3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
3719 commits 156 branches 125 tags 103 MiB
Commit graph

40 commits

Author SHA1 Message Date
Joe Kralicky
396c35b6b4
New tracing system (#5388) 
* update tracing config definitions

* new tracing system

* performance improvements

* only configure tracing in envoy if it is enabled in pomerium

* [tracing] refactor to use custom extension for trace id editing (#5420)

refactor to use custom extension for trace id editing

* set default tracing sample rate to 1.0

* fix proxy service http middleware

* improve some existing auth related traces

* test fixes

* bump envoyproxy/go-control-plane

* code cleanup

* test fixes

* Fix missing spans for well-known endpoints

* import extension apis from pomerium/envoy-custom
 2025-01-21 13:26:32 -05:00
Joe Kralicky
fe31799eb5
Fix many instances of contexts and loggers not being propagated (#5340) 
This also replaces instances where we manually write "return ctx.Err()"
with "return context.Cause(ctx)" which is functionally identical, but
will also correctly propagate cause errors if present.
 2024-10-25 14:50:56 -04:00
Caleb Doxsey
d225288ab3
core/identity: dynamic authenticator registration (#5105) 2024-05-07 16:45:39 -06:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
Kenneth Jenkins
5ccd7a520a
support both stateful and stateless authenticate (#4765) 
Update the initialization logic for the authenticate, authorize, and
proxy services to automatically select between the stateful
authentication flow and the stateless authentication flow, depending on
whether Pomerium is configured to use the hosted authenticate service.

Add a unit test case to verify that the sign_out handler does not 
trigger a sign in redirect.
 2023-12-07 14:24:13 -08:00
Kenneth Jenkins
b7896b3153
authenticateflow: move stateless flow logic (#4820) 
Consolidate all logic specific to the stateless authenticate flow into a
a new Stateless type in a new package internal/authenticateflow. This is
in preparation for adding a new Stateful type implementing the older
stateful authenticate flow (from Pomerium v0.20 and previous).

This change is intended as a pure refactoring of existing logic, with no
changes in functionality.
 2023-12-06 16:55:57 -08:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
3f2a3d6f23
authenticate: save the session cookie with a different name (#3978) 2023-02-16 08:52:18 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
539fd51579
authenticate: remove databroker dependency (#3820) 2022-12-17 09:03:46 -07:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
c1a522cd82
proxy: add userinfo and webauthn endpoints (#3755) 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:26:35 -07:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
30bdae3d9e
sessions: check idp id to detect provider changes to force session invalidation (#3707) 
* sessions: check idp id to detect provider changes to force session invalidation

* remove dead code

* fix test
 2022-10-25 16:20:32 -06:00
Caleb Doxsey
75634dfca2
authenticate: remove ecjson (#3688) 2022-10-20 10:37:21 -06:00
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
86625a4ddb
config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453) 2022-06-29 10:44:08 -06:00
Caleb Doxsey
38c7089642
userinfo: fix logout button, add sign out confirm page (#3058) 
* userinfo: fix logout button, add sign out confirm page

* fix test
 2022-02-23 08:15:00 -07:00
Caleb Doxsey
a8b76bd623
authorize: support X-Pomerium-Authorization in addition to Authorization (#2780) 
* authorize: support X-Pomerium-Authorization in addition to Authorization

* tangentental correction

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-11-29 12:19:14 -07:00
Caleb Doxsey
1162585471
authenticate: add support for webauthn (#2688) 
* authenticate: add support for webauthn

* remove rfc4648 library due to missing LICENSE

* fix test

* put state function in separate function
 2021-10-20 13:18:34 -06:00
Caleb Doxsey
33f5190572
config: remove signature_key_algorithm (#2557) 
* config: remove signature_key_algorithm

* typo

* add more tests
 2021-09-02 11:36:43 -06:00
Caleb Doxsey
f5a558d4a0
grpc: disable gRPC connection re-use across services (#2515) 2021-08-24 11:47:16 -06:00
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
Caleb Doxsey
f9675f61cc
deps: upgrade to go-jose v3 (#2284) 2021-06-10 09:35:44 -06:00
bobby
51655a5502
Revert "authenticate,proxy: add same site lax to cookies (#2159)" (#2203) 
This reverts commit d9cc26a2e0.
 2021-05-14 15:36:05 -07:00
Caleb Doxsey
d9cc26a2e0
authenticate,proxy: add same site lax to cookies (#2159) 2021-04-30 10:24:47 -06:00
Caleb Doxsey
0adbf4f24c
controlplane: save configuration events to databroker (#2153) 
* envoy: save events to databroker

* controlplane: add tests for envoy configuration events

* format imports
 2021-04-29 15:51:46 -06:00
Caleb Doxsey
b1d62bb541
config: remove validate side effects (#2109) 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
Caleb Doxsey
6d1d2bec54
crypto: use actual bytes of shared secret, not the base64 encoded representation (#2075) 
* crypto: use actual bytes of shared secret, not the base64 encoded representation

* return errors

* return errors
 2021-04-08 20:04:01 -06:00
Caleb Doxsey
e2ebef44ef
telemetry: add installation id (#2017) 
* telemetry: add installation id

* set installation id globally

* remove unneeded changes
 2021-03-24 07:22:54 -06:00
Caleb Doxsey
3690a32855
config: use getters for authenticate, signout and forward auth urls (#2000) 2021-03-19 14:49:25 -06:00
Caleb Doxsey
664358dfad
config: multiple endpoints for authorize and databroker (#1957) 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
b7f0242090
authorize: remove admin (#1833) 
* authorize: remove admin

* regen rego

* add note to upgrading
 2021-02-01 15:22:02 -07:00
Caleb Doxsey
b16236496b
jws: remove issuer (#1754) 2021-01-11 07:57:54 -07:00
bobby
5bbd745934
authorize: add signature algo support (RSA / EdDSA) (#1631) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 17:14:41 -08:00
bobby
f719d885b7
authenticate: remove unused paths, generate cipher at startup, remove qp store (#1495) 
* authenticate: remove unused paths, generate cipher on boot

- internal/httputil: add JSON renderer
- internal/httputil: remove unused query param store and references

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-19 08:09:53 -07:00
Caleb Doxsey
eb79cc0957
databroker: require JWT for access (#1503) 2020-10-09 11:08:40 -06:00
Caleb Doxsey
aa731ae068
directory: add explicit RefreshUser endpoint for faster sync (#1460) 
* directory: add explicit RefreshUser endpoint for faster sync

* add test

* implement azure

* update api call

* add test for azure User

* implement github

* implement AccessToken, gitlab

* implement okta

* implement onelogin

* fix test

* fix inconsistent test

* implement auth0
 2020-10-05 08:23:15 -06:00
Caleb Doxsey
882b6b54ee
authenticate: move databroker connection to state (#1292) 
* authenticate: move databroker connection to state

* re-use err

* just return

* remove nil checks
 2020-08-18 09:33:43 -06:00
Caleb Doxsey
d608526998
authenticate: move properties to atomically updated state (#1277) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct
 2020-08-14 07:53:11 -06:00