barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-04-11 00:07:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
742 Commits 23 Branches 122 Tags
ba8dc42578614f9770919425c158fe0ca22a21df
Commit Graph

278 Commits

Author SHA1 Message Date
Stavros
ba8dc42578 feat: add x-tinyauth-location to nginx response 
Solves #773. Normally you let Nginx handle the login URL creation but with this "hack"
we can set an arbitary header with where Tinyauth wants the user to go to. Later the
Nginx error page can get this header and redirect accordingly.
 2026-04-10 18:21:33 +03:00
Stavros
b44dc75f54 fix: return 307 redirects for envoy proxy instead of 401 (#782) 
* fix: return 307 redirects for envoy proxy instead of 401

* tests: extend testing for non browser detection in all proxies
 2026-04-10 18:11:10 +03:00
Stavros
061d28f5e3 refactor: use tinyauthapp/paerser instead of traefik/paerser (#781) 
* refactor: use own paerser library instead of traefik

* chore: remove submodules from release images and workflows
 2026-04-10 17:36:13 +03:00
Stavros
2c1b62f464 feat: preserve oidc params in oauth flow (#772) 2026-04-10 15:58:31 +03:00
Scott McKendry
646e24d98c feat(oidc): support access token in body for user info post (#769) 2026-04-08 09:54:54 +01:00
Scott McKendry
0d286d1864 feat(oidc): add post route for /userinfo (#767) 
easy two-liner to pass `oidcc-userinfo-post-header` test in conformance
suite.
 2026-04-07 23:28:38 +01:00
Stavros
165197e472 feat: add pkce support to oidc server (#766) 
* feat: add pkce support to oidc server

* tests: add test cases for pkce

* fix: review comments

* chore: remove debug line

* chore: remove simple logger from testing

* tests: add test for invalid challenge method

* chore: fix typo
 2026-04-07 19:04:20 +03:00
Stavros
3373dcc412 test: extend traefik browser tests 2026-04-02 18:46:38 +03:00
Stavros
9d666dc108 fix: skip browser detection for nginx and envoy 2026-04-02 18:24:38 +03:00
Stavros
892097dc4d fix: account for proxy type in browser response 2026-04-02 15:35:55 +03:00
Stavros
fc1d4f2082 refactor: use better ignore paths in context middleware (#743) 2026-04-01 17:07:14 +03:00
Stavros
da247f8552 fix: handle oauth provider id mismatch correctly 2026-03-30 23:02:20 +03:00
Stavros
5811218dbf refactor: tests (#731) 
* tests: rework tests for context controller

* tests: add tests for health controller

* tests: add tests for oidc controller

* tests: use testify assert in context and health controller

* tests: add tests for user controller

* tests: add tests for resources controller

* tests: add well known controller tests

* test: add proxy controller tests

* chore: review comments

* chore: more review comments

* chore: cancel lockdown in testing

* tests: fix get cookie domain tests

* chore: add comment for testing passwords
 2026-03-30 15:31:34 +03:00
Stavros
f65df872f0 refactor: allow root domain app urls for testing 2026-03-29 20:27:09 +03:00
Stavros
d3cda06a75 feat: add lockdown mode on multiple login attempts (#727) 
* feat: add lockdown mode on multiple login attempts

* fix: review comments

* fix: fix typo
 2026-03-28 20:35:49 +02:00
Stavros
f26c217161 refactor: oauth flow (#726) 
* wip

* feat: add oauth session impl in auth service

* feat: move oauth logic into auth service and handle multiple sessions

* tests: fix tests

* fix: review comments

* fix: prevent ddos attacks in oauth rate limit
 2026-03-22 21:03:32 +02:00
Stavros
dc3fa58d21 refactor: refactor proxy controller to handle proxy auth modules better (#714) 
* wip

* fix: add extauthz to friendly error messages

* refactor: better module handling per proxy

* fix: get envoy host from the gin request

* tests: rework tests for proxy controller

* fix: review comments
 2026-03-14 19:56:15 +02:00
Stavros
b3de69e5d6 chore: add comment explaining uri header 2026-03-12 16:36:13 +02:00
Stavros
016a954963 fix: make a x forwarded uri an non required header 2026-03-12 16:26:42 +02:00
Stavros
b2a1bfb1f5 fix: validate client id on oidc token endpoint 2026-03-11 16:48:04 +02:00
Stavros
f1e869a920 fix: ensure user context has is logged in set to true 2026-03-11 15:57:50 +02:00
Stavros
cc5a6d73cf tests: ensure all forwarded headers are set on tests 2026-03-11 15:53:39 +02:00
Stavros
2e03eb9612 fix: do not continue auth on empty x-forwarded headers 2026-03-11 15:46:09 +02:00
Stavros
b6eb902d47 fix: fix typo in public key loading 2026-03-08 15:54:50 +02:00
Stavros
e3bd834b85 fix: support pkix public keys in oidc 2026-03-08 11:39:16 +02:00
Stavros
d7d540000f fix: state should not be a required field in oidc 2026-03-08 11:17:44 +02:00
Stavros
766270f5d6 fix: add kid header to id token 2026-03-08 11:07:15 +02:00
Stavros
69c6c0ba1d fix: add cache control header to token response 2026-03-04 19:38:52 +02:00
Stavros
a71f61df8d feat: add email verified claim 2026-03-04 15:52:31 +02:00
Stavros
6bf444010b feat: add nonce claim support to oidc server (#686) 
* feat: add nonce claim support to oidc server

