github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-12 03:16:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
927 Commits 2 Branches 0 Tags
d2e01b2ead411ebeabbf8ac7f33cb599c5f09677
Commit Graph

927 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trong Huu Nguyen
d2e01b2ead refactor: consolidate cookie config, correct documentation 2024-11-05 21:24:25 +01:00
Trong Huu Nguyen
bfb4929dc7 feat: allow disabling secure cookies for localhost 
This is geerally only necessary when using Safari.
Most other browsers respect the Secure attribute when using localhost.
 2024-11-05 21:14:14 +01:00
Trong Huu Nguyen
6b46d57422 refactor(openid): consolidate validation and verification of id_tokens 
Also remove some indirection layers.
 2024-11-05 21:10:44 +01:00
Trong Huu Nguyen
e6297750d6 feat(openid): set expected default public JWK algorithm if the OP doesn't set them 
This allows us to verify signatures without relying on heuristics used
by jws.WithInferAlgorithmFromKey() that may introduce security and
performance implications.
 2024-11-05 21:08:46 +01:00
Trong Huu Nguyen
db060a4caf feat(handler): do not automatically retry token redemption failures 2024-11-05 19:57:48 +01:00
Trong Huu Nguyen
4c2d1f4813 docs(config): clarify description of openid.scopes flag 2024-11-05 11:44:45 +01:00
Trong Huu Nguyen
192b196d3f refactor(config): inline samesite options 2024-11-05 08:48:46 +01:00
Trong Huu Nguyen
3cae769d87 chart: require all provider toggles 2024-11-05 08:39:42 +01:00
dependabot[bot]
13681001eb build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.1.1 to 2.1.2 (#304) 
Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v3/Changes)
- [Commits](https://github.com/lestrrat-go/jwx/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-28 19:50:53 +00:00
dependabot[bot]
5cc7f5a35c build(deps): bump github.com/riandyrn/otelchi from 0.10.0 to 0.10.1 (#305) 
Bumps [github.com/riandyrn/otelchi](https://github.com/riandyrn/otelchi) from 0.10.0 to 0.10.1.
- [Release notes](https://github.com/riandyrn/otelchi/releases)
- [Changelog](https://github.com/riandyrn/otelchi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/riandyrn/otelchi/compare/v0.10.0...v0.10.1)

---
updated-dependencies:
- dependency-name: github.com/riandyrn/otelchi
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-28 19:47:58 +00:00
dependabot[bot]
69da57e3ee build(deps): bump actions/setup-go in the gh-actions group (#303) 
Bumps the gh-actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-go` from 5.0.2 to 5.1.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5.0.2...v5.1.0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-28 19:38:29 +00:00
dependabot[bot]
c18f1725a2 build(deps): bump github.com/redis/go-redis/extra/redisotel/v9 (#301) 
Bumps [github.com/redis/go-redis/extra/redisotel/v9](https://github.com/redis/go-redis) from 9.5.3 to 9.7.0.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.5.3...v9.7.0)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/extra/redisotel/v9
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-21 19:56:20 +00:00
dependabot[bot]
b905024d9d build(deps): bump github.com/prometheus/client_golang (#300) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.4 to 1.20.5.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.4...v1.20.5)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-21 19:53:10 +00:00
Trong Huu Nguyen
7c2d6d3f71 feat(templates): clean up error page after feedback 2024-10-16 12:46:29 +02:00
Trong Huu Nguyen
e7ab8e7c83 build: replace client jwk with client secret for examples 2024-10-16 10:24:09 +02:00
dependabot[bot]
d0e2288b7f build(deps): bump the otel group with 3 updates (#297) 
Bumps the otel group with 3 updates: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-14 19:53:34 +00:00
dependabot[bot]
b6d87c0ab3 build(deps): bump github.com/redis/go-redis/v9 from 9.6.1 to 9.6.2 (#299) 
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.6.1 to 9.6.2.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.6.1...v9.6.2)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-14 19:50:15 +00:00
dependabot[bot]
45be988965 build(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.1 (#298) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.1 to 4.7.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.1...v4.7.1)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-14 19:47:05 +00:00
Trong Huu Nguyen
bd33d2d5cd chart: set azure and idporten to false by default 2024-10-09 08:58:50 +02:00
Trong Huu Nguyen
a4b832839c feat(templates): make error page more generic and responsive 
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
 2024-10-09 08:58:36 +02:00
Trong Huu Nguyen
df5c78b821 feat(openid/client): add support for the client_secret_post authentication method 2024-10-08 09:19:38 +02:00
dependabot[bot]
5df7234e1c build(deps): bump sigstore/cosign-installer in the gh-actions group (#296) 
Bumps the gh-actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).


