-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: OAuth 2.0 Device Authorization Grant #2416 #3252
Open
supercairos
wants to merge
317
commits into
ory:master
Choose a base branch
from
BuzzBumbleBee:feat_dev_grants_2x
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+3,508
−92
Open
Changes from 250 commits
Commits
Show all changes
317 commits
Select commit
Hold shift + click to select a range
392d4c5
fix: improve lazy initialization of JWKs
aeneasr 5de9fcb
feat: allow config context
aeneasr dd02c7b
fix: cockroach migration fixes
aeneasr 18b74bd
fix: lazy load PKI
aeneasr 41283d5
test: update fixtures
aeneasr 8c13153
fix: improve jwk generator defaults
aeneasr 2dfe393
chore: format
aeneasr 7c134b7
refactor(sdk): rename PatchDocument to JsonPatchDocument
aeneasr 719db10
fix(sdk): resolve type issues and regenerate SDK
aeneasr 5161259
chore(sdk): remove obsolete template
aeneasr 1a3f2c2
feat(sdk): add missing bearer security definition
aeneasr f6cb9f4
chore: styles
aeneasr 85e3eae
chore: fix compile and lint issues
aeneasr 26d752a
fix(sdk): remove pattern from scope parameter
aeneasr 9a8a7ab
fix: resolve test issues and regressions introduced by the new JWK ge…
aeneasr 364ba11
fix: regression in database layer
aeneasr fcd53d2
fix(hsm): public key extraction
aeneasr b8fb997
fix(hsm): public key extraction everywhere
aeneasr 8484d1e
chore: upgrade golangci-lint
aeneasr 0311aea
fix: compile issue
aeneasr 762e3eb
test(e2e): respect metadata
aeneasr 0496a32
fix(jwk): expose correct metadata algorithms
aeneasr 19bfc53
test(hsm): resolve test issues
aeneasr 7461b13
chore: format
aeneasr 1a6c5e7
test(e2e): upgrade jwks-rsa
aeneasr 81f8a81
test(e2e): upgrade cypress
aeneasr 774a158
fix: default back to RS256 keys
aeneasr 406a091
chore: format
aeneasr f72e695
test: update snapshots
aeneasr f90079a
fix: missing data in JWT grant (#3143)
aeneasr c635b12
fix(sdk): handle all error codes (#3153)
aeneasr e119e1a
fix: support issuer with and without trailing slash
aeneasr a9f151c
test(e2e): fix issuer URL
aeneasr faa17da
test: update snapshots
aeneasr 55aa649
chore: remove stray console.log's
aeneasr a6f6923
test(e2e): add trailing slash to issuer
aeneasr 499705a
feat: add ability to allow token refresh from hook without overriding…
zachabney 1293447
refactor(client): make OAuth2 Client IDs system-chosen and immutable
aeneasr 1b48b3d
fix: ignore cypress screenshots in git
aeneasr c43cc6b
chore: format
aeneasr 5fd77e1
fix: incorrect queries
aeneasr e59cf18
test(e2e): resolve test regressions
aeneasr 9cf3ebc
fix: quickstart with SQLite
aeneasr c0c67bf
test(e2e): fix jwt regression
aeneasr a25b3d1
fix: client specific CORS
aeneasr 71ff745
feat: respect local DNS restrictions
aeneasr 8857ec6
fix: resolve token prefix regression
aeneasr 07611d7
test: fix flaky equal check
aeneasr da9a06d
chore: update formatter and formatting
aeneasr 3ccbb82
ci: do not use --verbose flag
aeneasr 0ebe76c
feat: add token prefixes
aeneasr 288b7a9
test: fix flaky equal check
aeneasr 45b78dd
chore: update fosite dependency
aeneasr 2b486a6
chore: upgrade crdb to v22.x
aeneasr afeb4ea
feat: support alternate hashing algorithms for client secrets
aeneasr 7b824c5
refactor: rename `hydra clients create` command
aeneasr c27dcdb
feat(cli): significantly improved `create client`
aeneasr 7b33224
refactor: rename `hydra clients get` command
aeneasr d562759
refactor: rename `hydra clients delete` command
aeneasr c2d63ef
refactor: rename `hydra clients list` command
aeneasr efb0d81
refactor(client): replace limit and offset parameters with page_token…
aeneasr 757ec07
refactor: rename `hydra clients update` command
aeneasr 23711f6
refactor: rename `hydra clients import` command
aeneasr 30a5ddc
fix: compile errors
aeneasr bc9d7f0
refactor: remove `/oauth2/flush` endpoint
aeneasr 8840450
refactor: `hydra keys` command
aeneasr 1c1ee10
refactor: `hydra token client` command
aeneasr 09ad37e
refactor: CLI environment variables `HYDRA_URL` has been renamed to `…
aeneasr 9d6ab4e
test: update snapshots
