github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-10 02:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
977 Commits 2 Branches 0 Tags
c442000be40281f9ac8cb0cedf4d3991202f92de
Commit Graph

977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sindre Rødseth Hansen
c442000be4 feat: implement PAR for relying party 
Fixes #235

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-23 08:48:32 +01:00
Trong Huu Nguyen
6be5a1ebe5 wip: implement PAR for relying party 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 08:48:32 +01:00
Trong Huu Nguyen
909060d8fd feat(mock): implement PAR for identity provider 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 08:48:28 +01:00
Trong Huu Nguyen
f2def8d00d fix(session/data): next refresh time should account for inactivity timeouts 
The default auto-refresh behaviour occurs 5 minutes before tokens
expire, at the earliest. Without inactivity however, tokens are still
refreshed at any point after this, as long as the session has not ended.

This however, means that refreshes don't occur often enough when inactivity
timeouts are enabled. In practice, the session is only refreshed if a
request is received within the 5 minute leeway window between a token's expiry
and the inactivity timeout.

This commit will apply auto-refreshes at the half-life of the inactivity
timeout instead, so that users' sessions and timeouts are properly
extended on activity.
 2025-01-22 15:58:53 +01:00
Trong Huu Nguyen
c1dd4f1177 refactor(handler/login): improve logging when rate limiting 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 12:03:01 +01:00
Trong Huu Nguyen
aa798d4eed docs: add notes on image availability on registries [ci skip] 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 10:04:32 +01:00
Trong Huu Nguyen
b6bfb817a4 feat(handler/login): add rate limit to prevent redirect loops 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 09:46:45 +01:00
Trong Huu Nguyen
64e9167e05 refactor(openid/client): remove indirection layer for login callback 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-21 09:39:23 +01:00
Trong Huu Nguyen
75f98debc5 feat(openid/client): validate iss parameter if provider declares authorization_response_iss_parameter_supported 
Fixes #306.

Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-21 09:39:21 +01:00
dependabot[bot]
f38f18f09c build(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 (#323) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.7.1 to 4.8.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.7.1...v4.8.0)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 19:23:26 +00:00
dependabot[bot]
6bad1cfeb8 build(deps): bump github.com/riandyrn/otelchi from 0.11.0 to 0.12.0 (#322) 
Bumps [github.com/riandyrn/otelchi](https://github.com/riandyrn/otelchi) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/riandyrn/otelchi/releases)
- [Changelog](https://github.com/riandyrn/otelchi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/riandyrn/otelchi/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: github.com/riandyrn/otelchi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 19:20:17 +00:00
dependabot[bot]
b12ce1dbe6 build(deps): bump the otel group with 3 updates (#321) 
Bumps the otel group with 3 updates: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 19:17:21 +00:00
Sindre Rødseth Hansen
2feb6a3b77 feat: Add option for propagating id_token to upstream app 
Fixes #315

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-20 13:07:54 +01:00
Sindre Rødseth Hansen
bc307916be build: bump go to 1.23.5 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-20 10:47:06 +01:00
Trong Huu Nguyen
3a4f656f33 style: make fmt [ci skip] 2025-01-17 14:22:48 +01:00
Trong Huu Nguyen
3e42d001f0 feat(handler/forwardauth): reduce log severity for not-existent sessions 2025-01-17 14:19:00 +01:00
Trong Huu Nguyen
a29cc3046d chart: enable forward-auth endpoint with inactivity timeout 2025-01-17 10:26:54 +01:00
Trong Huu Nguyen
e3fb0cc888 chart: remove obsolete session refresh flags 2025-01-17 10:26:20 +01:00
Trong Huu Nguyen
3143940b08 feat: remove feature flags for session refresh 
These feature flags were enabled by default. We specifically disallowed
the use of automatic refresh with the SSO mode, though this poses some
complexity if using the forward-auth feature.

To simplify configuration and code, we remove the flags in their
entirety as session refresh behaviour is mostly already handled by the
implementation of GetSession() in the handlers. Specifically:

- the Standalone handler needs to refresh sessions when reverse-proxying
  to the upstream.
- the SSO server handler needs to refresh sessions only when using the
  forward-auth feature. It does not have an upstream to reverse proxy
  to.
- the SSO proxy handler is a read-only upstream proxy and does not
  possess the ability to refresh sessions itself, though it will
  delegate traffic for the session endpoints to the configured SSO server.

