selected, say, "Log in with Email" can make up
their mind, and select a different connector instead.
However, if there's only one connector set up, none of this makes sense -- and
the link will thus not be displayed.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.
Before, irregardless of how the LDAP connector was set up, the prompt
was
Username
[_________________]
Password
[_________________]
Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.
If it's not configured, it will default to "Username".
For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
connector/linkedin implements authorization strategy via LinkedIn's
OAuth2 endpoint + profile API.
It doesn't implement RefreshConnector as LinkedIn doesn't provide any
refresh token at all (https://developer.linkedin.com/docs/oauth2, Step 5
— Refresh your Access Tokens) and recommends ordinary AuthCode exchange
flow when token refresh is required.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Philip Corliss
Maksim Nabokikh
Pablo Ovelleiro Corral
Alastair Houghton
Márk Sági-Kazár
Mark Sagi-Kazar
Rui Yang
Rui Yang
Brian Candler
Maksim Nabokikh
Justin Slowik
Ivan Mikheykin
Yannis Zarkadas
Pavel Borzenkov
Stephan Renatus
Geoff Greer
cpanato