Deepak Prabhakara
|
4e881b8374
|
strict equality check
|
2021-10-14 00:41:10 +01:00 |
Deepak Prabhakara
|
b0625d8d50
|
Merge pull request #3 from boxyhq/feat/encoded-clientid
Allow tenant and product to be encoded inside client_id
|
2021-10-14 00:38:07 +01:00 |
Deepak Prabhakara
|
c45b9d7b3b
|
allowed tenant and product to be encoded inside client_id
|
2021-10-14 00:29:19 +01:00 |
Deepak Prabhakara
|
52b00a3b1a
|
misc fixes and tweaks
|
2021-10-14 00:25:29 +01:00 |
Deepak Prabhakara
|
df9d7bcf4d
|
tweak
|
2021-10-10 14:19:04 +01:00 |
Deepak Prabhakara
|
4c4b996002
|
Added link to CodeSee visualizer
|
2021-10-10 14:17:09 +01:00 |
codesee-architecture-diagrams[bot]
|
293795ca83
|
Add CodeSee architecture diagram workflow to repository
|
2021-10-02 19:17:04 +00:00 |
Deepak Prabhakara
|
19633cf1b1
|
- fixed env var for internal server
- allow override of internal server
|
2021-09-18 12:44:55 +01:00 |
Deepak Prabhakara
|
8eec827dec
|
push to docker hub
|
2021-09-16 15:46:30 +01:00 |
Deepak Prabhakara
|
386adadf43
|
Merge pull request #1 from boxyhq/idp-login
IdP and SP login flows
|
2021-09-16 15:45:48 +01:00 |
Deepak Prabhakara
|
336758c687
|
docker multi step build
|
2021-09-16 12:52:32 +01:00 |
Deepak Prabhakara
|
a5bf5b6d9f
|
added DB_ENGINE and DB_URL env vars
|
2021-09-16 11:57:28 +01:00 |
Deepak Prabhakara
|
627c02ecca
|
fixed typo
|
2021-09-16 11:28:07 +01:00 |
Deepak Prabhakara
|
ead8313274
|
index.js -> jackson.js
|
2021-09-16 11:14:33 +01:00 |
Deepak Prabhakara
|
c15d5701af
|
added Dockerfile
|
2021-09-16 10:48:24 +01:00 |
Deepak Prabhakara
|
056b45ea7a
|
renamed '/me' => '/userinfo'
|
2021-09-16 00:42:20 +01:00 |
Deepak Prabhakara
|
f50f88f9a2
|
added cors to. the `/me` endpoint
|
2021-09-16 00:38:44 +01:00 |
Deepak Prabhakara
|
9337e35149
|
keep endpoints generic to oauth
|
2021-09-15 21:09:05 +01:00 |
Deepak Prabhakara
|
bb10075085
|
- support cors for the authorize endpoint
- fixed code_verifier check
|
2021-09-15 20:43:24 +01:00 |
Deepak Prabhakara
|
b91a5c0d8e
|
- delete session after we are done
- handle undefined client_id
|
2021-09-15 20:14:34 +01:00 |
Deepak Prabhakara
|
93df4808f1
|
refactor
|
2021-09-15 14:36:45 +01:00 |
Deepak Prabhakara
|
053584c622
|
more linting
|
2021-09-15 14:28:05 +01:00 |
Deepak Prabhakara
|
5759f7183c
|
lint
|
2021-09-15 13:09:57 +01:00 |
Deepak Prabhakara
|
ae841e61b4
|
fixed code_challenge_method check
|
2021-09-15 10:50:24 +01:00 |
Deepak Prabhakara
|
a059fce49a
|
full oauth flow (code and token + PKCE)
|
2021-09-15 01:35:19 +01:00 |
Deepak Prabhakara
|
9e990d5d80
|
check for session
|
2021-09-14 23:54:51 +01:00 |
Deepak Prabhakara
|
34557b8b03
|
Sign authnRequest (generate x509 pairs for each config)
|
2021-09-14 20:42:01 +01:00 |
Deepak Prabhakara
|
f17c3e0ecf
|
added x509 certs generation
|
2021-09-14 17:36:13 +01:00 |
Deepak Prabhakara
|
a9772b0d1c
|
revamped db and store interfaces
|
2021-09-14 15:20:55 +01:00 |
Deepak Prabhakara
|
6d9de7cd1d
|
removed Async from method names
|
2021-09-14 14:21:55 +01:00 |
Deepak Prabhakara
|
a8b775d12e
|
predictable clientID and clientSecret
|
2021-09-14 14:16:40 +01:00 |
Deepak Prabhakara
|
3ce46ad2de
|
tweaked clientID and clientSecret generation
|
2021-09-14 13:15:31 +01:00 |
Deepak Prabhakara
|
b55894ea46
|
tweaked clientID and added clientSecret
|
2021-09-14 12:58:38 +01:00 |
Deepak Prabhakara
|
dacaf7dbe5
|
use a generated session id (instead of state which is user supplied)
|
2021-09-13 10:54:21 +01:00 |
Deepak Prabhakara
|
319ba68ca0
|
- make state mandatory for oauth flow
- renamed idpRedirectUrl -> defaultRedirectUrl
|
2021-09-13 10:45:49 +01:00 |
Deepak Prabhakara
|
71bb8323d7
|
check if redirect_uri is allowed
|
2021-09-12 00:27:01 +01:00 |
Deepak Prabhakara
|
401e160845
|
appRedirectUrl -> idpRedirectUrl
|
2021-09-11 19:23:48 +01:00 |
Deepak Prabhakara
|
9c714036d0
|
- added idpEnabled config
- validate state
|
2021-09-10 22:12:33 +01:00 |
Deepak Prabhakara
|
2256c0f07c
|
separated out internal and external routes so that config need not be exposed as a public API
|
2021-09-09 21:03:49 +01:00 |
Deepak Prabhakara
|
74df111e82
|
switch from code to token (response_type)
|
2021-09-09 19:01:32 +01:00 |
Deepak Prabhakara
|
3d4bbeb6b1
|
- propagate state correctly
- store more metadata along with the saml config
|
2021-09-09 18:39:45 +01:00 |
Deepak Prabhakara
|
6fef37cb7f
|
- explicitly named async methods so we don't miss an await in front of it
- generate a new code before redirecting to url
- Verify InResponseTo and state
|
2021-09-09 15:42:16 +01:00 |
Deepak Prabhakara
|
ae8ef41dde
|
use redis multi/exec to create a transaction
|
2021-09-08 22:17:42 +01:00 |
Deepak Prabhakara
|
379d8911ed
|
Working SP initiated flow
|
2021-09-08 22:06:10 +01:00 |
Deepak Prabhakara
|
2057db40f8
|
use RelayState to propagate state and relaed query params. TODO: Use cookies as fallback
|
2021-09-06 23:04:09 +01:00 |
Deepak Prabhakara
|
9a874cf409
|
encapsulated key digest in the store
|
2021-09-06 01:43:06 +01:00 |
Deepak Prabhakara
|
e1915625f7
|
added secondary indexes for entityID and tenant + product
|
2021-09-06 00:56:37 +01:00 |
Deepak Prabhakara
|
6c222e70ad
|
es6 tweaks
|
2021-09-05 22:27:03 +01:00 |
Deepak Prabhakara
|
09e0bb0327
|
tweaked default audience
|
2021-09-05 22:25:36 +01:00 |
Deepak Prabhakara
|
c01bfeb110
|
formatting
|
2021-09-03 14:47:43 +01:00 |