github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 09:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
333 Commits 2 Branches 0 Tags
d5bbca9897274cd38405a44bf592ec1f5df3f18c
Commit Graph

35 Commits

Author SHA1 Message Date
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
08f570363a refactor(openid): extract magic strings 2022-08-19 11:44:38 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00
Trong Huu Nguyen
c15e00469b refactor: clean up session error handling 2022-08-18 21:35:15 +02:00
Trong Huu Nguyen
ae8028cc96 refactor: remove cookie session fallback store 
The implementation is error-prone and difficult to maintain.
We instead just assume that the backing session store is highly
available.
 2022-08-17 20:44:07 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
cbb6be135a feat(metrics): add metrics for successful logins and logouts 2022-07-19 09:25:43 +02:00
Trong Huu Nguyen
b674a0ffa7 refactor(session): wrap own error type instead of using store-specific errors 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
284fa2a76f fix(openid/client): ensure assertion time claims are rounded down instead of up 
Hopefully fixes intermittent 'invalid_grant' errors from IdP.
 2022-07-18 09:24:26 +02:00
Trong Huu Nguyen
aab249d78a refactor(jwt): skip parsing access tokens 
Access Tokens are not necessarily JWTs. We also don't
have to validate them as we only pass it on as an opaque
string.

This also means that we don't log the JTI access tokens
anymore.

We also simplify handling of oidc callbacks.
 2022-07-14 12:14:25 +02:00
Trong Huu Nguyen
1f5635239a refactor: split out openid client, config and provider 
There's a bunch of changes here, but in essence:

- split out openid configuration
- separate openid configuration between client/rp and provider
- consolidate client and provider related code in separate packages

These changes allow for simplification of the Handler, as well as a
bunch of test/mock code as the configuration is now instantiated
seperately from the client/provider code.
 2022-07-05 13:09:00 +02:00
Trong Huu Nguyen
a19cbe375c refactor(router/session): extract cookie store 2022-07-04 15:18:40 +02:00
Trong Huu Nguyen
a752978f8f refactor(session): move data to own file 2022-07-04 15:18:37 +02:00
Trong Huu Nguyen
d73a5f24bb refactor(session): move session id generator to relevant pkg 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
debf97efda feat(session): store metadata 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
497cf9fba7 feat: store refresh tokens in session 2022-07-04 15:18:34 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
f95e618585 refactor(jwt): azure ad sets uti claim instead of jti 2022-02-03 11:41:44 +01:00
Trong Huu Nguyen
3828437dc5 refactor(jwt): clean up and deduplicate 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
b449ab2191 refactor: token -> jwt for accuracy 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
eeccebc5dd feat: log jwt IDs for tracability 2022-02-03 11:41:42 +01:00
Trong Huu Nguyen
c70037bd4c refactor: clean up main 2021-11-01 11:04:54 +01:00
Trong Huu Nguyen
e3439e27ab test: use miniredis for testing redis session store 2021-11-01 10:56:59 +01:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
8711f6e0d3 style: clean up imports 2021-10-16 10:25:47 +02:00
Trong Huu Nguyen
f73b4605a1 refactor: use encrypted cookie as session fallback 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 13:17:04 +02:00
Trong Huu Nguyen
03eec9d2b8 refactor: robustify logout routes 
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-01 09:35:28 +02:00
Trong Huu Nguyen
cc8ba980ca refactor: deduplicate crypto operations for sessions 2021-09-30 18:27:53 +02:00
Trong Huu Nguyen
2ec1b7ace9 feat: encrypt session data 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 13:47:29 +02:00
Morten Lied Johansen
f551386113 Add Redis latency metrics 
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-29 10:50:27 +02:00
Trong Huu Nguyen
5da34f0139 fix: include id_token_hint on self-initiated logout 
This is required when including the post_logout_redirect_uri
parameter.
 2021-08-25 11:55:36 +02:00
Trong Huu Nguyen
e83542b046 fix: prefix local session keys to prevent collisions 
`sid` is a key that refers to the user's unique SSO session at the
Identity Provider, and the same key is present in all tokens
acquired by any Relying Party (such as Wonderwall) during that session.
Thus, we cannot assume that the value of `sid` to uniquely identify the
pair of (user, application session) if using a shared session store.
 2021-08-25 11:26:24 +02:00
Kim Tore Jensen
55f26fb54c incorporate new session storage code 2021-08-24 12:58:16 +02:00
Kim Tore Jensen
15a7c14324 redis and in-memory session store 2021-08-24 12:49:23 +02:00