- Set focus to password field when login_hint is given
- Fix missing validator import when login_hint is given
- Add login hint support
- Add legacy support via plugin
- Allow client redirect URI with only a scheme
- Bump braces from 3.0.2 to 3.0.3 in /identifier
- Bump path-to-regexp from 1.8.0 to 1.9.0 in /identifier
- Bump ws from 8.14.2 to 8.17.1 in /identifier
- Bump rollup from 2.79.1 to 2.79.2 in /identifier
- Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1
- Keep extra backend provided id and access token claims on refresh
- Return id token when grant type is refresh token
- Implement refresh and revoke for lg identifier backend session
- Pass real src ip and user agent to lg identifier backend
- Fix variable shadowing making error checks ineffective
- Bump semver from 5.7.1 to 5.7.2 in /identifier
- Ignore js license ranger border check warnings
- Fix js license ranger for new source-map-explorer
- Bump source-map-explorer to 2.5.3 in /identifier
- Update linter CI version
- Fix access token sid claim when provided via lg backend
- Bump google.golang.org/protobuf from 1.30.0 to 1.33.0
- Bump github.com/rs/cors from 1.10.1 to 1.11.1
- Add password visibility icon in login dialog
- Bump github.com/spf13/cobra from 1.7.0 to 1.8.1
- Remove :443 from Host header for secure referrer/origin check
- Allow authorize requests wihout openid scope
- Bump github.com/gorilla/schema from 1.2.0 to 1.4.1
- Update golangci-lint config
- Bump go-jose to latest backwards compatible release
- Bump golang.org/x/net from 0.17.0 to 0.24.0
- enhancement: enhance Security by Allowing Same-Site Cookie Value Modification
- Bump ip from 2.0.0 to 2.0.1 in /identifier
- Limit oidc check session iframe postMessage hook scope
- Bump vite from 4.5.0 to 4.5.2 in /identifier
- Bump follow-redirects from 1.14.8 to 1.15.4 in /identifier
- Bump golang.org/x/crypto from 0.14.0 to 0.17.0
- Fix branding settings cache usage
- Bump github.com/rs/cors from 1.9.0 to 1.10.1
- Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.3
- Bump Node in CI to 18
- Improve visuals of login form fields
- Migrate from react-scripts to vite
- Update 3rd-party Javascript dependencies
- Bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.6
- Bump golang.org/x/net from 0.10.0 to 0.17.0
- Bump github.com/crewjam/saml from 0.4.13 to 0.4.14
- Increase golangci-lint timeout to 2 minutes
- Escape LDAP filter values when constructing filters
- Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1
- LDAP Attributetypes are case-insensitive
- Bump github.com/beevik/etree from 1.1.0 to 1.2.0
- Bump golang.org/x/crypto from 0.0.0-20220622213112-05595931fe9d to 0.9.0
- Bump golang.org/x/oauth2 from 0.5.0 to 0.8.0
- Bump identifier third party dependencies
- Support Node 17 or higher for development
- Bump caniuse-lite to latest version
- Bump github.com/spf13/cobra from 1.5.0 to 1.7.0
- Bump golang.org/x/time from 0.0.0-20220224211638-0e9765cccd65 to 0.3.0
- Bump golang.org/x/net from 0.8.0 to 0.10.0
- Bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2
- Bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.4
- Bump github.com/russellhaering/goxmldsig from 1.2.0 to 1.4.0
- Bump github.com/rs/cors from 1.8.2 to 1.9.0
- Bump github.com/prometheus/client_golang from 1.13.0 to 1.15.1
- Bump github.com/golang-jwt/jwt/v4 from 4.4.3 to 4.5.0
- Bump github.com/gofrs/uuid from 4.2.0+incompatible to 4.4.0+incompatible
- Bump github.com/crewjam/saml from 0.4.10 to 0.4.13
- Bump golang.org/x/net from 0.0.0-20220624214902-1bab6f366d9e to 0.8.0
- Bump golang.org/x/text from 0.3.7 to 0.3.8
- Pull survey client dependency from Github
- Bump loader-utils from 2.0.0 to 2.0.4 in /identifier
- Bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.3
- Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
- Bump github.com/crewjam/saml from 0.4.6 to 0.4.10
- Update oidc and rndm external dependencies
- Bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1
- Bump @xmldom/xmldom from 0.8.2 to 0.8.5 in /identifier
- Fix a bunch of eslint warnings
- Bump identifier third party dependencies
- Bump caniuse-lite to latest version
- Update rndm to 1.1.2
- Switch CI pipeline to Go 1.18
- Increase state cookie duration to 10 minutes
- Properly handle prompt select_account and consent for external oidc
- Update transient go dependencies
- Use error wrapping in oauth2 callback propertly