Updates `sigstore/cosign-installer` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](4959ce089c...dc72c7d5c4)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-07 19:58:45 +00:00
dependabot[bot]
53e2a4d34b build(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#295) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/crypto/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-07 19:12:10 +00:00
Trong Huu Nguyen
54c24db4ed chart: support well-known url config for openid 2024-10-03 14:16:15 +02:00
Trong Huu Nguyen
ebcdbd358e build: go 1.23.2 2024-10-03 12:30:34 +02:00
dependabot[bot]
8675fe55ae build(deps): bump github.com/riandyrn/otelchi from 0.9.0 to 0.10.0 (#294) 
Bumps [github.com/riandyrn/otelchi](https://github.com/riandyrn/otelchi) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/riandyrn/otelchi/releases)
- [Changelog](https://github.com/riandyrn/otelchi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/riandyrn/otelchi/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/riandyrn/otelchi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-23 19:08:56 +00:00
dependabot[bot]
45a0ea5b64 build(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 (#293) 
Bumps [go.uber.org/automaxprocs](https://github.com/uber-go/automaxprocs) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/uber-go/automaxprocs/releases)
- [Changelog](https://github.com/uber-go/automaxprocs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/automaxprocs/compare/v1.5.3...v1.6.0)

---
updated-dependencies:
- dependency-name: go.uber.org/automaxprocs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-23 19:05:42 +00:00
Trong Huu Nguyen
5ae325ca3d fix(retry): correct usage of MaxDuration, remove unused code 2024-09-20 11:47:49 +02:00
dependabot[bot]
9d1d02803f build(deps): bump github.com/prometheus/client_golang (#292) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.3 to 1.20.4.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.3...v1.20.4)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-17 12:38:34 +00:00
Trong Huu Nguyen
94fce2d5a7 ci: group otel updates for dependabot 2024-09-17 08:40:58 +02:00
Trong Huu Nguyen
197b9212e0 build: go 1.23.1 2024-09-17 08:35:18 +02:00
dependabot[bot]
e59617b341 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#291) 
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-16 20:03:35 +00:00
dependabot[bot]
7e9ff7901a build(deps): bump go.opentelemetry.io/otel from 1.29.0 to 1.30.0 (#290) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-16 20:01:20 +00:00
Trong Huu Nguyen
f5d2f6615e chart: add toggle for openid 
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
 2024-09-11 13:03:12 +02:00
Trong Huu Nguyen
d6b57a6b7d refactor(handler/sso/proxy): correct variable name 2024-09-11 09:27:13 +02:00
dependabot[bot]
a5d98c746a build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#286) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/crypto/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-09 19:57:31 +00:00
dependabot[bot]
d41b2f9a66 build(deps): bump github.com/prometheus/client_golang (#288) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.2 to 1.20.3.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.20.3/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.2...v1.20.3)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-09 19:54:23 +00:00
dependabot[bot]
89918bc569 build(deps): bump golang.org/x/oauth2 from 0.22.0 to 0.23.0 (#287) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-09 19:51:26 +00:00
Trong Huu Nguyen
9e78ba78be fix(handler/sso/proxy): avoid duplicate headers when proxying to server 2024-09-03 12:08:38 +02:00
dependabot[bot]
c1438fb71a build(deps): bump github.com/rs/cors from 1.11.0 to 1.11.1 (#285) 
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.11.0 to 1.11.1.
- [Commits](https://github.com/rs/cors/compare/v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-02 19:18:34 +00:00
Trong Huu Nguyen
ecad15256d build: bump deps 2024-08-26 10:10:52 +02:00
Trong Huu Nguyen
4dd61a3d50 ci: verify correct runtime image 2024-08-23 13:56:41 +02:00
Trong Huu Nguyen
d2ef2613cd ci: fix conditional for dependabot merge workflow 2024-08-23 13:56:22 +02:00
Trong Huu Nguyen
155ebc745b docs: clarify forwarded headers 2024-08-23 13:56:21 +02:00
Trong Huu Nguyen
57376643ba build: go 1.23 2024-08-23 13:56:19 +02:00
Trong Huu Nguyen
3876820aee refactor(retry): use DoValue 2024-08-23 13:55:51 +02:00
Trong Huu Nguyen
deca0b6410 build: go 1.22.6 2024-08-23 13:55:51 +02:00
Trong Huu Nguyen
3465d8aef3 refactor(config): clean up tests 2024-08-23 13:55:49 +02:00
dependabot[bot]
0919dbdbbb build(deps): bump golang from 1.22 to 1.23 in the docker group (#284) 
Bumps the docker group with 1 update: golang.


Updates `golang` from 1.22 to 1.23

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-19 19:31:24 +00:00
dependabot[bot]
8a0a220f70 build(deps): bump mvdan.cc/gofumpt from 0.6.0 to 0.7.0 (#282) 
Bumps [mvdan.cc/gofumpt](https://github.com/mvdan/gofumpt) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/mvdan/gofumpt/releases)
- [Changelog](https://github.com/mvdan/gofumpt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/gofumpt/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: mvdan.cc/gofumpt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-19 19:21:26 +00:00