nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
18300 commits 4 branches 0 tags 121 MiB
Commit graph

51 commits

Author SHA1 Message Date
cmrd Senya
cdcf2d747e
Override forgery settings in controllers 
ClientsController and TokenEndpointController are called from the outside,
so CSRF verification prevents them from normal operation.

closes #7062
 2016-10-01 10:24:15 +02:00
cmrd Senya
9546fddb9e
[API] don't store ID tokens in DB 
fix #6857
 2016-08-13 20:09:43 +03:00
Jonne Haß
8cffc5cfbe
bump rails to 4.2.7 2016-07-15 13:48:09 +02:00
theworldbright
bb3849e4b1 Fix API privilege scope escalation 2016-03-11 17:18:21 -08:00
theworldbright
38439277d6 Add licenses where appropriate 2016-01-04 17:22:44 +09:00
theworldbright
58aef5658b Fix remaining remarks 2016-01-04 17:01:40 +09:00
augier
ef7ea1a855 General text error + CSS styling 
Minor merge conflict fix by theworldbright
 2016-01-04 16:49:59 +09:00
theworldbright
c1e1f9bf69 Fix 500 error when unknown algorithm is used for JWT 2016-01-04 16:49:58 +09:00
theworldbright
4cde41486b Fix handling of prompt=login 2016-01-04 16:49:58 +09:00
theworldbright
a4095692b7 Add default kid to jwks.json 2016-01-04 16:49:58 +09:00
theworldbright
1e3421713a Handle error when request object is signed 2016-01-04 16:49:58 +09:00
theworldbright
fd4022a55c Fix pronto remarks 2016-01-04 16:49:58 +09:00
theworldbright
ed1dc256a8 Fix handling of error message in authorization controller 2016-01-04 16:49:58 +09:00
augier
ebeafb7894 Add custom error page when prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
c6bec2f2dc Return error to RP instead of user for prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
7865a30fec Return an JSON error response for invalid jwks_uri 2016-01-04 16:49:57 +09:00
theworldbright
3440709ec5 Explicitly state no support for user info alg 2016-01-04 16:49:57 +09:00
theworldbright
f1b394de0f Fix remaining remarks 2016-01-04 16:49:57 +09:00
augier
d028b5672e Fix remarks 2016-01-04 16:49:57 +09:00
theworldbright
2f8c391ac6 Fix pronto and travis errors 2016-01-04 16:49:57 +09:00
theworldbright
8f5094c29e Gracefully handle SSL verification failure 2016-01-04 16:49:56 +09:00
theworldbright
0fbcb71255 Add support for request_uri and claims 2016-01-04 16:49:56 +09:00
theworldbright
82600003b3 Flash error messages when redirect_uri is invalid 2016-01-04 16:49:56 +09:00
theworldbright
e4edad0646 Fix test for the auth missing the response_type parameter 2016-01-04 16:49:56 +09:00
theworldbright
adcf2ab7ab Fix test for prompt == "none" 2016-01-04 16:49:56 +09:00
augier
d351db1982 Filter for prompt handling 2016-01-04 16:49:56 +09:00
augier
7b2be0d3c6 Support displaying TOS and policy 2016-01-04 16:49:56 +09:00
theworldbright
9c9880d880 Move JWKs files to database 2016-01-04 16:49:56 +09:00
augier
2c7d102019 Design for authorization page when client_name not providen + XSS spec 2016-01-04 16:49:55 +09:00
theworldbright
80cbc7d915 Destroy previous auths on new auth request 2016-01-04 16:49:55 +09:00
theworldbright
b3b9b39690 Fix request with prompt=none when not logged in 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
1dcefdb998 Validate sector identifier uri and redirect uri 2016-01-04 16:49:55 +09:00
theworldbright
a76f51a6a5 Use redirect_uri if no sector identifier for ppid 
As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg:

"If the Client has not provided a value for
sector_identifier_uri in Dynamic Client Registration
[OpenID.Registration], the Sector Identifier used
for pairwise identifier calculation is the host
component of the registered redirect_uri."
 2016-01-04 16:49:55 +09:00
augier
8c2af74447 Fixing last remarks 2016-01-04 16:49:54 +09:00
augier
c33cce0953 Styling user consent form 2016-01-04 16:49:54 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
054e421829 Remove zone info claim 2016-01-04 16:49:53 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
theworldbright
24fd70676c Fix webfinger discovery route 2016-01-04 16:49:53 +09:00
theworldbright
ab65617958 Add support for max_age parameter 
Additionally add support for prompt's login option

Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:53 +09:00
theworldbright
25f51c606a Add support for prompt parameter 2016-01-04 16:49:53 +09:00
theworldbright
8be3be3e10 Refactor authorizations controller destroy action 2016-01-04 16:49:53 +09:00
augier
07c12ba057 Using Camo for the application logo 2016-01-04 16:49:53 +09:00
theworldbright
3734e074a6 Fix pronto errors 2016-01-04 16:49:52 +09:00
augier
b9da104b28 Revoke button on applications page 2016-01-04 16:49:52 +09:00
theworldbright
dd337d4163 Remove JSON root from client controller 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:52 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
d834a1d4d0 Replace user info endpoint with supported claims 
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
 2016-01-04 16:49:51 +09:00