github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 09:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
359 Commits 2 Branches 0 Tags
7f93c62604f00a4eac11bf321b792f3f77ef85e9
Commit Graph

41 Commits

Author SHA1 Message Date
Trong Huu Nguyen
c0138f4b49 feat(session): use locks for refreshing 
One of the changes in OAuth 2.1 addresses attacks with refresh token
replays by recommending the use of one-time use tokens. A refresh token
is thus rotated and invalid after exactly one use, returning a new token
for each successful grant. Any further attempts must thus use the most
recently acquired refresh token. Reusing a refresh token may also
cause the authorization server to invalidate the current active refresh
token, requiring a refresh authorization grant to be reacquired for
further refresh token usage.

The use of locks prevents multiple refresh grant attempts for a given
session from happening across concurrent requests.
 2022-09-04 17:14:35 +02:00
Trong Huu Nguyen
9d7732fc25 deps: bump em 2022-08-31 08:50:09 +02:00
Trong Huu Nguyen
f9b7bbe10b deps: bump it 2022-08-22 08:40:27 +02:00
dependabot[bot]
758277a267 build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.4 to 2.0.5 (#45) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-11 10:59:15 +02:00
Trong Huu Nguyen
51075ad9ed refactor(middleware/logentry): remove httplog dependency 2022-08-11 09:54:23 +02:00
Trong Huu Nguyen
ea5b7701a9 deps: bump to go 1.19 2022-08-10 13:12:56 +02:00
Trong Huu Nguyen
261f0e039d deps: bump various dependencies 2022-08-10 13:12:42 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
a230599351 deps: bumpity bump 2022-07-14 12:20:51 +02:00
dependabot[bot]
afd1a29671 build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.5 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-27 19:25:46 +00:00
dependabot[bot]
557cca2a08 build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.2 to 2.0.3 (#34) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-14 08:27:37 +02:00
Trong Huu Nguyen
a4c96d3217 deps: bumpity bump 2022-06-09 13:18:52 +02:00
Trong Huu Nguyen
2534c4dcd6 deps: bump prometheus/client_golang to 1.12.2 2022-05-19 08:25:51 +02:00
Trong Huu Nguyen
0a73b1cf3b deps: bump jwx to v2.0.1 2022-05-10 09:25:27 +02:00
Trong Huu Nguyen
04fab6104a feat(handler/callback): add retries for requests to external services 2022-05-06 12:28:58 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
eb2a93dbf0 deps: bump various libs 2022-05-05 11:06:01 +02:00
Trong Huu Nguyen
afeaf6a381 deps: bump to go 1.18 2022-05-05 11:03:25 +02:00
Trong Huu Nguyen
0792c8a783 deps: bump versions 2022-03-01 07:53:20 +01:00
Trong Huu Nguyen
f0318b269e fix: ensure jwk set is refreshed regularly 2022-03-01 07:49:51 +01:00
Trong Huu Nguyen
4eee30abde chore: bump dependencies 2021-12-06 10:19:42 +01:00
Trong Huu Nguyen
e3439e27ab test: use miniredis for testing redis session store 2021-11-01 10:56:59 +01:00
Trong Huu Nguyen
2e10801d0e refactor: move client assertion generation, replace go-jose with jwx 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-11 11:46:11 +02:00
Trong Huu Nguyen
9616587854 chore: go mod tidy 2021-10-05 12:10:47 +02:00
Trong Huu Nguyen
77d0438411 feat: use latest go-chi v5, add middlewares for panic recovery and logging 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-05 11:45:42 +02:00
Trong Huu Nguyen
80c7abd70a refactor: update jwx; now infers alg from keys where missing 2021-10-01 12:22:49 +02:00
Trong Huu Nguyen
bf8441bb1c build: bump go to 1.17 2021-09-29 09:22:25 +02:00
Kim Tore Jensen
081921d0fa add http request metrics 2021-09-02 11:16:45 +02:00
Trong Huu Nguyen
03a14eb2bd refactor: clean up id_token validation 2021-08-25 08:22:34 +02:00
Kim Tore Jensen
15a7c14324 redis and in-memory session store 2021-08-24 12:49:23 +02:00
Kent Daleng
1f58b5ae15 write callback test 
Co-Authored-By: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-08-24 10:02:21 +02:00
Trong Huu Nguyen
43cb01ad00 wip: idporten mock server 2021-08-24 07:44:05 +02:00
Kim Tore Jensen
764adc3d77 wip: tests for authorize 2021-08-23 14:39:48 +02:00
Trong Huu Nguyen
f36848babe feat: validate id_token in auth code flow 
Co-authored-by: Kent Daleng <kent.daleng@nav.no>
 2021-08-23 09:59:15 +02:00
Kim Tore Jensen
8baa18281d remove caos/oidc as dependency 2021-08-19 14:25:55 +02:00
Kim Tore Jensen
4da8e5263f loginurl as our own implementation 2021-08-19 13:05:39 +02:00
Kent Daleng
6d5a14358e generate a long enough code_verifier 
idporten wants one at least 43 chars long; a single UUID is 36.. so i smash two together :)
also, this involves grabbing the internals of the function we called earlier and putting it here instead
 2021-08-19 08:35:25 +02:00
Kent Daleng
b1272ed712 refactor login, use caos/oidc 2021-08-18 11:42:50 +02:00
Kim Tore Jensen
2b5206fdff run a webserver and supply a non-working login redirect uri 2021-08-17 15:31:03 +02:00
Kent Daleng
1177ef1210 implement config and logging 2021-08-17 14:30:34 +02:00
Kent Daleng
1aec4cd36a initial commit 2021-08-17 13:39:10 +02:00