aeneasr 172ad1d
refactor: `hydra token delete` command
aeneasr e8dacf7
refactor: `hydra token introspect` command
aeneasr eedeb21
refactor: `hydra token revoke` command
aeneasr a7b6e76
fix: remove incorrect aliases
aeneasr 2083f37
chore: update golang and alpine
aeneasr 2592e6f
feat: improve CLI messages
aeneasr 9e9e6cc
chore: remove mod rewrites
aeneasr f2ba68b
chore: fix lint issues
aeneasr bd247cd
test(e2e): fix build instructions
aeneasr bea251a
refactor: environment variable `DATABASE_URL` has been deprecated
aeneasr 980d92b
fix: update benchmark script
aeneasr 351e13c
test(conformance): add directory
aeneasr 9340003
refactor: deprecate `--dangerous-allow-insecure-redirect-url` flag
aeneasr 58fefe7
refactor: deprecate `--dangerous-force-http` flag
aeneasr 45c0688
feat: improve cookie settings
aeneasr 456f24a
feat: make CORS config hot reloadable
aeneasr 895195b
feat: improved cookie controls
aeneasr e694217
feat: rebuild containers on start
aeneasr 3215355
refactor(client): rename SDK methods and introduce `/admin` prefix
grantzvolsky c8aa92c
refactor(jwk): rename SDK methods and introduce `/admin` prefix
aeneasr 5432e57
unstaged - refactor sdk use across the board
aeneasr a6640a3
refactor(consent): rename SDK method from `revokeConsentSessions` to …
aeneasr 78ec7f2
refactor(consent): rename SDK method from `adminListSubjectConsentSes…
aeneasr 5e62ab6
refactor(consent): rename SDK method from `revokeAuthenticationSessio…
aeneasr e67b070
refactor(consent): rename SDK method from `getLoginRequest` to `admin…
aeneasr 08ded09
refactor(consent): rename SDK method from `acceptLoginRequest` to `ad…
aeneasr 6451fe6
refactor(consent): rename SDK method from `rejectLoginRequest` to `re…
aeneasr 5f50bc4
refactor(consent): rename SDK method from `getOAuth2ConsentRequest` t…
aeneasr 014757e
refactor(consent): rename SDK method from `acceptConsentRequest` to `…
aeneasr 523c0c8
refactor(consent): rename SDK method from `rejectConsentRequest` to `…
aeneasr b9691a6
refactor(consent): rename SDK method from `rejectLogoutRequest` to `a…
aeneasr c11e013
feat: improve refresh token error messages
aeneasr c7d5317
refactor: finalize consent SDK methods
grantzvolsky ef4439d
refactor(trust): rename SDK method from `trustJwtGrantIssuer` to `adm…
aeneasr 614608d
refactor(trust): rename SDK method from `getTrustedJwtGrantIssuer` to…
aeneasr 1e81ef0
refactor(trust): rename SDK method from `deleteTrustedJwtGrantIssuer`…
aeneasr 88fd959
refactor(trust): rename SDK method from `listTrustedJwtGrantIssuers` …
aeneasr 4078062
refactor(oauth2): rename SDK method from `discoverOpenIDConfiguration…
aeneasr cd9688d
refactor(oauth2): rename SDK method from `userinfo` to `getOidcUserInfo`
aeneasr f12ea23
refactor(oauth2): rename SDK method from `introspectOAuth2Token` to `…
aeneasr 436da68
refactor(oauth2): rename SDK method from `oauth2Token` to `performOAu…
aeneasr a1da0ef
refactor(oauth2): rename SDK method from `deleteOAuth2Token` to `admi…
aeneasr 9b0b247
refactor(oauth2): clean up changes
aeneasr 0c246f3
chore: regenerate values
aeneasr 847ab83
fix: resolve internal SDK regressions
aeneasr 7fa2c32
fix: remove goswagger generated client
grantzvolsky 2d775a9
fix: docker image build
aeneasr a8ea371
fix: resolve conformance build issues
aeneasr ba9f436
fix: conformity health check
aeneasr 87bd804
test: fix conformity issues
aeneasr fb816c8
test: update paths to reflect new admin api
aeneasr 158e1a0
test: update resource limits
aeneasr 9028ed4
chore: remove fosite replace
aeneasr 71ada55
fix(sdk): use correct struct for response
aeneasr 803f814
refactor: rename `access_log` to `request_log`
aeneasr 547605a
fix: remove deprecated config value
aeneasr 44467fc
chore: remove unused code
aeneasr fa4345c
chore: reorganize definition
aeneasr 79a41fd
docs: update config key descriptions
aeneasr 97c0995
feat: add embedx helpers (#3189)
aeneasr ce7e92f
feat: make all ui urls relative
aeneasr d5703b0
fix: improve duration pattern
aeneasr d17ff7c
fix(config): add default to supported types.