- Add short instructions for libregraph backend
- Remove obsolete dummy backend
- Remove obsolete cookie backend
- Remove kc backend
- Bump github.com/prometheus/client_golang from 1.12.1 to 1.13.0
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0
- Implement code flow for external OIDC authorities
- Don't enforce prompt=None for external OIDC auth
- Fix development server listner and proxy address
- Ensure to commit Yarn 2 config
- Add missing build dependencies
- Allow build to succeed in CI even with eslint warnings
- Fetch identifier vendor dependencies in vendor CI step
- Make Go linter errors non-fatal
- Add build CI
- Add dependabot config
- Upgrade to Yarn 2
- Use Yarn 2
- Allow backends to set top level ID token claims
- Support loading validators from PEM encoded certificates
- Fix parsing of JWKS in authorities registration YAML
- Fix HTTP2 support for libregraph backend connections
- Update oidc-go to v0.3.4
- Retain issuer subpath when computing well-known configuration URI
- Bump all internal Python scripts to run with Python 3
- Add support for implicit scopes for server registered clients
- Update to current browserlist database
- Bump to require Go 1.18
- Update dependencies and move to different uuid package
- Interpolate identifier error message translations correctly
- Bump follow-redirects from 1.14.4 to 1.14.8 in /identifier
- Bump github.com/crewjam/saml to v0.4.6
- Server Servername on TLS config
- Allow to set a CA certificate for LDAPS connections
- Use LibreGraph branded names when generating 3rd-party license overview
- Update JavaScript license ranger to latest version
- Add identifier i18n via ietf code to support Chinese better
- Add cookie support for identifier locale selection
- Allow i18n Makefile to operate on individual po files
- Update German translation
- Add support to limit the available identifier web app locales
- Improve i18n of identifier web app
- Bring back translations for German, French and Dutch
- Update README to reflect LibreGraph
- Update third party dependencies
- Bring back i18n for identifier web app
- Use fixed translation ids for error messages
- Avoid adding state twice to endsession callback URL query
- Enable dependabot for Go modules
- Injecty identifier identity into context in token requests
- Fix panic when client request has no client_id
- Do not show sign-in screen when prompt=none when no user
- Add support for sessions when using the libregraph identifier backend
- Blacklist other selective scopes for multiple libregraph backend support
- Add scope based backend selection for libregraph identity backend
- Remove auth pass through from request headers
- Support accountEnabled property in libregraph identifier backend
- Add support for identifier backends to expand the requested scopes
- Add support to extend authorized scopes from backend
- Update 3rd-party direct and transitive dependencies
- Ensure user data is refreshed on token creation
- Use lico specific unique salt for sub values
- Simplify and unify built-in scopes and access/refresh token claims
- Add support for top level at claims via in libregraph identifier backend
- Retain received branding even on hello updates, until hello reset
- Ensure that app-icon.svg gets built with Makefile
- Add support for open extensions in libregraph identifier backend
- Migrate dgrijalva/jwt-go to golang-jwt/jwt-go
- Switch HTTP client default User-Agent to LibreGraph Connect
- Inject additional HTTP request headers into libregraph backend requests
- Implement generic libregraph backend
- Also make the identifier backends plugable
- Make bootstrap of backend plugabble
- Add support for visual branding of identifier
- Replace Kopano logo with general app icon
- Refactor translations, English only for now
- Improve style of back buttons after style changes
- Remove more Kopano CI, replace with generic UI and styles
- Migrate more stuff away from konnect naming to lico naming
- Modernize 3rd-party dependencies and remove kpop
- Update 3rd-party identifier webapp dependencies
- Use actually working caddy configuration in example
- Update 3rd-party Go dependencies to their latest
- Build with Go 1.17
- Remove obsolete Jenkinsfile
- Apply LibreGraph naming treewide
- Correct Docker based build example
- Fix broken client registration unit test initialization
- Allow 127.0.0.1 and [::1] redirect_uris for native clients