* fix: review feedback
 2026-03-04 15:34:11 +02:00
Stavros
0e6bcf9713 fix: lookup config file options correctly in file loader 2026-03-03 22:48:44 +02:00
Stavros
de980815ce fix: include kid in jwks response 2026-03-03 22:48:44 +02:00
Stavros
cd410b6cdf refactor: categorize leftover config options (#682) 
* refactor: categorize leftover config options

* chore: update config description
 2026-03-02 19:49:59 +02:00
Stavros
24c5b35bdf feat: add user info claims to id token (#681) 
* feat: add user info claims to id token

* fix: omit empty user info values
 2026-03-02 16:08:17 +02:00
Stavros
43e0f3e713 chore: add correct oidc service documetation url 2026-02-26 17:37:47 +02:00
Stavros
4a1889c20b feat: oidc client create command (#672) 
* feat: add oidc client create command

* refactor: use own utility for creating random strings (more flexible
than stdlib)

* feat: validate client name to avoid config errors

* refactor: limit to only alphanumeric characters and hyphens

* refactor: remove the need of the logger in the create oidc client cmd
 2026-02-26 17:28:58 +02:00
Stavros
6112f977ea feat: auto generate example env file (#647) 
* feat: auto generate example env file

* refactor: simplify build paths func and better slice handling

* chore: forgot to stage everything

* chore: review comments

* refactor: remove square brackets because they mess up the syntax
highlighting

* refactor: use lowercase name to mark dynamic values
 2026-02-16 23:39:05 +02:00
Stavros
e078e8a3f0 refactor: move disable ui warnings to ui cfg and trusted proxies to auth 
cfg
 2026-02-16 19:18:40 +02:00
Stavros
22c4c262ea feat: add support for client secret post auth to oidc token endpoint 2026-02-07 21:04:58 +02:00
Stavros
baf4798665 fix: fix typo in oidc trusted redirect uris config 2026-02-07 12:59:25 +02:00
Stavros
ce25f9561f fix: ensure service configured check is set to true when service is 
configured
 2026-02-02 16:32:08 +02:00
Stavros
285edba88c refactor: better is configured check for ldap and oidc service 2026-02-02 16:25:49 +02:00
Stavros
51d95fa455 fix: do not append domains to users that have an email as the username 2026-02-02 16:25:49 +02:00
Stavros
fd16f91011 fix: ensure oidc service is configured before performing any actions 2026-02-02 16:25:49 +02:00
Stavros
fb671139cd feat: auto generate redirect url if empty 2026-02-02 16:25:49 +02:00
Stavros
eff5fc8b71 refactor: use is configured check in ldap service 2026-02-01 19:05:42 +02:00
Stavros
671343f677 feat: oidc (#605) 
* chore: add oidc base config

* wip: authorize page

* feat: implement basic oidc functionality

* refactor: implement oidc following tinyauth patterns

* feat: adapt frontend to oidc flow

* fix: review comments

* fix: oidc review comments

* feat: refresh token grant type support

* feat: cleanup expired oidc sessions

* feat: frontend i18n

* fix: fix typo in error screen

* tests: add basic testing

* fix: more review comments

* refactor: rework oidc error messages

* feat: openid discovery endpoint

* feat: jwk endpoint

* i18n: fix typo

* fix: more rabbit nitpicks

* fix: final review comments

* i18n: authorize page error messages
 2026-02-01 19:00:59 +02:00
Stavros
d67c3ab8a4 fix: ensure safe redirect check only accepts actual domains 2026-01-17 20:36:42 +02:00
Stavros
87e2b52a04 fix: set gin mode correctly 2026-01-17 20:26:48 +02:00
Stavros
4926e53409 feat: ldap group acls (#590) 
* wip

* refactor: remove useless session struct abstraction

* feat: retrieve and store groups from ldap provider

* chore: fix merge issue

* refactor: rework ldap group fetching logic

* feat: store ldap group results in cache

* fix: review nitpicks

* fix: review feedback
 2026-01-17 20:03:29 +02:00