github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-06 16:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,168 Commits 2 Branches 0 Tags
39bf7b4063d64b2eff21911d779ae04e02bff4a6
Commit Graph

33 Commits

Author SHA1 Message Date
Trong Huu Nguyen
2e3da2bb64 feat: add separate health probe listener 
This adds an optional health probe listener, mostly for use in rutime
environments where you want separate public and private listeners.

The existing /oauth2/ping endpoint on the main listener is kept for
backwards compatibility.
 2025-07-08 11:26:22 +02:00
Trong Huu Nguyen
b21068f522 feat: set response headers for forward-auth behind feature flag 2025-05-22 09:04:58 +02:00
Trong Huu Nguyen
126db31d25 feat: restrict non-navigational requests to oauth2-routes for all modes 2025-04-02 11:53:29 +02:00
Sindre Rødseth Hansen
fc715e703b Update configuration.md 
fix: update outdated well-known url
 2025-01-23 15:51:38 +01:00
Trong Huu Nguyen
b6bfb817a4 feat(handler/login): add rate limit to prevent redirect loops 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 09:46:45 +01:00
Sindre Rødseth Hansen
2feb6a3b77 feat: Add option for propagating id_token to upstream app 
Fixes #315

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-20 13:07:54 +01:00
Trong Huu Nguyen
3143940b08 feat: remove feature flags for session refresh 
These feature flags were enabled by default. We specifically disallowed
the use of automatic refresh with the SSO mode, though this poses some
complexity if using the forward-auth feature.

To simplify configuration and code, we remove the flags in their
entirety as session refresh behaviour is mostly already handled by the
implementation of GetSession() in the handlers. Specifically:

- the Standalone handler needs to refresh sessions when reverse-proxying
  to the upstream.
- the SSO server handler needs to refresh sessions only when using the
  forward-auth feature. It does not have an upstream to reverse proxy
  to.
- the SSO proxy handler is a read-only upstream proxy and does not
  possess the ability to refresh sessions itself, though it will
  delegate traffic for the session endpoints to the configured SSO server.

Automatic refreshing is thus only disabled when running in SSO mode
without the forward-auth feature.
 2025-01-16 10:14:15 +01:00
Trong Huu Nguyen
0258ce7cfd feat: add handler for forward-auth 2025-01-14 13:44:49 +01:00
Trong Huu Nguyen
522ca3fb7e docs: add missing prompt parameter for login endpoint 2025-01-14 12:36:33 +01:00
Trong Huu Nguyen
26b026f984 docs: clean up notes on configuration 2024-11-06 08:52:42 +01:00
Trong Huu Nguyen
d2e01b2ead refactor: consolidate cookie config, correct documentation 2024-11-05 21:24:25 +01:00
Trong Huu Nguyen
bfb4929dc7 feat: allow disabling secure cookies for localhost 
This is geerally only necessary when using Safari.
Most other browsers respect the Secure attribute when using localhost.
 2024-11-05 21:14:14 +01:00
Trong Huu Nguyen
e6297750d6 feat(openid): set expected default public JWK algorithm if the OP doesn't set them 
This allows us to verify signatures without relying on heuristics used
by jws.WithInferAlgorithmFromKey() that may introduce security and
performance implications.
 2024-11-05 21:08:46 +01:00
Trong Huu Nguyen
4c2d1f4813 docs(config): clarify description of openid.scopes flag 2024-11-05 11:44:45 +01:00
Trong Huu Nguyen
df5c78b821 feat(openid/client): add support for the client_secret_post authentication method 2024-10-08 09:19:38 +02:00
Trong Huu Nguyen
e440b92cd3 docs: fix typo [ci skip] 2024-06-10 12:02:26 +02:00
Trong Huu Nguyen
984fb4022b docs: add notes on encrytion key for sso mode [ci skip] 2024-06-10 11:58:08 +02:00
Trong Huu Nguyen
7d2bb6b2be docs: clean up mermaid diagram descriptions [ci skip] 2023-10-27 13:05:47 +02:00
Trong Huu Nguyen
b910d3e65a feat(config): redis username and password flags overrides uri 2023-10-12 08:21:34 +02:00
Trong Huu Nguyen
555f87b42b docs: correct default value for session lifetime [ci skip] 2023-10-11 14:42:15 +02:00
Trong Huu Nguyen
6dbc747aad feat(config): enable refresh tokens and automatic refreshing by default, increase default session lifetime 2023-10-11 14:16:53 +02:00
Trong Huu Nguyen
8bbd947d5b feat(config): add support for Redis URI 2023-10-10 14:48:50 +02:00
Trong Huu Nguyen
63685a09a5 docs: more, prettier mermaid diagrams and minor corrections [ci skip] 2023-10-09 14:46:53 +02:00
Trong Huu Nguyen
c1bdb90566 feat(handler/reverseproxy): don't return json response after all 
Expose fewer interfaces; less maintenance and documentation needed.
 2023-10-04 10:01:03 +02:00
Trong Huu Nguyen
91cd58d18b docs: update sections on autologin and sessions 2023-10-03 14:21:09 +02:00
Trong Huu Nguyen
c4911b1344 feat(session): add feature toggle for automatic refreshing 2023-09-15 09:08:42 +02:00
Trong Huu Nguyen
7987ad767e feat(config): allow specifying upstream ip and port separately 2023-08-17 08:41:53 +02:00
Trong Huu Nguyen
e7799204b2 feat(openid): harden id_token validation 2023-08-15 21:30:41 +02:00
Trong Huu Nguyen
ba394dbaf3 docs: correct copy-pasta error [ci skip] 2023-07-21 10:32:17 +02:00
Trong Huu Nguyen
5729f46542 docs: move to separate directory, major cleanups 2023-07-20 10:52:48 +02:00
Trong Huu Nguyen
b3c50acb76 docs: use mermaid for diagrams 2022-12-19 13:04:12 +01:00
Trong Huu Nguyen
1d754baabe feat(handler/reverseproxy): preserve incoming authorization for unauthenticated sessions 2022-12-16 14:53:27 +01:00
Trong Huu Nguyen
40a4c8a02c docs: minor cleanups, add overview with diagrams 2022-05-04 15:54:45 +02:00