File dex-oidc.changes of Package dex-oidc
-------------------------------------------------------------------
Thu Mar 24 18:02:47 UTC 2022 - michael@stroeder.com
- Update to version 2.31.1:
* chore: update golang image
-------------------------------------------------------------------
Sat Mar 05 13:55:15 UTC 2022 - michael@stroeder.com
- Update to version 2.31.0:
* Many dependency updates
* Bump Dex image to v2.30.0 for Kubernetes deployment example by @rdimitrov in #2232
* Update Go to 1.17 by @sagikazarmark in #2247
* refactor: move from io/ioutil to io and os package by @Juneezee in #2278
* feat: Add MySQL ent-based storage driver by @nabokihms in #2272
* chore: fix ioutil lint error after merging MySQL ent storage by @nabokihms in #2282
* Add parametrization of grant type supported in discovery endpoint by @ariary in #2265
* Resolves #2111 Option to fetch transitive group membership by @snuggie12 in #2268
* Return valid JWT access token from password grant by @enj in #2234
* fix: do not update offlinesession lastUsed field if refresh token was not updated by @nabokihms in #2300
* fix web static file path slash error for win platform by @copperyp in #2305
* Update grpc by @sagikazarmark in #2321
* ci: fix container image permissions by @sagikazarmark in #2329
* feat: print dex version in the logs by @iam-veeramalla in #2337
* OAuth connector by @xtremerui in #1630
* fix: return invalid_grant error on claiming token of another client by @nabokihms in #2344
* chore: warning about deprecated LDAP groupSearch fields by @nabokihms in #2026
* Add Nix environment by @sagikazarmark in #2324
* Update dependencies in the examples package by @sagikazarmark in #2372
* add sigstore to ADOPTERS.md by @bobcallaway in #2374
* Add claimMapping enforcement by @Happy2C0de in #2233
* ci: run trivy scan on container image by @sagikazarmark in #2387
* chore: update gomplate by @sagikazarmark in #2388
* chore: update golangci-lint download script by @nabokihms in #2394
* [fix] Replace /teams API w/ /workspaces endpoints by @rahulchheda in #2390
* ci: add Docker cache to speed builds up by @sagikazarmark in #2400
* distroless: Dockerfile works with distroless base image by @ankeesler in #2378
* Update dependencies by @sagikazarmark in #2404
* Update API package by @sagikazarmark in #2405
-------------------------------------------------------------------
Mon Jan 17 21:05:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Use go 1.16 or newer
-------------------------------------------------------------------
Mon Dec 27 23:58:03 UTC 2021 - michael@stroeder.com
- Update to version 2.30.2:
* ci: fix container image permissions
* chore: upgrade alpine
-------------------------------------------------------------------
Wed Oct 13 18:56:45 UTC 2021 - michael@stroeder.com
- set go_version to 1.16 as required
- Update to version 2.30.0:
* v2.30.0
- Features:
+ Improve auth flow error handling (#1862, @tkleczek)
+ Create CRDs as apiextensions.k8s.io/v1 (#2025, @nabokihms)
+ Read a namespace from the file for the Kubernetes storage client (#2092, @nabokihms)
+ Update token periodically if Dex is running in a Kubernetes cluster (#2112, @nabokihms)
- Bugfixes:
+ Fix refreshing tokens that obtained with the password grant type (#2199, @hensur)
+ Use only one sqlite3 connection to avoid the "database is locked" error (#2212, @salmanisd)
- Minor changes:
+ Add the ent-based postgres storage (#2121, @nabokihms)
+ Demonstrate use of the htpasswd for the bCrypt hashing in static passwords (#2218, @jglick)
- Dependencies:
+ github.com/spf13/cobra 1.1.3 -> 1.2.1