Automatic refreshing is thus only disabled when running in SSO mode
without the forward-auth feature.
 2025-01-16 10:14:15 +01:00
Trong Huu Nguyen
0258ce7cfd feat: add handler for forward-auth 2025-01-14 13:44:49 +01:00
Trong Huu Nguyen
c96e457675 test: assert unauthenticated response for session endpoints 2025-01-14 13:33:35 +01:00
Trong Huu Nguyen
522ca3fb7e docs: add missing prompt parameter for login endpoint 2025-01-14 12:36:33 +01:00
Trong Huu Nguyen
01a256c972 charts: add alert rule for forward-auth, links to dashboard 2025-01-14 08:36:26 +01:00
Trong Huu Nguyen
b53c76031d feat: use automemlimit for cgroup-aware limits 2025-01-14 08:36:21 +01:00
dependabot[bot]
4aa77e1dd7 build(deps): bump golang.org/x/vuln from 1.1.3 to 1.1.4 (#320) 
Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/golang/vuln/releases)
- [Commits](https://github.com/golang/vuln/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: golang.org/x/vuln
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-13 19:34:51 +00:00
dependabot[bot]
b2cf17a39f build(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#319) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/crypto/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-06 19:10:43 +00:00
dependabot[bot]
b42588b406 build(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#318) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-06 19:07:47 +00:00
dependabot[bot]
a5a5bfa693 build(deps): bump github.com/alicebob/miniredis/v2 from 2.33.0 to 2.34.0 (#317) 
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.33.0 to 2.34.0.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.33.0...v2.34.0)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 19:52:20 +00:00
dependabot[bot]
992b78ee1c build(deps): bump actions/setup-go in the gh-actions group (#316) 
Bumps the gh-actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-go` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 19:56:14 +00:00
Trong Huu Nguyen
9dc2f29baa chore(deps): bump dependencies 2024-12-16 12:29:43 +01:00
dependabot[bot]
cc8f36c037 build(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#314) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/crypto/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 19:29:48 +00:00
Trong Huu Nguyen
2d14b217b6 build: 1.23.4 go! 2024-12-06 09:16:16 +01:00
dependabot[bot]
80fb7a862a build(deps): bump github.com/riandyrn/otelchi from 0.10.1 to 0.11.0 (#313) 
Bumps [github.com/riandyrn/otelchi](https://github.com/riandyrn/otelchi) from 0.10.1 to 0.11.0.
- [Release notes](https://github.com/riandyrn/otelchi/releases)
- [Changelog](https://github.com/riandyrn/otelchi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/riandyrn/otelchi/compare/v0.10.1...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/riandyrn/otelchi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 20:10:10 +00:00
dependabot[bot]
7dca2e3a1e build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.1.2 to 2.1.3 (#312) 
Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v2.1.3/Changes)
- [Commits](https://github.com/lestrrat-go/jwx/compare/v2.1.2...v2.1.3)

---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-25 19:30:35 +00:00
dependabot[bot]
12c2a300f3 build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#311) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-25 19:27:20 +00:00
Trong Huu Nguyen
381ca1d21d chart: add resource suffix to idportenclient 2024-11-14 16:47:29 +01:00
Trong Huu Nguyen
f60cf79da6 chart: add resourceSuffix value 
Hack for resources that may conflict in parallel environments.
 2024-11-14 16:20:24 +01:00
Trong Huu Nguyen
ca4ebb6ef4 build: go 1.22 -> 1.23 2024-11-14 13:30:08 +01:00
Trong Huu Nguyen
b4449a3727 build: go 1.23.3 2024-11-13 08:28:18 +01:00
dependabot[bot]
d350e05569 build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#310) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 20:06:34 +00:00
dependabot[bot]
8a472e3972 build(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#309) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 20:03:29 +00:00
dependabot[bot]
d9b5c3384f build(deps): bump the otel group with 3 updates (#308) 
Bumps the otel group with 3 updates: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 20:00:20 +00:00
Trong Huu Nguyen
724132e51c test: correct description for secure cookie test 2024-11-06 10:17:11 +01:00
Trong Huu Nguyen
0751d1877a chart: remove requirement for bool configs 2024-11-06 09:47:39 +01:00
Trong Huu Nguyen
2d5d99f5ee fix(openid): don't ignore existence check for key mutator 2024-11-06 09:40:56 +01:00
Trong Huu Nguyen
b4b38f30ef test(openid): add missing token validation cases 2024-11-06 09:27:27 +01:00
Trong Huu Nguyen
26b026f984 docs: clean up notes on configuration 2024-11-06 08:52:42 +01:00
Trong Huu Nguyen
3761d40bf6 feat(crypto): log warning for ephemeral encryption key 2024-11-06 08:47:05 +01:00
Trong Huu Nguyen
5c63a2a743 refactor(openid/client): inline unnecessary variables 2024-11-05 22:15:48 +01:00
Trong Huu Nguyen
b7b43e9793 refactor(openid): remove more indirection layers 2024-11-05 21:58:38 +01:00