Trong Huu Nguyen
3a239a95c3
feat(reverseproxy): validate acr and redirect if applicable
2023-04-29 11:54:53 +02:00
Trong Huu Nguyen
7c98fe161e
refactor(handler/reverseproxy): retrieve both session and token
2023-04-29 11:17:00 +02:00
Trong Huu Nguyen
d76e9ebbb5
feat(session): store acr
2023-04-29 10:27:53 +02:00
Trong Huu Nguyen
2a0c376c4b
feat(openid): validate acr in id_token if sent in auth request
2023-04-29 10:27:23 +02:00
Trong Huu Nguyen
19095ccfea
feat(openid): store acr in state cookie
2023-04-29 09:09:02 +02:00
Trong Huu Nguyen
efcc276ed5
fix(handler/sso/proxy): redirect logout callbacks to logout
2023-04-29 09:00:28 +02:00
Trong Huu Nguyen
87ffee4a34
fix(handler/sso/proxy): proxy frontchannel logouts
2023-04-29 08:55:14 +02:00
Trong Huu Nguyen
ab2a8b6fec
fix(handler/sso/proxy): redirect callback requests to login
2023-04-29 08:52:41 +02:00
Trong Huu Nguyen
568f9f7683
feat(handler): use 302 instead of 303 for redirects
2023-04-29 08:42:29 +02:00
Trong Huu Nguyen
b4baa96ee4
feat(router): don't handle preflight requests for login/logout routes
2023-04-29 08:30:45 +02:00
Trong Huu Nguyen
6a31a0a396
refactor(metrics): minor cleanup
2023-04-29 08:30:08 +02:00
Trong Huu Nguyen
5d75001b7b
feat(metrics): attempt to reduce cardinality for redirect label
2023-04-28 11:30:40 +02:00
Trong Huu Nguyen
f8336fa74a
feat(metrics): ignore empty hosts for redirect label
2023-04-28 08:02:06 +02:00
Trong Huu Nguyen
28abcb3cf8
feat(router): handle HEAD requests for some routes
2023-04-28 08:01:52 +02:00
Trong Huu Nguyen
6127417767
fix(router): handle preflight requests for sso server
2023-04-28 06:53:47 +02:00
Trong Huu Nguyen
bc651d9082
fix: use 303 instead of 307 for redirects
2023-04-28 01:30:17 +02:00
Trong Huu Nguyen
c60f9478a5
fix(metrics): strip urls for login counter
2023-04-26 09:57:29 +02:00
Trong Huu Nguyen
55d2e0ce3b
feat(metrics): add redirect label for login counter
2023-04-26 09:28:00 +02:00
Trong Huu Nguyen
ad7160e04d
fix(handler/sso/proxy): local logout should be reverse proxied
2023-04-21 16:43:33 +02:00
Trong Huu Nguyen
0ba41e312a
feat(handler): local logout returns 204 instead of redirect
...
Redirecting after local logout introduces the possibility of matching a
path that automatically performs login, which for a local logout means
the user is automatically logged in again due to having an SSO session -
which nullifies the whole logout operation.
Applications that want local logout must trigger and handle the response
just like any other API call.
2023-04-21 16:25:26 +02:00
Trong Huu Nguyen
fba165552d
feat(router): disable local logout endpoint for idporten
2023-04-21 15:34:33 +02:00
Trong Huu Nguyen
0ba124809a
feat(handler): local logout redirects back to preconfigured URL
2023-04-21 15:21:02 +02:00
Trong Huu Nguyen
19b2401831
feat(metrics): add authentication method reference label for successful logins
2023-04-18 12:20:23 +02:00
Trong Huu Nguyen
47218da6d2
refactor(openid): simplify parameter handling for auth url
2023-04-18 11:16:50 +02:00
Trong Huu Nguyen
9eeb6f5e96
feat(router): root path for sso server should redireect to login
2023-04-13 14:30:21 +02:00
Trong Huu Nguyen
bab62c072b
feat(handler/sso/server): return not found instead of redirect for wildcard handler
2023-04-13 14:20:38 +02:00
Trong Huu Nguyen
5ad603395c
fix(handler/sso/proxy): override request path for reverseproxy to sso-server
2023-04-13 14:19:48 +02:00
Trong Huu Nguyen
9cb648917b
fix(handler/sso/proxy): only set default query parameters for login handler
2023-04-13 09:20:34 +02:00
Trong Huu Nguyen
a2d8d6f7c3
fix(router): register OPTIONS routes for CORS middleware
2023-04-13 09:03:04 +02:00
Trong Huu Nguyen
163d9e42ad
fix(handler/reverseproxy): preserve inbound forwarded/x-forwarded headers
2023-04-12 15:05:55 +02:00
Trong Huu Nguyen
765d4e34b1
refactor(url): extract cleaner and validators to separate implementations
2023-04-11 09:58:35 +02:00
Trong Huu Nguyen
ec4ac2b8e9
fix(redis): set ConnMaxIdleTime, not ConnMaxLifetime
2023-03-29 21:43:11 +02:00
Trong Huu Nguyen
e761810630
feat(redis): allow configuration of idle connection timeout
2023-03-29 09:55:17 +02:00
Trong Huu Nguyen
ef8c7d2cca
feat(sso/server): redirect to login for wildcard handler
2023-03-29 09:55:16 +02:00
Trong Huu Nguyen
c72093dda9
fix(handler/sso/proxy): use correct query for login url
2023-03-21 09:11:31 +01:00
Trong Huu Nguyen
fd73a0a83e
refactor(openid/config): more descriptive error message for unsupported values
2023-03-21 09:11:30 +01:00
Trong Huu Nguyen
3dc3c1dee5
feat(sso/server): return not found instead of redirect for wildcard handler
2023-03-08 12:53:25 +01:00
Trong Huu Nguyen
07cf8e12b3
feat(cookie): support overriding session cookie name
2023-03-01 11:27:26 +01:00
Trong Huu Nguyen
133d3fd855
refactor(middleware/logentry): ignore ping route
2023-03-01 10:11:37 +01:00
Trong Huu Nguyen
a375ac774d
feat(router): add ping route for health probes
2023-03-01 09:27:06 +01:00
Trong Huu Nguyen
442e056b26
refactor(handler): inline error handler, remove unnecessary getters
2023-02-24 19:24:02 +01:00
Trong Huu Nguyen
f346e9e91d
refactor(router): use a more apt name for wildcard handler
2023-02-24 18:33:41 +01:00
Trong Huu Nguyen
5342913676
refactor: move cookie options to handler constructors
2023-02-24 18:21:36 +01:00
Trong Huu Nguyen
d5b603c98f
feat(router): add cors middleware for sso server
2023-02-23 14:30:55 +01:00
Trong Huu Nguyen
08c6e96670
refactor(session): wrap error for decrypt
2023-02-23 14:29:49 +01:00
Trong Huu Nguyen
3e93423464
refactor(sso/server): redirect requests for wildcard routes to default URL
2023-02-22 10:19:26 +01:00
Trong Huu Nguyen
9ecfdb73ef
fix(handler): time-to-refresh in session metadata is disabled for sso
2023-02-22 10:11:39 +01:00
Trong Huu Nguyen
afc8fd6962
style: formatting
2023-02-21 15:37:48 +01:00
Trong Huu Nguyen
2796e1c9bc
refactor(session): remove duplicate method, token expiry must be shorter than inactivity timeout
2023-02-21 15:34:50 +01:00
Trong Huu Nguyen
9074547163
docs: clarifications for refresh behaviour
2023-02-21 15:32:43 +01:00
