lukaszraczylo/traefikoidc
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/traefikoidc.git synced 2026-06-05 22:44:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
53 Commits 8 Branches 140 Tags
af032c6cd3e4664fa1e8f53ee321354e477a89c6
Commit Graph

53 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lukaszraczylo af032c6cd3 Add simple benchmark to track the allocations and speed for future improvements. 2024-10-08 14:41:43 +01:00
lukaszraczylo 9938cff053 fixup! Cleanup and optimise the code. 2024-10-08 14:26:26 +01:00
lukaszraczylo 7a404ef76f Cleanup and optimise the code. 2024-10-08 14:14:47 +01:00
lukaszraczylo 63922f362f fixup! Add support for more algorithms. 2024-10-07 16:07:07 +01:00
lukaszraczylo 2de9297ab6 Add support for more algorithms. 2024-10-07 16:01:07 +01:00
lukaszraczylo 971c84f762 Abstract filling up maps. 2024-10-07 15:56:24 +01:00
lukaszraczylo d2a0d2167e Fix the bug with user not being redirected to originally requested URL post authentication. v0.3.4 2024-10-05 09:33:56 +01:00
lukaszraczylo c46d958397 Update documentation - setting secrets in kubernetes. 2024-10-04 17:15:43 +01:00
lukaszraczylo 95cf0034d6 Fix the tests hanging on the open channel. v0.3.3 2024-10-04 14:39:37 +01:00
lukaszraczylo 380ef96571 Improvement - startup time. 
Previous implementations blocked the traefik startup until OIDC plugin was loaded.
This caused chicken-or-egg issue when called OIDC endpoint was hosted by the same traefik as well,
generating rather ridiculous situation when traefik couldn't come up because plugin tried to call the
discovery endpoint which was hosted by the same traefik.

This version resolves the issue allowing for quickstart and lazy loading of the provider metadata.
Disadvantage is - until discovery is done, the plugin will not provide any access to the client.
 2024-10-04 14:22:16 +01:00
lukaszraczylo 1886396dc1 First step in improvement of caching mechanism. 2024-10-04 14:05:12 +01:00
lukaszraczylo 24ecf00053 Add support for roles and groups. v0.3.2 2024-10-03 19:48:43 +01:00
lukaszraczylo e338992f84 Update tests and additional fixups. v0.3.1 2024-10-03 14:00:47 +01:00
lukaszraczylo a9a596031b Update the tests to handle nonce 2024-10-03 14:00:44 +01:00
lukaszraczylo 23afcad2ba Support additional verification of the token to ensure OIDC compliance 2024-10-03 14:00:44 +01:00
lukaszraczylo d06f9fcf90 Update dependencies. 2024-10-03 14:00:44 +01:00
lukaszraczylo ac4c3492b1 Update README.md 2024-10-03 14:00:44 +01:00
lukaszraczylo 9ff6779caa Add support for different signing algorithms 2024-10-03 14:00:43 +01:00
lukaszraczylo a7d42de0a4 Invalidate user session with provider on logout 2024-10-03 14:00:43 +01:00
lukaszraczylo 6cd06831f0 Add logout URL to the invalid authentication email. 
This is to prevent deadlock when user has logged in with wrong email address.
 2024-10-03 14:00:43 +01:00
lukaszraczylo 2fbca0a88c Add allowed domains list. 2024-10-03 14:00:43 +01:00
lukaszraczylo e97d8e15ff Another attempt to fix the issue with expired session. 2024-10-03 14:00:43 +01:00
lukaszraczylo 38433dfff8 Improve handling of expired sessions 2024-10-03 14:00:43 +01:00
lukaszraczylo dca2b5214c Fix: Fix the redirection when the user session expired or 
was not preserved by traefik server.
 2024-10-03 14:00:42 +01:00
Jiri Matejicek 7e8b4ecea7 Add authenticated user email to the header X-Forwarded-User 2024-10-03 14:00:42 +01:00
lukaszraczylo b1c0fc5583 Resolve invalid state parameter issue. 2024-10-03 14:00:42 +01:00
lukaszraczylo e9e1fccf5e Fix up the excluded URLs configuration. 2024-10-03 14:00:42 +01:00
lukaszraczylo 23adb28a54 Revert "Update dependencies, switch to go 1.23" 
This reverts commit be5a13d7a9d32a23de247992232fe6ab87abf644.
 2024-10-03 14:00:42 +01:00
lukaszraczylo 8285b020bc Update dependencies, switch to go 1.23 2024-10-03 14:00:42 +01:00
lukaszraczylo 77ead9b8a1 Add option to exclude URLs from the authentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 448392e9bd Update: Don't refresh token / issue cookie on every request. 2024-10-03 14:00:41 +01:00
lukaszraczylo 1fd480b257 Add session refresh. 2024-10-03 14:00:41 +01:00
lukaszraczylo a4a943ae9c Fix the issue when expired token did not forced reauthentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 4968c5f93a Optimise: Build auth URL. 2024-10-03 14:00:41 +01:00
lukaszraczylo 5652ade5e2 Add basic benchmarks. 2024-10-03 14:00:40 +01:00
lukaszraczylo 7725d8d864 Parallel signature verification and http client connection pool. 2024-10-03 14:00:40 +01:00
lukaszraczylo 0ada593437 Run token cache and blacklist cleanup every minute. 2024-10-03 14:00:40 +01:00
lukaszraczylo 13572003a5 Even more tests, crossed 50% coverage 2024-10-03 14:00:39 +01:00
lukaszraczylo 8767756431 Add tests 2024-10-03 14:00:39 +01:00
lukaszraczylo 4b99a4c5fa Fix logging, add additional settings for to the middleware. 2024-10-03 14:00:38 +01:00
lukaszraczylo 622b11f586 Ensure that when user session expires - the user is redirected back to the provider login page. 2024-07-25 09:54:31 +01:00
lukaszraczylo c588d6cd4d Add default non-empty logout URL. 2024-07-25 00:28:15 +01:00
lukaszraczylo d1fa76b6b5 Update documentation. 2024-07-25 00:25:20 +01:00
lukaszraczylo 3fe92d38e0 Add support for logout URL. 2024-07-25 00:21:39 +01:00
lukaszraczylo 4baf3fbefd Optimise the JWT token cache / creation and verification. 2024-07-24 23:53:41 +01:00
lukaszraczylo 1725579d82 Consolidate error handling. 2024-07-24 23:49:15 +01:00
lukaszraczylo 88c566ee9a Refactor codebase for clarity and consistency. 2024-07-24 23:46:27 +01:00
lukaszraczylo 6de1ccbd17 Add token cache to speed up the process and reduce the number of requests to the oidc endpoint. 2024-07-24 18:30:51 +01:00
lukaszraczylo 1649c72b9e Add debugging logging. 2024-07-24 16:34:24 +01:00
lukaszraczylo c26b18c8b7 Verify provided token on every request. 2024-07-24 14:45:13 +01:00