3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 03:16:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 158 branches 125 tags 103 MiB
Commit graph

12 commits

Author SHA1 Message Date
Kenneth Jenkins
fe46ed33f4
config: no longer stub out HPKE public key fetch (#4853) 
This partially reverts commit a1388592d8.

Fetching the authenticate service HPKE public key is required only for 
the stateless authentication flow. Now that Pomerium will instead use 
the older (stateful) authentication flow when configured for a
self-hosted authenticate service, this logic shouldn't be needed at all.

Removing this logic should also make it easier to test against a local
instance of the hosted authenticate service.
 2023-12-12 09:57:58 -08:00
Caleb Doxsey
a29476f61e
core/hpke: reduce memory usage from zstd (#4650) 
* core/hpke: reduce memory usage from zstd

* use default compression, use default concurrency
 2023-10-31 10:24:56 -06:00
Kenneth Jenkins
a1388592d8
stub out HPKE public key fetch for self-hosted authenticate (#4360) 
Fetch the HPKE public key only when configured to use the hosted
authenticate service. Determine whether we are using the hosted
authenticate service by comparing the resolved authenticate domain with
a hard-coded list of hosted authenticate domains.

Extract this list of hosted authenticate domains to the internal/urlutil
package in order to keep a single source of truth for this data.
 2023-07-13 10:04:34 -07:00
Caleb Doxsey
facf9ab093
hpke: compress query string (#4147) 
* hpke: compress query string

* only use v2 in authenticate if v2 was used for the initial request

* fix comment
 2023-05-02 14:12:34 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Denis Mishin
ccf15f8f3d
move hpke public key handler out of internal (#4065) 2023-03-20 10:37:00 -04:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
Denis Mishin
a49f86d023
use tlsClientConfig instead of custom dialer (#3830) 
* use tlsClientConfig instead of custom dialer

* rm debug log
 2022-12-27 09:55:36 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
ba07afc245
hpke: add HPKE key to JWKS endpoint (#3762) 
* hpke: add HPKE key to JWKS endpoint

* fix test, add http caching headers

* fix error message

* use pointers
 2022-11-23 08:45:59 -07:00
Caleb Doxsey
9e5eaa92c2
hpke: add hpke package (#3761) 
* hpke: add hpke package

* Update pkg/hpke/url.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update pkg/hpke/url.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update pkg/hpke/url.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* gofmt

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:39:41 -07:00