- Allow redirect_uris without path for native clients
- Allow configuration of expiration of dynamic client_secret values
- Update dependencies in Dockerfile.release
- Validate XML before SAML processing
- Fix processing for prompt select_account with consent
- Improve checks for Basic auth data in token requests
- Build with Go 1.14.10
- enhance description
- Add uri_base_path to binscript and config file
- Catch potential errors when parsing own styles
- Generate random endsession state for external authority
- Update dependencies in Dockerfile
- Set prompt=None to avoid loops with external authority
- v0.33.6
- Update Jenkins reporting plugin from checkstyle to recordIssues
- Remove extra kty key from JWKS top level document
- Fix regression which encodes URL fragments twice
- Update Docker dependencies
- Avoid generating fragmet/query URLs with wrong order
- Return state for oidc endsession response redirects
- Build with Go 1.14.4
- Use server provided username to avoid case mismatch
- Use signed-out-uri if set as fallback for goodbye redirect on saml slo
- Add checks to ensure post_logout_redirect_uri is not empty
- Fix SAML2 logout request parsing
- Cure panic when no state is found in saml esr
- Use SAML IdP Issuer value from meta data entityID
- Allow configuration of expiration of oidc access, id and refresh tokens
- Implement trampolin for external OIDC authority end session
- Update to latest Alpine release
- Update ca-certificates version
- Implement delegation of end session to external authority
- Improve names of temporary state and consent cookies
- Use correct path when removing state cookies
- Store identified user external authority ID in session data
- Implement redirect binding slo response
- Relax linter to let more warning pass
- Implement validation for IdP initiated SLO requests
- Add support for expiration and session id for external authorities
- Fix wrong error message when there was no error
- Add additional TODO markers for SAML external authority
- Improve logging when using external SAML authority
- Retry SAML initialize on error
- Improve OIDC endsession endpoint handler when without token hint
- Implement support for SAML IdP slo
- Fail early when SAML2 authority fails to resolve user from backend
- Apply user mapping when resolving users from LDAP backend
- Update 3rd party dependencies
- Update license ranger and generate 3rd party licenses from vendor folder
- Add SAML2 external authority example config
- Update linter in CI to latest version so it works with Go 1.14
- Implement SAML2 external authority support
- Prepare external authority support for different authority types
- Update and deduplicate external dependencies
- Ensure identifier client index.html is actually loaded
- Build with Go 1.14
- Merge branch 'IljaN-make-identifier-webapp-optional'
- Add disable-identifier-webapp option
- Migrate konnect identifier to newly introduced theme.spacing api
- Detect browser state change issues
- Add fulllint helper to lint from the start
- Update 3rd party Go dependencies
- Update javascript 3rd party dependencies
- Reorganize component folder structure
- Remove webkit autofill hack
- Update license parser to support esm sub modules
- Reorganize identifier webapp
- Update c-r-a, kpop and dependencies
- Clean up linter warnings
- Merge branch 'embedding' of https://github.com/IljaN/konnect
- Merge branch 'bugfix/dynamic-port-redirect-native-clients' of https://github.com/DeepDiver1975/konnect
- Make konnect usable as library
- Only lint changes, to increase visibility of newly introduced issues
- Allow dynamic ports in redirect uri for native clients
- Add build arg for explict version selection for Docker build
- Update third party dependencies
- Fix unhandled error
- Log initialiation error when external auth fails to initialize
- Fix spelling mistakes
- Update oidc-go to fix pkce Base64URL padding
- Update third party modules
- Update kcc-go to v5
- Relax linting requirement
- Update dependencies to their latest minor releases
- Update 3rd party dependencies
- Use Go modules instead of Go dep
- Set SameSite=None for all cookies
- Build with Go 1.13.4
- Strip issuer subpath for OIDC url endpoints
- Force prompt=none for sencodary authorize after external authority auth
- Avoid error when identifier backend resolve cannot find a user
- Update curl to fix building of container image
