lukaszraczylo/traefikoidc
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/traefikoidc.git synced 2026-06-05 22:44:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
59 Commits 8 Branches 140 Tags
01ee7c4dc848efb9ac7712a3035d109057567de3
Commit Graph

40 Commits

Author SHA1 Message Date
lukaszraczylo 01ee7c4dc8 Improve cookie setting. 2024-12-10 10:19:35 +00:00
lukaszraczylo a6fa4d8789 Downgrade gorilla sessions preventing the publishing by traefik hub temporarily. 2024-12-10 10:19:34 +00:00
lukaszraczylo 8ca669105b Fix OIDC logout issue, improve test coverage, load provider once. 2024-11-06 11:33:29 +00:00
lukaszraczylo 218165d365 Cleanup and optimise the code. 2024-11-06 11:33:03 +00:00
lukaszraczylo 345c0c4a11 Abstract filling up maps. 2024-11-06 11:32:37 +00:00
lukaszraczylo 6f2cf65d49 Fix the tests hanging on the open channel. 2024-11-06 11:32:36 +00:00
lukaszraczylo 78b9d611f0 Improvement - startup time. 
Previous implementations blocked the traefik startup until OIDC plugin was loaded.
This caused chicken-or-egg issue when called OIDC endpoint was hosted by the same traefik as well,
generating rather ridiculous situation when traefik couldn't come up because plugin tried to call the
discovery endpoint which was hosted by the same traefik.

This version resolves the issue allowing for quickstart and lazy loading of the provider metadata.
Disadvantage is - until discovery is done, the plugin will not provide any access to the client.
 2024-11-06 11:32:36 +00:00
lukaszraczylo 2bb1debeb3 First step in improvement of caching mechanism. 2024-11-06 11:32:36 +00:00
lukaszraczylo 93b49b6d17 Add support for roles and groups. 2024-11-06 11:32:35 +00:00
lukaszraczylo 7a53da6080 Update tests and additional fixups. 2024-11-06 11:32:35 +00:00
lukaszraczylo d6fd3467c3 Support additional verification of the token to ensure OIDC compliance 2024-11-06 11:32:35 +00:00
lukaszraczylo 9ff6779caa Add support for different signing algorithms 2024-10-03 14:00:43 +01:00
lukaszraczylo a7d42de0a4 Invalidate user session with provider on logout 2024-10-03 14:00:43 +01:00
lukaszraczylo 6cd06831f0 Add logout URL to the invalid authentication email. 
This is to prevent deadlock when user has logged in with wrong email address.
 2024-10-03 14:00:43 +01:00
lukaszraczylo 2fbca0a88c Add allowed domains list. 2024-10-03 14:00:43 +01:00
lukaszraczylo e97d8e15ff Another attempt to fix the issue with expired session. 2024-10-03 14:00:43 +01:00
lukaszraczylo 38433dfff8 Improve handling of expired sessions 2024-10-03 14:00:43 +01:00
lukaszraczylo dca2b5214c Fix: Fix the redirection when the user session expired or 
was not preserved by traefik server.
 2024-10-03 14:00:42 +01:00
Jiri Matejicek 7e8b4ecea7 Add authenticated user email to the header X-Forwarded-User 2024-10-03 14:00:42 +01:00
lukaszraczylo b1c0fc5583 Resolve invalid state parameter issue. 2024-10-03 14:00:42 +01:00
lukaszraczylo e9e1fccf5e Fix up the excluded URLs configuration. 2024-10-03 14:00:42 +01:00
lukaszraczylo 77ead9b8a1 Add option to exclude URLs from the authentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 448392e9bd Update: Don't refresh token / issue cookie on every request. 2024-10-03 14:00:41 +01:00
lukaszraczylo 1fd480b257 Add session refresh. 2024-10-03 14:00:41 +01:00
lukaszraczylo a4a943ae9c Fix the issue when expired token did not forced reauthentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 4968c5f93a Optimise: Build auth URL. 2024-10-03 14:00:41 +01:00
lukaszraczylo 7725d8d864 Parallel signature verification and http client connection pool. 2024-10-03 14:00:40 +01:00
lukaszraczylo 0ada593437 Run token cache and blacklist cleanup every minute. 2024-10-03 14:00:40 +01:00
lukaszraczylo 13572003a5 Even more tests, crossed 50% coverage 2024-10-03 14:00:39 +01:00
lukaszraczylo 8767756431 Add tests 2024-10-03 14:00:39 +01:00
lukaszraczylo 4b99a4c5fa Fix logging, add additional settings for to the middleware. 2024-10-03 14:00:38 +01:00
lukaszraczylo 622b11f586 Ensure that when user session expires - the user is redirected back to the provider login page. 2024-07-25 09:54:31 +01:00
lukaszraczylo 3fe92d38e0 Add support for logout URL. 2024-07-25 00:21:39 +01:00
lukaszraczylo 4baf3fbefd Optimise the JWT token cache / creation and verification. 2024-07-24 23:53:41 +01:00
lukaszraczylo 88c566ee9a Refactor codebase for clarity and consistency. 2024-07-24 23:46:27 +01:00
lukaszraczylo 6de1ccbd17 Add token cache to speed up the process and reduce the number of requests to the oidc endpoint. 2024-07-24 18:30:51 +01:00
lukaszraczylo 1649c72b9e Add debugging logging. 2024-07-24 16:34:24 +01:00
lukaszraczylo c26b18c8b7 Verify provided token on every request. 2024-07-24 14:45:13 +01:00
lukaszraczylo cf66d988b7 Add vendored dependencies. 2024-07-24 14:33:07 +01:00
lukaszraczylo 12273ecfe8 initial commit 2024-04-07 00:50:02 +01:00