aeneasr d50ad65
fix(config): disallow additional properties
aeneasr 472b93e
fix(config): correct salt detection
aeneasr 245c8d1
fix: improve time validation
aeneasr fb9597c
fix(sdk): genericError type
aeneasr 9046905
feat(sdk): type nulls
aeneasr 055f71f
fix: improve health check reporting
aeneasr 5af62e9
fix: pop compile issue
aeneasr 13bff88
fix: speed up health checks
aeneasr 2c34cba
fix: `max_age=0` forces authentication
aeneasr 48f3d96
fix(config): support number
aeneasr 2b4dfb9
fix(cli): output format issues
aeneasr 0c733f6
fix(oauth2): incorrect TTL override
aeneasr 2f927d0
feat(client): respect ip restrictions in client validation
aeneasr 8046a8e
feat: better control for cookie secure flag
aeneasr 656e604
fix: resolve migration regressions
aeneasr 461d76f
fix: conditionals in db-diff
aeneasr de0d10b
chore: add json1 tag to db-diff
aeneasr 53ac222
fix: add json1 tag everywhere
aeneasr ef38039
fix: use --yes flag in db-diff
aeneasr 2b8edad
feat: custom client token ttl (#3206)
grantzvolsky b79dd31
fix: handle server error when refresh token requests come same time (…
sawadashota f4a0cb5
autogen: pin v1.11.9-pre.0 release commit
aeneasr 7be5188
chore: update prettierignore
grantzvolsky af32b1f
chore: update ory/x
grantzvolsky 84cbff6
chore: delete unused code
grantzvolsky a995592
test: fix a flaky test
grantzvolsky 33468b0
chore: code review
aeneasr 4a09ab2
fix: docker instructions
aeneasr 7d02fea
test: fix resp.bodyclose lint error
grantzvolsky 59494a7
fix: cache migration status
aeneasr 0c57e96
fix: improve migration status speed
aeneasr 85a4c14
fix: prefix paths correctly with /admin
aeneasr 8eb8acd
fix: consistently use RS256 in hot reloading
aeneasr e7b60eb
fix: move to v0alpha2 api spec
aeneasr 1417dc7
fix: make servicelocator explicit
aeneasr 79de03e
feat: pass options from root
aeneasr 39b6c4e
chore: change metric name and make Go 1.19 compatible (#3223)
nipsufn 7dbf7fc
fix: remove unused swagger struct
aeneasr f35e1f8
feat: upgrade go-swagger
aeneasr e52be84
chore: update openapi-generator to 6.0.1
aeneasr abe8819
chore: regenerate SDKs
aeneasr f0119f4
fix(sdk): make session uniquely named
aeneasr 5062d54
fix: replace of consent session expires values
aeneasr bea8c4a
fix(sdk): omit DefaultSession
aeneasr 517a203
chore: regenerate SDKs
aeneasr 0a785c1
chore: address merge conflicts
aeneasr 6a34755
Rework device code for Hydra2
BuzzBumbleBee 707137a
Fix device grant migrations for hydra2
BuzzBumbleBee eb6ea87
Point go mod to buzzbumblebee downstream
BuzzBumbleBee e64d230
This adds a own login flow for the Device Auth Grant
supercairos 43c9f8c
Update go.mod & update mocks, sdk, ...