- Build with Go 1.13.3
- Fix cookie backend claims context
- Ensure BASE in fmt and check targets
- Add a list of technologies used
- Build with Go 1.13.1
- Update Docker entrypoint for metrics listener
- Expose metrics port for Docker containers
- Build with Go 1.13 and update minimal Go version to 1.13
- Add usage survey block to README
- Add automatic survey reporting
- Add basic metrics
- Merge pull request #112 in KC/konnect from ~GITCOMMIT/konnect:master to master
- Enable Icelandic translation, and avoid loading untranslated catalogs
- Update kpop to 0.24.5
- Translated using Weblate (Icelandic)
- Add args to changelog target
- Update kpop to 0.20.4
- Update list of enabled languages
- Add Hindi
- rename language
- Translated using Weblate (Dutch)
- Translated using Weblate (Russian)
- Translated using Weblate (Norwegian Bokmål)
- Translated using Weblate (French)
- Translated using Weblate (Portuguese (Portugal))
- Translated using Weblate (Portuguese (Portugal))
- Translated using Weblate (Norwegian Bokmål)
- Translated using Weblate (Russian)
- Cleanup Dockerfile
- Fixup headlines
- Update dep to v0.5.4
- Update kcc-go and dependencies
- Add healthcheck success output
- Update Dockerfiles for best practices
- Avoid trying to load a key with empty filename
- Add healthcheck sub command
- Bump diff from 3.4.0 to 3.5.0 in /identifier
- Handle redirect_uri parse error in client registration
- Update kcc-go to 4.0.0 (and dependencies)
- Use Apache-2.0 license
- Deduplicate yarn.lock
- Bump handlebars from 4.0.11 to 4.1.2 in /identifier
- Bump clean-css from 4.1.9 to 4.1.11 in /identifier
- Bump axios from 0.16.2 to 0.18.1 in /identifier
- Bump sshpk from 1.13.1 to 1.16.1 in /identifier
- Avoid breaking on startup when starting with empty scopes definitions
- Fix a problem where welcome page would not display
- Avoid remove of empty keyframes for autoFill detection
- Properly detect Chrome auto fill in login form fields
- Use correct dep download URL
- Ensure JSON translations are not empty on fresh build
- Build with Go 1.12 and use latest dep tool
- Update js license ranger to include notices
- Optimize use of visual white space
- Update kpop and migrage typography to new variants
- Enable nl and ru languages in production build
- Translated using Weblate (Dutch)
- Rebuild translation catalogs
- Add stats target for i18n
- Rebuild translations and translate to German
- Make it possible to translate built in scope descriptions
- Always allow merge to run
- Add language selector
- Only leave actually translated languages enabled in production builds
- Merge translation files and fix German typos
- Update kpop
- Correctly register pt-PT
- Update kpop and react-scripts
- Slightly imporve Material-UI styles
- Update react-router to 5.0.0
- Update Material-UI dependency to latest
- Update React to 18.8.6
- Do not start browser when in dev mode
- Replace PATH_PREFIX with sane value in dev mode
- Change license to Apache License 2.0
- Add origins key to web client examples
- Add hint that Konnect has learned to load JSON Web Keys
- Update external Kopano dependencies
- Include NOTICE files in 3rdparty-LICENSES.md
- Log default OIDC provider signing details
- Implement support for EdDSA keys
- Fix typos
- Add TLS client auth support for kc backend
- Setup kcc default HTTP client
- Unify HTTP client settings and setup
- Add support to set URI base path
- Translated using Weblate (Portuguese (Portugal))
- Translated using Weblate (Norwegian Bokmål)
- Translated using Weblate (Russian)
- Update Go dependencies
- Add threadsafe authority discovery support
- Only log unhandled inner identity manager errors
- Only compare hostname (not the port) for native clients
- Only enable default external authority
- Fixup yaml config
- Set RSA-PSS salt length for all RSA-PSS JWT algs always
- Add OAuth2 RP support to identifier
- Add examples for remove debugging and IDE
- Ignore debug build results
- Ignore .vscode for people using it
- Integrate Delve debugger support via
make dlv
- Use Go report card batch
- Add Go report card
- Add godoc entry point with import annotation
- Improve docs, mark cookie backend as testing only
- Add reference for OpenID Connect dynamic client registration spec
- Add dynamic client registration configuration support
- Validate client secrets of dynamically registered clients