+ google.golang.org/grpc 1.38.0 -> 1.39.0
+ google.golang.org/api 0.49.0 -> 0.52.0
+ Build golang docker image 1.16.5-alpine3.13 -> 1.16.6-alpine3.13
* v2.29.0
- Features:
+ Add sprig v3 functions to web templates (#2152, @nabokihms)
+ Add ent-based sqlite3 storage (#1906, @nabokihms)
+ Support setting the prompt type for the Microsoft connector (#1912, @ricky26)
+ Embed web assets (#2054, @sagikazarmark)
- Bugfixes:
+ Defer creation of auth request (#1865, @al45tair)
+ Use /token endpoint to get tokens with device flow (#2010, @nabokihms)
+ Fix MySQL connection to use the provided port (#2100, @sagikazarmark)
- Security:
+ Use constant time comparison for client secret verification (#1861, @xtremerui)
- Minor changes:
+ Dependency upgrades
+ Tons of small fixes and changes
-------------------------------------------------------------------
Fri May 14 11:28:18 UTC 2021 - rpm@fthiessen.de
- Update to version 2.28.1:
* Features:
* Add c_hash to id_token, issued on /auth endpoint, when in
hybrid flow
* Allow configuration of returned auth proxy header
* Allow to disable os.ExpandEnv for storage + connector configs
by env variable DEX_EXPAND_ENV = false
* Added the possibility to activate lowercase for UPN-Strings
* Add "Cache-control: no-store" and "Pragma: no-cache" headers
to token responses
* Graceful shutdown
* Allow public clients created with API to have no client_secret
* Bugfixes:
* Fix the etcd PKCE AuthCode deserialization
* Fix garbage collection logging of device codes and device request
* Discovery endpoint contains updated claims and auth methods
* Return invalid_grant error if auth code is invalid or expired
* Return an error to auth requests with the "request" parameter
- Update to version 2.27.0:
* Security release, fixing: CVE-2020-26290
* connector/saml: Validate XML roundtrip data before processing
request
- Update to version 2.26.0:
* Require go 1.15
* Features:
* Add constructor for static key strategy
* Add team groups support to bitbucket connector
* Allow Authorization header when doing CORS
* Retry Kubernetes update requests
* PKCE support
* Allow public clients to have redirect URLs other than localhost
* Bugfixes:
* Abort connector login if connector was already set
* Replace deprecated teams endpoint in bitbucket connector
* Log errors from login during password grant
* Handle Kubernetes API conflicts properly for signing keys
- Update to version 2.25.0:
* Features:
* Move the API package to a separate module
* OAuth2 Device Authorization Grant
* Support username, email and groups claim in OIDC connector
* Bugfixes:
* Add offline_access scope in microsoft connector, if required
* Allow the google connector to work without a service account
- Update to version 2.24.0:
* Features:
* Keystone connector: Added Email to Identity
* Atlassian Crowd connector: allow preferred_username claim
to be set
* Github connector: pass redirect_uri
* server: allow having no secret for static public clients
* SAML connector: add flag for filtering groups
* Bug fixes, misc changes:
* storage/kubernetes: wrap Kubernetes host address in square
brackets for IPv6
* storage/kubernetes: remove shadowed ResourceVersion from
connector
* server/handlers: do not fail login if refresh token gone
* server/handlers: automatic consistency fixing in case of
missing refresh token in db
* OIDC connector: add Icon
* OpenShift connector: rootCA option
-------------------------------------------------------------------
Fri Apr 03 10:44:54 UTC 2020 - fcastelli@suse.com
- Remove example programs from the final package. They are not needed and
would make the dex container bigger.
