David Taylor
5e1f1a57db
FIX: Correctly handle end_session_endpoint with query parameters ( #18 )
2021-09-17 17:00:29 +01:00
discoursebot
cb3f891361
DEV: Update CI workflows ( #17 )
...
Co-authored-by: CvX <CvX@users.noreply.github.com>
2021-09-15 19:48:40 +02:00
dependabot[bot]
4b82ee9304
Bump path-parse from 1.0.6 to 1.0.7 ( #16 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-13 00:52:09 +02:00
David Taylor
4aa0e1b4ab
FIX: Ensure nonce mismatch causes auth to fail correctly ( #15 )
2021-08-09 13:25:10 +01:00
discoursebot
f32c23eece
DEV: Update CI workflows ( #14 )
...
Co-authored-by: davidtaylorhq <davidtaylorhq@users.noreply.github.com>
2021-07-02 16:39:56 +02:00
dependabot[bot]
dd1d00ea9f
Bump glob-parent from 5.1.1 to 5.1.2 ( #13 )
...
Bumps [glob-parent](https://github.com/gulpjs/glob-parent ) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases )
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md )
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2 )
---
updated-dependencies:
- dependency-name: glob-parent
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-12 13:58:50 +02:00
dependabot[bot]
d457171bfa
Bump lodash from 4.17.20 to 4.17.21 ( #12 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-10 13:40:29 -04:00
dependabot[bot]
ce59261c3f
Bump rexml from 3.2.4 to 3.2.5 ( #11 )
...
Bumps [rexml](https://github.com/ruby/rexml ) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/ruby/rexml/releases )
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md )
- [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-02 17:11:23 +02:00
dependabot[bot]
92f0bffc90
Bump y18n from 4.0.0 to 4.0.1 ( #10 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-01 11:24:14 +02:00
discoursebot
e1c9411e30
DEV: Update CI workflows ( #9 )
...
Co-authored-by: CvX <CvX@users.noreply.github.com>
2021-03-18 16:49:38 +11:00
discoursebot
0ae547fbc3
DEV: Update CI workflows ( #8 )
...
Co-authored-by: justindirose <justindirose@users.noreply.github.com>
2021-01-04 14:18:40 -06:00
Discourse CI
a03a26535d
DEV: Update CI workflows
2020-11-15 16:09:46 +00:00
David Taylor
4170927338
FEATURE: Support RP-initiated logout post_logout_redirect_uri
2020-11-12 17:16:11 +00:00
David Taylor
a9dd528aea
FIX: RP-initiated logout should pass id_token, not access_token
2020-11-12 17:16:11 +00:00
David Taylor
3ad22e0cef
FEATURE: Add support for OIDC RP-initiated logout ( #5 )
...
Based on the specification at https://openid.net/specs/openid-connect-rpinitiated-1_0.html
When logging out, this feature will redirect the user to the end_session_url from the discovery document. Their most recent id token will be included in the `id_token_hint` parameter.
To use this, the identity provider must include an end_session_url in the discovery document, and the openid_connect_rp_initiated_logout site setting must be enabled.
2020-11-12 15:21:43 +00:00
David Taylor
85abe67701
FIX: Gracefully handle errors while fetching the discovery document ( #4 )
...
Previously an error loading the discovery document would raise an exception. Now, it will display an error to the user, and log the error for site admins to view at `/logs`. Specs are updated and improved accordingly.
This moves the discovery document fetching out of OmniAuth and into Discourse. This makes it available for the upcoming rp-initiated-logout support.
2020-11-11 18:46:11 +00:00
David Taylor
109f910fd5
DEV: Fix plugin when installed alongside discourse-jwt ( #3 )
...
Replace `JWT` with `::JWT` so that it doesn't get resolved to `Omniauth::Strategies::JWT`
2020-11-11 15:27:23 +00:00
Discourse CI
62c63d78ec
DEV: Update CI workflows
2020-10-14 16:27:52 +00:00
Discourse CI
297e29fcbe
DEV: Update CI workflows
2020-10-12 08:16:53 +00:00
Discourse CI
bc3e208526
DEV: Update CI workflows
2020-10-09 19:03:17 +00:00
Justin DiRose
2727ed4fa1
DEV: Apply coding standards ( #2 )
2020-10-09 13:52:08 -05:00
Discourse CI
e7ff3dccbf
DEV: Update CI workflows
2020-10-09 16:15:05 +00:00
Discourse CI
c8ace5e9d4
DEV: Update CI workflows
2020-10-09 15:09:46 +00:00
buildthomas
0112e5a046
Fix avatar picture in auth hash info ( #1 )
...