- Add commandline parameter to allow dynamic client registration
- Use prefix to identitfy dynamic clients ids
- Properly pass on claims scopes on auth redirect
- Implement OpenID Connect Dynamic Client Registration 1.0
- Add cross references to implemented standards
- Add support for preferred_username claim
- Implement PKCE code challenges as defined in RFC 7636
- Add support for konnect/id scope with LDAP backends
- Make LDAP subject source configurable
- Improve DN to sub conversion to clarify code
- Fix up --use parameter in jwk-from-pem util
- update Alpine base
- Show details and print OK for make check
- Add client guest flag to configuration and bin script
- Include registration and scopes yaml examples in dist tarball
- Make OIDC authorize session available early
- Add utils sub command for pem2jwk conversion
- Correct some spelling errors in configuration comments
- Support trust for trusted clients using guest identity
- Support trusted client scopes in secure oidc request
- Bring back mandatory identity claims for ldap identifier backend
- Allow startup without guest manager
- Allow empty user claims in identifier
- Cleanup identifier logon claims and comments
- Bump base copyright years to 2019
- Build with Node 10
- Migrate from Glide to Dep
- Use blake2b implementation from golang.org/x/crypto
- Konnect now requires Go 1.10
- Add sanity checks for user entry IDs
- Support internal claims for identifier backends
- Add multi server support for kc backend
- Add support to return request provided claims in ID token and userinfo
- Add possibility to pass thru claims from request to tokens
- Add request claims as authorized claims for all managers
- Add jti claim to access and refresh tokens
- Add OIDC endsession support for guest users via session
- Support guest users via signed claims authorize request
- Add OIDC invalid_request_object error and use accordingly
- Add support for the auth_time OIDC claim request
- Add validation for the sub requested claim
- OIDC authorize claims parameter support (1/2)
- OIDC authorize claims parameter support (1/2)
- Add support for client jwks in client registartion
- Implement support for request objects with OIDC authorize
- Always offer all supported ID token signing alg values
- Fix startup problem without scopes conf
- Extend identifier API docs by added fields of hello response
- Report and allow scopes which are configured in scopes conf
- Add new scopes configuration file to config and bin script
- Add scopes.yaml configuration file
- Move scope meta data to backend
- Consolidate publicate scope definition
- Log correct error after SSOLogon response
- docs: Add OpenAPI 3 specification for the Konnect Identifier REST API
- Translated using Weblate (German)
- build: Fetch and include identifier 3rd party licenses in dist
- Use Go 1.11 in Jenkins
- identifier: Full German translation
- Add a bunch of languages for translation
- Fixup gofmt
- identifier: Add i18n support for dynamic error messages
- identifier: Add i18n for identifier web app
- identifier: Add gear for i18n
- identifier: Make identifier screens responsive
- Remove docs not relevant for konnect
- Use archiveArtifacts instead of deprecated archive step
- Use golint from new location
- identifier: Allow unset of logon cookie without user
- ldap: Compare LDAP attributes case insensitive
- Update build checks
- Update yarn.lock
- scripts: Reverse signing_kid check
- scripts: Ensure correct owner when creating paths
- Remove obsolete use of external environment files
- Fix possible race in session cleanup
- Refuse to start with low exponent RSA keys in RS signing mode
- Use RSA-PSS (PS256) as JWT alg by default
- oidc: Use correct Salt length with RSA-PSS signatures
- oidc, identifier: Use kcoidc auth to kc for kc sessions
- oidc: Allow change of signing method
- oidc: Allow additional validations keys
- Integrate kc session support to docs and scripts
- identifier: Add configuration for kc session timeout
- identifier, oidc: Add support for backend identity provider sessions
- Update svg syntax
- identifier: Set random NONCE in CSP and HTML
- Add missing session API endpoint to Caddyfile examples
- smaller typo corrections
- Fix end session endpoint subject verify
- Remove forgotten debug
- oidc: Make subject URL safe by default
- identifier: Update react-scripts to 1.1.5
- oidc: Implement
sid