- Removed fix-default-web-path.patch: the patch already merged upstream
- Removed fix-unmarshal-web-config.patch: the patch already merged upstream
- Update to version 2.23.0:
* Features:
- connector: Atlassian Crowd connector
- connector/ldap: add multiple user to group mapping
- Add support for password grant
- Add ability to set ID and Secret from environment variables for static clients
* Bugfixes:
- Provider icons use the connector name, not the ID
- storage/mysql: increase auth_request.state length to 4096
- Changes from version 2.22.0:
* Features:
- google: Implement group whitelisting
- Read static password hash from environment variable
- OpenShift connector
* Bugfixes:
- Provider icons use the connector name, not the ID
- Changes from version 2.21.0:
* Features:
- Implement refreshing with Google
- Fetch groups in a Google Connector
- Add option to enable groups for oidc connectors
* Bugfixes:
- Fix spelling errors in docs
- preferred_username claim added on refresh token
- Changes from version 2.20.0:
* Features:
- connector/saml: Adding group filtering
- Run getUserInfo prior to claim enforcement
- server: templates: use relative URLs to refer to assets
- add preffered_username to idToken
* Bug fixes, misc changes:
- gitlab: add groups scope by default when filtering is requested
- Fix typo
- Fix typo
- storage/mysql: support pre-5.7.20 instances with tx_isolation only
- Fix URLs in curl cmd as stated in the overview doc
- Add note for redirect uri
- Changes from version 2.19.0:
* Features:
- connector/LDAP: display login error
- HTTPS/gRPC: Use a more conservative set of CipherSuites
* Bug fixes, misc changes:
- Update ADOPTERS.md
- storage/kubernetes: Removing Kubernetes TPR support
- Dockerfile: build with Golang 1.12.9
- Kubernetes docs: Clarify the origin of openid-ca
- Code update: Replace x/net/context with stdlib context
- Changes from version 2.18.0:
* Features:
- Storage: New MySQL storage backend
- gRPC: Add reflection to gRPC API
- Add option to always display connector selection even if there's only one
- Added "connector_id" to skip straight to a connector
- Allow arbitrary data to be passed to templates
- Gitlab: implement useLoginAsID as in GitHub connector
- Microsoft: option for group UUIDs instead of name and group whitelist
- gRPC: Add VerifyPassword to API
* Bug fixes, misc changes:
- Update ADOPTERS.md
- example-app: add connector_id
- Docs: fix MySQL sample query
- Code quality: fix some lint issues
- gRPC: fix logging in VerifyPassword
- Return config validation errors in one go
- Update all deps
- Return HTTP 400 for invalid state parameter
- Adjusting Makefile so that golint will compile
- Add tests for some callback handler error conditions
- Add examples for recent additions to oauth2 configuration options
- Bump deps for http2 issues
- Connectors: refactor filter code into a helper package
- Changes from version 2.17.0:
* Features:
- Add UserInfo endpoint
- Linkedin: Update to use v2 APIs
- server: add metrics for CORS handlers
- OIDC: Add option to hit the optional userinfo endpoint
- OIDC: Make userID configurable
- OIDC: Make userName configurable
- GitLab: support for group whitelist
* Bug fixes, misc changes:
- Print appropriate error when listing connectors fails
- Bitbucket docs: update permission requirements
- Round out logging interface with functions for all levels
- Fix typo in SAMLConnector interface
- travis: replace golang 1.10 and 1.11 with 1.12
- OIDC: truely ignore "email_verified" claim if configured that way
- Changes from version 2.16.0:
* Features:
- Add an option to the OpenID Connect connector to always set email_verified to true
- Docker image no longer runs dex as root
* Bug fixes, misc changes:
- Dex now logs client name instead of client_id
- Fixes for Go 1.11.4 modules
- Refactor logging to use an interface instead of logrus directly
- Changes from version 2.15.0:
* Features:
- Added Active Directory and Kubelogin integration sample
- Added option to use GitHub login as id
* Bug fixes, misc changes:
- Dockerfile Go version bumped to v1.11.5
- Minimum TLS version bumped to TLSv1.2
- Added @JoelSpeed as maintainer
- Added tests for LDAP filtering
- Print Access token in example app
- Add periodic storage health checking
- Changes from version 2.14.0:
* Features:
- There's a brand new Keystone connector!
