Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update auth methods and claims from discovery endpoint #1951

Merged
merged 1 commit into from
Jan 23, 2021
Merged

fix: update auth methods and claims from discovery endpoint #1951

merged 1 commit into from
Jan 23, 2021

Conversation

nabokihms
Copy link
Member

Signed-off-by: m.nabokikh maksim.nabokikh@flant.com

Overview

  • Update claims_supported
  • Update token_endpoint_auth_methods_supported

What this PR does / why we need it

Dex supports sending client credentials via post but doesn't say about it on discovery. The same about claims.

Special notes for your reviewer

Adding client_secret_post to auth metods is required to pass Basic OpenID certification tests.

Does this PR introduce a user-facing change?

Discovery endpoint contains updated claims and auth methods.

@nabokihms
fix: update auth methods and claims in discovery endpoint
283a878 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
@sagikazarmark sagikazarmark added this to the v2.28.0 milestone Jan 23, 2021
sagikazarmark
sagikazarmark approved these changes Jan 23, 2021
View reviewed changes
Copy link
Member

@sagikazarmark sagikazarmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@sagikazarmark sagikazarmark merged commit 7cf43fd into dexidp:master Jan 23, 2021
xtremerui pushed a commit to concourse/dex that referenced this pull request Mar 16, 2021
upstream dex release: v2.28.0
ef54461 
The official docker release for this release can be pulled from

```
ghcr.io/dexidp/dex:v2.28.0
```

**Features:**

- Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow (dexidp#1773, @HEllRZA)
- Allow configuration of returned auth proxy header (dexidp#1839, @seuf)
- Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false (dexidp#1902, @heidemn-faro)
- Added the possibility to activate lowercase for UPN-Strings (dexidp#1888, @VF-mbrauer)
- Add "Cache-control: no-store" and "Pragma: no-cache" headers to token responses (dexidp#1948, @nabokihms)
- Add gomplate to the docker image (dexidp#1893, @nabokihms)
- Graceful shutdown (dexidp#1963, @nabokihms)
- Allow public clients created with API to have no client_secret (dexidp#1871, @spohner)

**Bugfixes:**

- Fix the etcd PKCE AuthCode deserialization (dexidp#1908, @bnu0)
- Fix garbage collection logging of device codes and device request (dexidp#1918, @nabokihms)
- Discovery endpoint contains updated claims and auth methods (dexidp#1951, @nabokihms)
- Return invalid_grant error if auth code is invalid or expired (dexidp#1952, @nabokihms)
- Return an error to auth requests with the "request" parameter (dexidp#1956, @nabokihms)

**Minor changes:**

- Change default themes to light/dark (dexidp#1858, @nabokihms)
- Various developer experience improvements
- Dependency upgrades
- Tons of small fixes and changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sagikazarmark sagikazarmark sagikazarmark approved these changes

Assignees
No one assigned
Labels
area/oidc-certification kind/enhancement
Projects
None yet
Milestone
v2.28.0
Development

Successfully merging this pull request may close these issues.
2 participants
@nabokihms @sagikazarmark