ID Token claim - oidc: Implement browser state and session state
- Increase no-file limit to infinite
- identifier: Use new favicon built from svg
- identifier: Update to kpop 0.9.2 and dependencies
- provider: Ensure to verify authentication request
- Add setup subcommand to binscript
- Include scripts in dist tarball
- Run Jenkins with Go 1.10
- Add log-level to config and avoid double timestamp for systemd
- Add commandline args for log output control
- Add systemd unit with runner script and config
- Move rkt exaples to README
- identifier: Add some TODO comments
- oidc: Add support for additional claims in ID Token
- oidc: Return scope value with authorize response
- oidc: Add support for additional userinfo claims
- oidc: Add support for url-safe sub via scope
- Remove redux debug logging from production builds
- Use PureComponent in base app
- Update to kpop 0.5 and Material-UI 1
- identifier: Add text labels for new scopes
- Implement scope limitation
- Remove debug
- Cleanup scope structs
- oidc: Add all claims to context
- Add checks and consent to end session support
- Allow configuration of client secrets
- Implement endsession endpoint
- identifier: Fix undefined link in consent screen
- identifier: Update style to kpop and kopanoBlue
- identifier: Remove tap plugin
- identifier: Use kpop components
- identifier: Add autoComplete attribute to login
- identifier: Add build version information and favicon
- identifier: Bump React and Material-UI versions
- Add identifier-registration parameter to services
- provider: Support redirect_uri values with query
- identifier: Use correct no_uid_auth flag for logon to kc
- docker: Allow Docker to switch user at runtime
- docker: Make it possible to load secrets from custom location
- identifier: Use no_uid_auth flag for logon to kc
- Remove forgotten debug logging
- Docker: Support additional ARGS via environment
- Add hints for unix user required for kc backend
- Fix Docker examples so they actually work
- server: Disable HTTP request log by default
- Add instructions for client registry conf
- identifier: Add Client registry and validation
- fix link to openid spec
- Use port 3001 for development
- Update build parameters for Go 1.10 compatibility
- Update README to include Docker and dependencies
- Update to Go 1.9 and Glide 0.13.1
- Add 3rd party license information
- Never fail on junit in post state
- Do not run lint on normal build
- Fixed a typo (Konano > Kopano)
- provider: Allow the OAuth2 token flow
- identifier: Fix select_account mode
- Update release download link
- Fill default parameters for cookie backend
- Add Dockerfile.release
- Add Dockerfile
- identifier: Use properties to retrieve userdata
- fix typo on readme
- identifier: Implement family_name and given_name
- identifier: Add UUID decode support to ldap uuid
- identifier: LDAP descriptors are case insensitive
- identifier: Implement uuid attribute support
- identifier: Clean data from store on logoff
- identifier: add overlay support with message
- identifier: use augmenting teamwork background only
- identifier: Update background to augmenting teamwork
- identifier: Properlu handle LDAP search not found
- identifier: Properly handle LDAP bootstrap errors
- Refactor bootstrap/launch code
- Add support for auth_time claim in ID Token
- Update example scripts to use the new parameters
- Remove --insecure parameter from examples
- Remove double claim validation
- identifier: Remove re-logon without password
- Add support to load PKCS#8 keys
- Load all keys from file
- Add support for trusted proxies
- identifier: Store logon time and validate max age
- identifier: Add LDAP rate limiter
- identifier: Implement LDAP backend
- Add comments about authorized scopes
- Make older golint happy
- Update README
- Fix whitespace in Caddyfiles
- Identifier: use SYSTEM as KC username default
- Update Caddyfile to be a real example
- Use unpadded Base64URL encoding for left-most hash
- Update docs to reflect plugin
- Add API overview graph
- Disable service worker
- Integrate redux into service worker
- Fix URLs extrated from CSS
- Remove v prefix from version number
- Bump up Loading a litte so it fits on low height screens better
- Use inline blurred svg thumbnail background
- Use webpack with code splitting
- Fix support for service worker fetching index.html
- Report additional supported scopes
