lukaszraczylo/traefikoidc
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/traefikoidc.git synced 2026-06-05 22:44:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
53 Commits 8 Branches 140 Tags
31de2c63b2a422bdb066c0e7e629d48ad854efda
Commit Graph

53 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lukaszraczylo 31de2c63b2 Revert "Update go mod dependencies." 
This reverts commit dedbdf63c3.
 2024-11-06 11:33:04 +00:00
lukaszraczylo 7dd9205277 Update go mod dependencies. 2024-11-06 11:33:04 +00:00
lukaszraczylo f3598e4ab8 Add simple benchmark to track the allocations and speed for future improvements. 2024-11-06 11:33:03 +00:00
lukaszraczylo 218165d365 Cleanup and optimise the code. 2024-11-06 11:33:03 +00:00
lukaszraczylo dc4c4824cd Add support for more algorithms. 2024-11-06 11:33:03 +00:00
lukaszraczylo 345c0c4a11 Abstract filling up maps. 2024-11-06 11:32:37 +00:00
lukaszraczylo da4f97de04 Fix the bug with user not being redirected to originally requested URL post authentication. 2024-11-06 11:32:36 +00:00
lukaszraczylo ce916f3ca3 Update documentation - setting secrets in kubernetes. 2024-11-06 11:32:36 +00:00
lukaszraczylo 6f2cf65d49 Fix the tests hanging on the open channel. 2024-11-06 11:32:36 +00:00
lukaszraczylo 78b9d611f0 Improvement - startup time. 
Previous implementations blocked the traefik startup until OIDC plugin was loaded.
This caused chicken-or-egg issue when called OIDC endpoint was hosted by the same traefik as well,
generating rather ridiculous situation when traefik couldn't come up because plugin tried to call the
discovery endpoint which was hosted by the same traefik.

This version resolves the issue allowing for quickstart and lazy loading of the provider metadata.
Disadvantage is - until discovery is done, the plugin will not provide any access to the client.
 2024-11-06 11:32:36 +00:00
lukaszraczylo 2bb1debeb3 First step in improvement of caching mechanism. 2024-11-06 11:32:36 +00:00
lukaszraczylo 93b49b6d17 Add support for roles and groups. 2024-11-06 11:32:35 +00:00
lukaszraczylo 7a53da6080 Update tests and additional fixups. 2024-11-06 11:32:35 +00:00
lukaszraczylo 66e08755c1 Update the tests to handle nonce 2024-11-06 11:32:35 +00:00
lukaszraczylo d6fd3467c3 Support additional verification of the token to ensure OIDC compliance 2024-11-06 11:32:35 +00:00
lukaszraczylo 6196a72a8e Update dependencies. 2024-11-06 11:32:34 +00:00
lukaszraczylo ac4c3492b1 Update README.md 2024-10-03 14:00:44 +01:00
lukaszraczylo 9ff6779caa Add support for different signing algorithms 2024-10-03 14:00:43 +01:00
lukaszraczylo a7d42de0a4 Invalidate user session with provider on logout 2024-10-03 14:00:43 +01:00
lukaszraczylo 6cd06831f0 Add logout URL to the invalid authentication email. 
This is to prevent deadlock when user has logged in with wrong email address.
 2024-10-03 14:00:43 +01:00
lukaszraczylo 2fbca0a88c Add allowed domains list. 2024-10-03 14:00:43 +01:00
lukaszraczylo e97d8e15ff Another attempt to fix the issue with expired session. 2024-10-03 14:00:43 +01:00
lukaszraczylo 38433dfff8 Improve handling of expired sessions 2024-10-03 14:00:43 +01:00
lukaszraczylo dca2b5214c Fix: Fix the redirection when the user session expired or 
was not preserved by traefik server.
 2024-10-03 14:00:42 +01:00
Jiri Matejicek 7e8b4ecea7 Add authenticated user email to the header X-Forwarded-User 2024-10-03 14:00:42 +01:00
lukaszraczylo b1c0fc5583 Resolve invalid state parameter issue. 2024-10-03 14:00:42 +01:00
lukaszraczylo e9e1fccf5e Fix up the excluded URLs configuration. 2024-10-03 14:00:42 +01:00
lukaszraczylo 23adb28a54 Revert "Update dependencies, switch to go 1.23" 
This reverts commit be5a13d7a9d32a23de247992232fe6ab87abf644.
 2024-10-03 14:00:42 +01:00
lukaszraczylo 8285b020bc Update dependencies, switch to go 1.23 2024-10-03 14:00:42 +01:00
lukaszraczylo 77ead9b8a1 Add option to exclude URLs from the authentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 448392e9bd Update: Don't refresh token / issue cookie on every request. 2024-10-03 14:00:41 +01:00
lukaszraczylo 1fd480b257 Add session refresh. 2024-10-03 14:00:41 +01:00
lukaszraczylo a4a943ae9c Fix the issue when expired token did not forced reauthentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 4968c5f93a Optimise: Build auth URL. 2024-10-03 14:00:41 +01:00
lukaszraczylo 5652ade5e2 Add basic benchmarks. 2024-10-03 14:00:40 +01:00
lukaszraczylo 7725d8d864 Parallel signature verification and http client connection pool. 2024-10-03 14:00:40 +01:00
lukaszraczylo 0ada593437 Run token cache and blacklist cleanup every minute. 2024-10-03 14:00:40 +01:00
lukaszraczylo 13572003a5 Even more tests, crossed 50% coverage 2024-10-03 14:00:39 +01:00
lukaszraczylo 8767756431 Add tests 2024-10-03 14:00:39 +01:00
lukaszraczylo 4b99a4c5fa Fix logging, add additional settings for to the middleware. 2024-10-03 14:00:38 +01:00
lukaszraczylo 622b11f586 Ensure that when user session expires - the user is redirected back to the provider login page. 2024-07-25 09:54:31 +01:00
lukaszraczylo c588d6cd4d Add default non-empty logout URL. 2024-07-25 00:28:15 +01:00
lukaszraczylo d1fa76b6b5 Update documentation. 2024-07-25 00:25:20 +01:00
lukaszraczylo 3fe92d38e0 Add support for logout URL. 2024-07-25 00:21:39 +01:00
lukaszraczylo 4baf3fbefd Optimise the JWT token cache / creation and verification. 2024-07-24 23:53:41 +01:00
lukaszraczylo 1725579d82 Consolidate error handling. 2024-07-24 23:49:15 +01:00
lukaszraczylo 88c566ee9a Refactor codebase for clarity and consistency. 2024-07-24 23:46:27 +01:00
lukaszraczylo 6de1ccbd17 Add token cache to speed up the process and reduce the number of requests to the oidc endpoint. 2024-07-24 18:30:51 +01:00
lukaszraczylo 1649c72b9e Add debugging logging. 2024-07-24 16:34:24 +01:00
lukaszraczylo c26b18c8b7 Verify provided token on every request. 2024-07-24 14:45:13 +01:00