supercairos 18fef67
Merge remote-tracking branch 'github/master' into feat_dev_grants_2x
supercairos 1cb56d5
Merge branch 'feat_dev_grants_2x' into rcaire/retry-pr
supercairos 69ec9e2
Merge pull request #3 from BuzzBumbleBee/rcaire/retry-pr
BuzzBumbleBee f73f906
Merge remote-tracking branch 'github/master' into feat_dev_grants_2x
supercairos e464c9c
Use UUID for Postgres database tables for device auth grant.
supercairos 7e667df
Don't edit changelog
supercairos 6ad7962
Merge branch 'master' into feat_dev_grants_2x
supercairos 25560fe
Don't print useless informations
supercairos 5b73751
Fix documentation
supercairos 64c6e0a
Update SDK
supercairos 4060311
Add support for CockroachDB
supercairos dbfe96b
Remove "device_code" auth flow
supercairos 2967022
Fix merge error
supercairos 7772b6f
Remove unused OIDC device code factory
supercairos 07087a8
Add new provider test to validate polling interval
supercairos 1806a65
Merge branch 'master' into feat_dev_grants_2x
supercairos 93dd7f9
Update Gomod to latest fosite
supercairos 89e7669
Cleanup database migration
supercairos 534decc
Merge branch 'master' into feat_dev_grants_2x
supercairos 7807128
create-device-code-at-start
supercairos 4a627b2
Split files and do some DB optimizations
supercairos b0d56e6
fix: fix wrong comment
supercairos 6ba4187
Add network id to the device grant database;
supercairos 815b33a
Update go.mod & go.sum
supercairos a18a285
fix mysql db error
supercairos 1ba9082
Optimize database for MySQL
supercairos b92ae8c
Remove useless function
supercairos ffa6d06
Rework cleanup order to fix CI
supercairos 6e6d5d0
Merge branch 'master' into feat_dev_grants_2x
supercairos 19db45a
Rework cleanup order to fix CI
supercairos ac12fcc
Merge branch 'feat_dev_grants_2x' into device-code-rework
supercairos f13fc21
Handle errors on Device Authorize Flow
supercairos 0dead43
Add contrains for NID on Device Grant Request table
supercairos 6e7022c
Merge branch 'master' into feat_dev_grants_2x
supercairos b789517
Merge branch 'feat_dev_grants_2x' into device-code-rework
supercairos 42518d2
Fix format for linting
supercairos adf6d97
Fix format using GO 1.19
supercairos 5946f65
Merge branch 'feat_dev_grants_2x' into device-code-rework
supercairos c63f04b
Don't use inline SQL Reference, instead add them using ALTER TABLE
supercairos da4dbd4
Update go.mod & go.sum
supercairos 71c5633
Merge branch 'master' into feat_dev_grants_2x
supercairos 7795f5b
Merge branch 'master' into feat_dev_grants_2x
supercairos dbe98f0
Fix snapshot tests
supercairos 23108a5
Merge branch 'master' into feat_dev_grants_2x
supercairos 59d3f2f
fix following merge update
supercairos ec41822
Fix following csrf function signature
supercairos 1e19d49
Merge branch 'master' into feat_dev_grants_2x
supercairos f60e047
Integrate new fosite
supercairos ec01377
remove the ability to setup a custom url path for the device endpoint.
supercairos 6de6c9a
Merge branch 'master' into feat_dev_grants_2x
supercairos 12c2ea6
Merge branch 'master' into feat_dev_grants_2x
supercairos 929bbf7
Merge branch 'master' into feat_dev_grants_2x
supercairos 3372fb2
Fixup on tag 2.0.3
supercairos 5b7bb83
Merge branch '2.0.3_fix_up' into feat_dev_grants_2x
supercairos e2a8ace
Merge branch 'master' into feat_dev_grants_2x
supercairos ff3fdc9
Fix merge
supercairos 3e0388c
Merge branch 'master' into feat_dev_grants_2x
supercairos 343b053
Merge branch 'master' into feat_dev_grants_2x
supercairos 3711af2
Merge branch 'master' into feat_dev_grants_2x
supercairos 662801a
Fix test error
supercairos aed80e9
Fix tests
supercairos 25346c6
Fix tests
supercairos 44dd093
Fix route spec
supercairos b8c598a
Update struc name
supercairos d25a3a8
Update pkgs
supercairos 5191714
Merge branch 'master' into feat_dev_grants_2x
supercairos edf0738
Start working on persister tests
supercairos File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need this if we just use the user code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense now, please ignore :)
Needs tests, though ;)