lukaszraczylo/traefikoidc
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/traefikoidc.git synced 2026-06-05 22:44:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
65 Commits 8 Branches 140 Tags
eecb7dfc928d7adb63f1b0ae6421823f5b467b60
Commit Graph

65 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lukaszraczylo eecb7dfc92 Improve test coverage 2025-01-06 11:01:20 +00:00
lukaszraczylo a8d65688c4 Improve documentation. 2025-01-06 10:44:49 +00:00
lukaszraczylo bef4212c57 Add support for the large tokens, which exceed the standard 4096 limit for cookie. v0.4.2 2024-12-11 12:55:16 +00:00
lukaszraczylo 1fee2f9e9a fixup! Re-introduce user roles separation with additional tests. v0.4.1 2024-12-11 09:11:34 +00:00
lukaszraczylo 11bc6f3e31 Re-introduce user roles separation with additional tests. 2024-12-11 09:08:50 +00:00
lukaszraczylo 2b7af88ff9 Move session management into session manager. Split the cookies to avoid the 4k limit ( resolves issue: #15 ) v0.4.0 2024-12-10 10:19:35 +00:00
lukaszraczylo 01ee7c4dc8 Improve cookie setting. 2024-12-10 10:19:35 +00:00
lukaszraczylo a6fa4d8789 Downgrade gorilla sessions preventing the publishing by traefik hub temporarily. 2024-12-10 10:19:34 +00:00
lukaszraczylo 8101fb2bf6 Clean up dependencies. 2024-11-06 11:51:20 +00:00
lukaszraczylo 8ca669105b Fix OIDC logout issue, improve test coverage, load provider once. v0.3.6 2024-11-06 11:33:29 +00:00
lukaszraczylo 555164160d Update dependencies. 2024-11-06 11:33:06 +00:00
lukaszraczylo 3fe537d38f Add ability to verify default ECDSA keys provided by logto as well. 2024-11-06 11:33:06 +00:00
lukaszraczylo 31de2c63b2 Revert "Update go mod dependencies." 
This reverts commit dedbdf63c3.
 2024-11-06 11:33:04 +00:00
lukaszraczylo 7dd9205277 Update go mod dependencies. 2024-11-06 11:33:04 +00:00
lukaszraczylo f3598e4ab8 Add simple benchmark to track the allocations and speed for future improvements. 2024-11-06 11:33:03 +00:00
lukaszraczylo 218165d365 Cleanup and optimise the code. 2024-11-06 11:33:03 +00:00
lukaszraczylo dc4c4824cd Add support for more algorithms. 2024-11-06 11:33:03 +00:00
lukaszraczylo 345c0c4a11 Abstract filling up maps. 2024-11-06 11:32:37 +00:00
lukaszraczylo da4f97de04 Fix the bug with user not being redirected to originally requested URL post authentication. 2024-11-06 11:32:36 +00:00
lukaszraczylo ce916f3ca3 Update documentation - setting secrets in kubernetes. 2024-11-06 11:32:36 +00:00
lukaszraczylo 6f2cf65d49 Fix the tests hanging on the open channel. 2024-11-06 11:32:36 +00:00
lukaszraczylo 78b9d611f0 Improvement - startup time. 
Previous implementations blocked the traefik startup until OIDC plugin was loaded.
This caused chicken-or-egg issue when called OIDC endpoint was hosted by the same traefik as well,
generating rather ridiculous situation when traefik couldn't come up because plugin tried to call the
discovery endpoint which was hosted by the same traefik.

This version resolves the issue allowing for quickstart and lazy loading of the provider metadata.
Disadvantage is - until discovery is done, the plugin will not provide any access to the client.
 2024-11-06 11:32:36 +00:00
lukaszraczylo 2bb1debeb3 First step in improvement of caching mechanism. 2024-11-06 11:32:36 +00:00
lukaszraczylo 93b49b6d17 Add support for roles and groups. 2024-11-06 11:32:35 +00:00
lukaszraczylo 7a53da6080 Update tests and additional fixups. 2024-11-06 11:32:35 +00:00
lukaszraczylo 66e08755c1 Update the tests to handle nonce 2024-11-06 11:32:35 +00:00
lukaszraczylo d6fd3467c3 Support additional verification of the token to ensure OIDC compliance 2024-11-06 11:32:35 +00:00
lukaszraczylo 6196a72a8e Update dependencies. 2024-11-06 11:32:34 +00:00
lukaszraczylo ac4c3492b1 Update README.md 2024-10-03 14:00:44 +01:00
lukaszraczylo 9ff6779caa Add support for different signing algorithms 2024-10-03 14:00:43 +01:00
lukaszraczylo a7d42de0a4 Invalidate user session with provider on logout 2024-10-03 14:00:43 +01:00
lukaszraczylo 6cd06831f0 Add logout URL to the invalid authentication email. 
This is to prevent deadlock when user has logged in with wrong email address.
 2024-10-03 14:00:43 +01:00
lukaszraczylo 2fbca0a88c Add allowed domains list. 2024-10-03 14:00:43 +01:00
lukaszraczylo e97d8e15ff Another attempt to fix the issue with expired session. 2024-10-03 14:00:43 +01:00
lukaszraczylo 38433dfff8 Improve handling of expired sessions 2024-10-03 14:00:43 +01:00
lukaszraczylo dca2b5214c Fix: Fix the redirection when the user session expired or 
was not preserved by traefik server.
 2024-10-03 14:00:42 +01:00
Jiri Matejicek 7e8b4ecea7 Add authenticated user email to the header X-Forwarded-User 2024-10-03 14:00:42 +01:00
lukaszraczylo b1c0fc5583 Resolve invalid state parameter issue. 2024-10-03 14:00:42 +01:00
lukaszraczylo e9e1fccf5e Fix up the excluded URLs configuration. 2024-10-03 14:00:42 +01:00
lukaszraczylo 23adb28a54 Revert "Update dependencies, switch to go 1.23" 
This reverts commit be5a13d7a9d32a23de247992232fe6ab87abf644.
 2024-10-03 14:00:42 +01:00
lukaszraczylo 8285b020bc Update dependencies, switch to go 1.23 2024-10-03 14:00:42 +01:00
lukaszraczylo 77ead9b8a1 Add option to exclude URLs from the authentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 448392e9bd Update: Don't refresh token / issue cookie on every request. 2024-10-03 14:00:41 +01:00
lukaszraczylo 1fd480b257 Add session refresh. 2024-10-03 14:00:41 +01:00
lukaszraczylo a4a943ae9c Fix the issue when expired token did not forced reauthentication. 2024-10-03 14:00:41 +01:00
lukaszraczylo 4968c5f93a Optimise: Build auth URL. 2024-10-03 14:00:41 +01:00
lukaszraczylo 5652ade5e2 Add basic benchmarks. 2024-10-03 14:00:40 +01:00
lukaszraczylo 7725d8d864 Parallel signature verification and http client connection pool. 2024-10-03 14:00:40 +01:00
lukaszraczylo 0ada593437 Run token cache and blacklist cleanup every minute. 2024-10-03 14:00:40 +01:00
lukaszraczylo 13572003a5 Even more tests, crossed 50% coverage 2024-10-03 14:00:39 +01:00