barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-12-31 12:32:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
562 Commits 47 Branches 93 Tags
dabb4398ada7c7433f6da0f5daec1fc77eb55ed2
Commit Graph

29 Commits

Author SHA1 Message Date
Olivier Dumont
020fcb9878 Add OIDC provider functionality with validation setup 
This commit adds OpenID Connect (OIDC) provider functionality to tinyauth,
allowing it to act as an OIDC identity provider for other applications.

Features:
- OIDC discovery endpoint at /.well-known/openid-configuration
- Authorization endpoint for OAuth 2.0 authorization code flow
- Token endpoint for exchanging authorization codes for tokens
- ID token generation with JWT signing
- JWKS endpoint for public key distribution
- Support for PKCE (code challenge/verifier)
- Nonce validation for ID tokens
- Configurable OIDC clients with redirect URIs, scopes, and grant types

Validation:
- Docker Compose setup for local testing
- OIDC test client (oidc-whoami) with session management
- Nginx reverse proxy configuration
- DNS server (dnsmasq) for custom domain resolution
- Chrome launch script for easy testing

Configuration:
- OIDC configuration in config.yaml
- Example configuration in config.example.yaml
- Database migrations for OIDC client storage
 2025-12-30 12:17:55 +01:00
Stavros
a1c3e416b6 refactor: use proper module name (#542) 
* chore: reorganize go mod

* refactor: use proper module name
 2025-12-26 17:53:24 +02:00
Stavros
03ed18343e feat: unified config (#533) 
* chore: add yaml config ref

* feat: add initial implementation of a traefik like cli

* refactor: remove dependency on traefik

* chore: update example env

* refactor: update build

* chore: remove unused code

* fix: fix translations not loading

* feat: add experimental config file support

* chore: mod tidy

* fix: review comments

* refactor: move tinyauth to separate package

* chore: add quotes to all env variables

* chore: resolve go mod and sum conflicts

* chore: go mod tidy

* fix: review comments
 2025-12-22 22:13:40 +02:00
Stavros
78f97c8550 refactor: split bootstrap to smaller files for better readability (#518) 
* refactor: split bootstrap to smaller files for better readability

* chore: rename setup routes to setup router

* fix: assign configured providers to app context
 2025-12-17 15:04:09 +02:00
Stavros
6c90046343 feat: add option to disable ui warnings 2025-11-21 17:37:08 +02:00
Stavros
6d663bb1e8 fix: use unix seconds in db cleanup 2025-11-15 11:45:19 +02:00
Stavros
60dada86a6 feat: add support for listening on unix sockets 2025-11-04 18:42:04 +02:00
Chris Ellrich
c5bb389258 feat: ACL labels from environment variables (#422) 
* feat: add LabelService to retrieve application labels from environment variables

* feat: allow usage of labels from docker and env variables simultaneously

Prioritize labels from environment variables over labels from docker
labels

* fix: handle error returned by label_serive.go/LoadLabels

see https://github.com/steveiliop56/tinyauth/pull/422#discussion_r2443443032

* refactor(label_service): use simple loop instead of slices.ContainsFunc to avoid experimental slices package
see https://github.com/steveiliop56/tinyauth/pull/422#pullrequestreview-3354632045

* refactor: merge acl logic into one service

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2025-10-21 16:02:31 +03:00
Stavros
7231efcbc3 feat: add routine to cleanup expired sessions 2025-10-19 19:10:24 +03:00
Stavros
1b87ed9b99 feat: add config dumps to trace log level 2025-10-12 11:29:31 +03:00
Stavros
fc7e395e66 feat: sort configured providers based on name length 2025-10-10 17:16:22 +03:00
Stavros
b940d681c3 feat: use recovery gin middleware in engine 2025-10-10 16:42:19 +03:00
Stavros
c77da30d87 refactor: set gin mode using env 2025-10-08 16:24:14 +03:00
Stavros
adffb4ac0a fix: names in oauth broker 2025-10-08 15:15:30 +03:00
Stavros
085f6257c5 fix: fix oauth group provider check 2025-09-25 22:35:44 +03:00
Stavros
c307f7eb2e fix: handle 201 status for heartbeat 2025-09-22 19:56:59 +03:00
Stavros
e8558b89b4 fix: set gin mode correctly 2025-09-22 16:15:55 +03:00
Stavros
f8047a6c2e feat: add option to disable resources server 2025-09-22 15:52:43 +03:00
Stavros
d70cbea546 chore: handle trusted proxies config error 2025-09-19 14:53:10 +03:00
Stavros
50105e4e9d feat: version info analytics (#363) 
* feat: version info analytics

* refactor: don't create new client everytime
 2025-09-19 14:44:22 +03:00
Stavros
b62b2932fe fix: only set trusted proxies if config option is not empty 2025-09-16 15:14:42 +03:00
Stavros
5c866bad1a feat: multiple oauth providers (#355) 
* feat: add flag decoder (candidate)

* refactor: finalize flags decoder

* feat: add env decoder

* feat: add oauth config parsing logic

* feat: implement backend logic for multiple oauth providers

* feat: implement multiple oauth providers in the frontend

* feat: add some default icons

* chore: add credits for parser

* feat: style oauth auto redirect screen

* fix: bot suggestions

* refactor: rework decoders using simpler and more efficient pattern

* refactor: rework oauth name database migration
 2025-09-16 13:28:28 +03:00
Stavros
2d78e6b598 feat: add cookie domain back to context controller 2025-09-10 13:47:48 +03:00
Stavros
e03eaf4f08 feat: add psl check in cookie domain 2025-09-10 13:43:08 +03:00
Stavros
773cd6d171 feat: add trusted proxies config value 2025-09-03 12:14:13 +03:00
Stavros
b9e35716ac feat: invalid domain warning (#332) 
* wip

* refactor: update domain warning layout

* i18n: add domain warning translations

* refactor: rework hooks usage

* feat: clear timeouts

* fix: use useeffect to cleanup timeout

* refactor: rework redirects and history storage

* refactor: rename domain to root domain
 2025-09-01 18:22:42 +03:00
Stavros
c7c3de4f78 refactor: unify labels (#329) 
* refactor: unify labels

* feat: implement path block and user block

Fixes #313

* fix: fix oauth group check logic

* chore: fix typo
 2025-08-29 17:04:34 +03:00
Stavros
03d06cb0a7 feat: add sqlite database for storing sessions (#326) 
* feat: add sqlite database for storing sessions

* refactor: use db instance instead of service in auth service

* fix: coderabbit suggestions
 2025-08-29 12:35:11 +03:00
Stavros
504a3b87b4 refactor: rework file structure (#325) 
* wip: add middlewares

* refactor: use context fom middleware in handlers

* refactor: use controller approach in handlers

* refactor: move oauth providers into services (non-working)

* feat: create oauth broker service

* refactor: use a boostrap service to bootstrap the app

* refactor: split utils into smaller files

* refactor: use more clear name for frontend assets

* feat: allow customizability of resources dir

* fix: fix typo in ui middleware

* fix: validate resource file paths in ui middleware

* refactor: move resource handling to a controller

* feat: add some logging

* fix: configure middlewares before groups

* fix: use correct api path in login mutation

* fix: coderabbit suggestions

* fix: further coderabbit suggestions
 2025-08-26 15:05:03 +03:00