- Allow CORS for discovery docs
- Build identifier webapp by default
- Include idenfier webapp in dist
- Fixup systemd service
- Add Makefile for identifier client
- Update rkt builder and services for kc backend
- Add implicit trust for clients on the iss URI
- Fixup identifier HTML page server routes
- Add secure default CSP to HTML handler
- Fixup: loading is now a string, no longer bool
- Handle offline_access scope filtering
- Add support to show multiple scopes
- Use redirect as component
- Allow identifier users to be included in tokens
- Split up stuff into multiple files
- Use unique component class names
- Allow identifier users to be included in tokens
- Add some hardcoded clients for testing
- Reset errors and loading from choose to login
- Set prompt=none when identifier is done
- Fix prompt=login login
- Implement proper loading state for consent ui
- Implement consent cancel
- Properly retrieve and pass through displayName
- Only show account selector when prompt requests it
- WIP: implement consent via direct identifier flows
- Only allow continue= values which begin with location.origin
- Update README for backends
- Ignore no-cookie error
- Add support for Firefox
- Implement welcome screen and logoff ui
- Set Referer-Policy header
- Split up the monster
- Move hardcoded defaults to config
- Add logoff API endpoint
- Add cookie checks for logon and hello
- Fix linter errors and unit tests
- Move general code to utils
- Implement identifier and kc backend
- Move config to seperate package
- Ignore /examples folder
- Merge pull request #6 in KC/konnect from ~SEISENMANN/konnect:longsleep-jenkinsfile to master
- Add Jenkinsfile
- Add aci builder and systemd service
- Add docs abourt key and secret parameter
- Fix README to use correct bin location
- Merge pull request #5 in KC/konnect from ~SEISENMANN/konnect:longsleep-kw-sign-in to master
- Add support for KW sign-in form
- Merge pull request #4 in KC/konnect from ~SEISENMANN/konnect:longsleep-use-lowercase-cmdline-params to master
- Use only lower case commandline arguments
- Merge pull request #3 in KC/konnect from ~SEISENMANN/konnect:longsleep-use-external-rndm to master
- Use rndm from external module
- Build static without cgo by default
- Add Makefile
- Use seperate listener, add log message when listening started
- Put local imports last
- Use build date in version command
- Add X-Forwarded-Prefix to Caddyfile
- Merge pull request #2 in KC/konnect from ~SEISENMANN/konnect:longsleep-caddyfile to master
- Add example Caddyfile
- Move random helpers to own subpackage
- Merge pull request #3 in ~SEISENMANN/konnect from longsleep-konnect-id-scope to master
- Implement konnect/id scope
- Update dependencies
- Enable code flows in discovery document
- Support --secret parameter value as hex
- Update README with newly added parameters
- Support identity claims in refresh tokens
- Merge pull request #1 in ~SEISENMANN/konnect from longsleep-encrypt-cookies-in-at to master
- Add encryption manager
- Use nacl.secretbox for cookies encryption
- Prepare encryption of cookies value in at
- Move refresh token implementation to konnect
- Move kc claims to konnect package
- Remove obsolete OPTION handler
- Add support for insecure TLS client connections
- Fix typo in example users - sorry Ford, i thought you were perfect
- Add option to limit cookie pass through to know names
- Store cookie value in access token
- Add jwks.json endpoint
- Use subject as user id identifier everywhere
- Add userinfo endpoint with cors
- Add token endpoint with cors
- Implement code flow support
- Use cookies and users compatible with minioidc
- Add support for sub path reverse proxy mode
- Add Python and YAML to .editorconfig
- Add cookie backend support
- Add cookie identity manager
- Add more commandline flags
- Add key loading
- Add unit tests for provider
- Remove forgotten debug
- Refactor server launch code
- Prepare serve code refactorization
- Simplify
- Add dummy user backend for testing
- Add .well-known discovery endpoint
- Add OIDC basic implementation including authorize endpoint
- Add references to other implementations
- Use glide helper for unit tests
- Add health-check handler with unit tests
- Add minimal README, tl;dr only for now
- Add vendoring and dependency locks with Glide
- Add initial server stub with commandline flags, logger and version
- Initial commit