Managed Authenticator expects `image` field, not `picture`:
09a97363da/lib/auth/managed_authenticator.rb (L87)
2020-09-28 12:27:17 +01:00
David Taylor
18c20c29a0
FIX: Do not verify the `iat` claim in JWT tokens
...
The JWT specification (https://tools.ietf.org/html/rfc7519#page-10 ) does not require verification of this claim. If the issuer wishes to restrict the validity of the token, they can use the 'nbf' (not before) claim which is intended for this purpose. Discourse will verify the `nbf` claim if it is present.
In practice, clock skew between identity providers and Discourse was causing JWT validity errors to be raised.
2020-09-25 10:35:40 +01:00
David Taylor
109ec1a275
FEATURE: Add detailed OIDC request and response logs
...
This makes use of Faraday middleware to log precise details about all requests made by the OAuth2 gem. This should make it easier to debug configuration issues
2020-09-25 09:47:24 +01:00
David Taylor
9ada9528e8
FIX: Accept strings for the email_verified token
...
This is technically a spec violation, but many providers do this so we should check for the string 'true'
2020-07-10 16:49:32 +01:00
David Taylor
20c835ea06
DEV: Remove deprecated full screen login parameter
2020-05-12 12:13:38 +01:00
David Taylor
2ef80870d3
FIX: Do not include token scope parameter when setting is empty
2020-04-01 17:50:23 +01:00
David Taylor
84c21a572c
FEATURE: Optionally allow overriding email on every login
2020-03-06 11:51:41 +00:00
David Taylor
9ad63a3fc7
FEATURE: Allow parameters to be passed from /auth/oidc to the IDP
...
The most common use case is when you want the IDP to start with a specific screen (e.g. signup, rather than sign in). This change has no effect by default, you must add the parameter names to the openid_connect_authorize_parameters site setting.
2020-01-08 14:15:32 +00:00
David Taylor
67a5595e98
FEATURE: Respect the email_verified boolean when supplied by IDP
2020-01-08 13:54:37 +00:00
David Taylor
3e83fa9c50
DEV: Refactor authenticator into its own file
2020-01-08 13:52:24 +00:00
Guo Xiang Tan
1f08770d1a
Add frozen string literal comment to files.
2019-05-13 10:51:32 +08:00
David Taylor
94bba5f710
FEATURE: Option to enable verbose logging of authentication process
2019-01-04 15:08:35 +00:00
David Taylor
d394c12078
FEATURE: Support latest version of `ruby-jwt` to support core changes
...
This change is not backwards compatible. If you install the plugin on
an earlier version of Discourse, the plugin will not initialize.
2019-01-02 10:42:28 +00:00
David Taylor
88fdf7b5ab
DEV: Update README
2018-12-06 16:14:28 +00:00
David Taylor
84085413d5
REFACTOR: user_associated_account and managed_authenticator moved to core
2018-11-30 11:20:28 +00:00
David Taylor
250bf84faa
DEV: Improve specs for managed authenticator
2018-11-27 17:05:00 +00:00
David Taylor
a41be68dfe
DEV: Initial specs for managed authenticator
2018-11-26 18:03:23 +00:00
David Taylor
79d377cb12
DEV: Use mocha instead of rspec-mocks for omniauth spec
2018-11-26 18:03:08 +00:00
David Taylor
f44a2cd7bb
DEV: Refactor managed_authenticator into its own file
2018-11-26 14:54:20 +00:00
David Taylor
b3124f90d2
DEV: Spec for error redirect handler
2018-11-26 12:04:01 +00:00
David Taylor
adcc85dde3
FEATURE: Add enabled setting, and some refactoring
2018-11-22 14:49:49 +00:00
David Taylor
8558d65e67
DEV: Additional tests, and improved JWT error handling
2018-11-22 12:44:38 +00:00
David Taylor
ba3685f2ef
DEV: Test token_params
2018-11-22 11:24:31 +00:00
David Taylor
17f12b05ce
DEV: Specs for authorize_params
2018-11-21 16:57:03 +00:00
David Taylor
a74bd6c27a
FIX: Discovery error handling in request phase
2018-11-21 16:56:46 +00:00
David Taylor
d8f2ceb65a
DEV: Add stylesheet placeholder
2018-11-21 15:48:20 +00:00
David Taylor
78a792b5b6
FIX: Improved 'discovery' error handling, with tests
2018-11-21 15:28:01 +00:00