- Github connector now returns a full group list when no org is specified, and you have
- opted-in to that behaviour
- Github connector allows for a 'both' option to use team name AND slug in TeamNameField
- Gitlab connector no longer requires to API scope
- Postgres storage backeng now works with UNIX sockets
- Postgres storage backend now exposes some tunables
- gRPC API: Add UpdateClient
- Make expiry of auth requests configurable
- LDAP connector - add emailSuffix config option
* Bug fixes, misc changes:
- Render error message provided by connector if user authentication failed
- Fix bogus conformance failure due to time zones
- Improved LDAP errors from upgrading go-ldap
- Removed incomplete, unmaintained storage adapters for CockroachDB and MySQL
- Removed unused startup scripts, adapted docs
- LDAP connector: Document that 'DN' must be in capitals
- Kubernetes docs: clarify steps around use/creation of TLS assets
- Bumped github.com/lib/pq
- Migrate to go modules
- Makefile: cleanups for newer versions of Go
- Dockerfile: update to Go 1.11.3
- Replace "GET", "POST" to http.MethodGet and http.MethodPost
-------------------------------------------------------------------
Thu Nov 15 16:04:57 UTC 2018 - Panagiotis Georgiadis <pgeorgiadis@suse.com>
- Fix boo#1116116 [dex Version: was not built properly]
- Revert the binary name back to 'dex'. Zypper conflict is expected to happen.
- Add two binaries: example-app, grpc-client
- Update to version 2.13.0
* Update to Go 1.11
* Mock connector support refresh tokens
* Dex no longer attempts to create CRDs if they're already created
* Updates to Kubernetes storage and RBAC docs
* Fix golint build issues
* Fix Bitbucket documentation
-------------------------------------------------------------------
Thu Feb 1 12:52:12 UTC 2018 - jmassaguerpla@suse.com
- Fix the binary name so we don't conflict with the dex package
which is something totally unrelated.
-------------------------------------------------------------------
Fri Dec 15 10:41:22 UTC 2017 - opensuse-packaging@opensuse.org
- Update to version 2.7.1:
* connector/github: only user users' login name in API reqs
* connector/github: debug->info logging, more informative userInOrg msg
* When connecting to GitHub Enterprise, force email verified field to true
* connector/github: error if no groups scope without orgs
* Updated comment to include reference to GitHub Enterprise not supporting verified emails
* server: set sane bcrypt cost upper bound
* connector/github: abstract scope check and group getter
* *: add standup script for LDAP
* storage/static.go: storage backend should not explicitly lower-case email ids.
* Documentation: OIDC conformance test setup
* Documentation: oidc conformance test case and issue tables
* server: fix panic caused by deleting refresh token twice through api
* [WIP]: add CRD support
* Updates coreos themes and icons for various providers
* Makefile: error out if go files aren't correctly formatted
* storage/kubernetes: add CRD support
* Documentation: add docs for TPR to CRD migration
* storage/kubernetes: Correct the OfflineSession object CRD definition
-------------------------------------------------------------------
Thu Oct 5 13:26:37 UTC 2017 - mmeister@suse.com
- Fix to actually apply the patch
-------------------------------------------------------------------
Thu Oct 5 12:57:03 UTC 2017 - rfernandezlopez@suse.com
- Add a patch to unmarshal the frontend settings from the
configuration file.
-------------------------------------------------------------------
Fri Sep 15 11:04:06 UTC 2017 - kmacinnes@suse.com
- Add a patch to set the default web directory to match the location
at which we install web content.
-------------------------------------------------------------------
Fri Sep 15 10:03:27 UTC 2017 - kmacinnes@suse.com
- Include web content within the RPM (bsc#1058833)
-------------------------------------------------------------------
Mon Sep 11 16:23:02 UTC 2017 - robert.roland@suse.com
- Renaming to caasp-dex
-------------------------------------------------------------------
Mon Sep 11 12:44:35 UTC 2017 - kmacinnes@suse.com
- Add missing copyright notice to spec file
-------------------------------------------------------------------
Thu Aug 31 20:27:47 UTC 2017 - rroland@suse.com
- Initial commit
