3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-28 14:08:43 +02:00
Code Issues Projects Releases Packages Wiki Activity
3850 commits 174 branches 133 tags 111 MiB
Commit graph

13 commits

Author SHA1 Message Date
Caleb Doxsey
622519e901
databroker: update identity manager to use route credentials (#5728) 
## Summary
Currently when we refresh sessions we always use the global IdP
credentials. This PR updates the identity manager to use route settings
when defined.

To do this a new `idp_id` field is added to the session stored in the
databroker.

## Related issues
-
[ENG-2595](https://linear.app/pomerium/issue/ENG-2595/refresh-using-custom-idp-uses-wrong-credentials)
- https://github.com/pomerium/pomerium/issues/4759

## Checklist

- [x] reference any related issues
- [x] updated unit tests
- [x] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [x] ready for review
 2025-07-15 18:04:36 -06:00
Caleb Doxsey
a9e26b155d
identity: disable session refresh for idp token sessions, fix query cache invalidation (#5495) 2025-02-24 15:33:23 -07:00
Caleb Doxsey
36f73fa6c7
authorize: track session and service account access date (#3220) 
* session: add accessed at date

* authorize: track session and service account access times

* Revert "databroker: add support for field masks on Put (#3210)"

This reverts commit 2dc778035d.

* add test

* fix data race in test

* add deadline for update

* track dropped accesses
 2022-03-31 09:19:04 -06:00
Caleb Doxsey
9d4ebcf871
webauthn: update session to support device credentials per type (#2699) 2021-10-22 14:33:34 -06:00
Caleb Doxsey
ddccbcf631
devices: add device protobuf types (#2682) 2021-10-19 07:22:26 -06:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation (#2407) 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
 2021-07-30 08:42:36 -06:00
Caleb Doxsey
aeece76928
databroker: store issued at timestamp with session (#2173) 2021-05-04 10:09:14 -06:00
Caleb Doxsey
a6bc9f492f
authorize: move impersonation into session/service account (#1765) 
* move impersonation into session/service account

* replace frontend statik

* fix data race

* move JWT filling to separate function, break up functions

* maybe fix data race

* fix code climate issue
 2021-01-11 15:40:08 -07:00
Caleb Doxsey
93c257259e
databroker: add audience to session (#1557) 
* add audience to session

* update audience

* parse next url and add it to audience
 2020-10-27 14:22:26 -06:00
Caleb Doxsey
a85b3b04c1
store raw id token so it can be passed to the logout url (#1543) 2020-10-26 10:20:23 -06:00
Caleb Doxsey
153e438eb6
authorize: implement allowed_idp_claims (#1542) 
* add arbitrary claims to session

* add support for maps

* update flattened claims

* fix eol

* fix trailing whitespace

* fix tests
 2020-10-23 14:05:37 -06:00
Caleb Doxsey
97f85481f8
fix redirect loop, remove user/session services, remove duplicate deleted_at fields (#1162) 
* fix redirect loop, remove user/session services, remove duplicate deleted_at fields

* change loop

* reuse err variable

* wrap errors, use cookie timeout

* wrap error, duplicate if
 2020-07-30 09:41:57 -06:00
Caleb Doxsey
091b71f12e
grpc: rename internal/grpc to pkg/grpc (#1010) 
* grpc: rename internal/grpc to pkg/grpc

* don't ignore pkg dir

* remove debug line
 2020-06-26 09:17:02 -06:00
Renamed from internal/grpc/session/session.proto (Browse further)