aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2
AgeCommit message (Collapse)Author
2024-11-04Add debug logging: Figure out how keys are loaded on production.Frederick Muriuki Muriithi
2024-10-09Update application's allowed scopesFrederick Muriuki Muriithi
The `register-client` and `migrate-data` scopes are not supported for end-user clients.
2024-10-09Pass the scope from the token, not applicationFrederick Muriuki Muriithi
There are at times when a token's scope could be attenuated for whatever reason from the full scope allowed to the application. In those instances, it is necessary to use the token's scope rather than the full scope.
2024-09-23Add method to clear redirect url from session.Alexander_Kabui
2024-09-18Refactor: drop __clear_session__ function.Alexander_Kabui
2024-09-18Refactor: try to build endpoint with get request.Alexander_Kabui
If BuildError is raised default to "/"
2024-09-18fix minor issue for setting redirect url.Alexander_Kabui
2024-09-18feat(auth): implement redirect to login page and save current endpoint to ↵Alexander_Kabui
session * Redirect users to the login page when authentication is required. * Save the current endpoint in the session for post-login redirection.
2024-09-18After login redirect users to the next request endpoint.Alexander_Kabui
2024-09-18Add new optional parameter to session object: redirect_url.Alexander_Kabui
2024-09-17Redirect users to login page if they attempt to access a service that ↵Alexander_Kabui
requires authentication but are not logged in
2024-09-17fix: dynamically get the keys that may contain error messagesJohn Nduli
2024-09-06Fail noisily to help with troubleshooting issues.Frederick Muriuki Muriithi
2024-08-07Merge pull request #855 from jnduli/gn2_profiles_pagesMuriithi Frederick Muriuki
Gn2 Fix profiles pages dashboard
2024-08-07chore: remove passing bearer token to end userJohn Nduli
2024-08-06fix: use bearer token to query auth serverJohn Nduli
2024-08-06fix: pass in proper list of priviledge_idsJohn Nduli
2024-08-05minor code formatting.Frederick Muriuki Muriithi
2024-08-05Update JWKs endpoint documentation.Frederick Muriuki Muriithi
2024-08-05Fix URLFrederick Muriuki Muriithi
2024-08-05Override 'client_secret_post' auth with a JSON equivalentFrederick Muriuki Muriithi
In order to use JSON consistently across the board, we make even the authentication method use JSON rather than FORMDATA.
2024-08-02Consistently use JSON for all endpoints.Frederick Muriuki Muriithi
2024-08-01bug: add missing `count_per_page` variable.Frederick Muriuki Muriithi
2024-08-01Use auto-created and auto-rotated JSON Web KeysFrederick Muriuki Muriithi
Use auto-created JWKs for better security.
2024-08-01Use JWKs from auth server public endpointFrederick Muriuki Muriithi
* Fetch keys from auth server * Validate token is signed with one of the keys from server * Ensure refreshing of token is still synchronised
2024-08-01Add module to help with rotation of JSON Web Keys.Frederick Muriuki Muriithi
2024-07-31Synchronise token refreshesFrederick Muriuki Muriithi
The application can be run in a multi-threaded server, leading to a situation where the multiple threads attempt to get a new JWT using the exact same refresh token. This synchronises the various threads ensuring only a single thread is able to retrieve the new JWT that all the rest of the threads then use.
2024-07-26Use JSON rather than X-Form-URL-encoded data with auth server.Frederick Muriuki Muriithi
2024-07-22Provide PoC public-jwks endpoint.Frederick Muriuki Muriithi
2024-07-17Fix premature session expirationFrederick Muriuki Muriithi
With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while.
2024-07-17Remove redundant import.Frederick Muriuki Muriithi
2024-07-17Remove token and user detail handling from @app.before_requestFrederick Muriuki Muriithi
The token and user details information is handled in the `gn2.wqflask.oauth2.session`. Other parts of the system should make use of that. It also helps avoid some weird "action-at-a-distance" interactions - this forces the code to request what it needs when it needs it and not rely on some global variables.
2024-06-25Remove flawed "group role" idea: use just "role".Frederick Muriuki Muriithi
2024-06-17Remove deprecated endpoints/views and templatesFrederick Muriuki Muriithi
2024-06-17Fix error display logicFrederick Muriuki Muriithi
2024-06-17Fetch the active user's roles on a particular resource.Frederick Muriuki Muriithi
2024-06-17Use privilege objects rather than IDS.Frederick Muriuki Muriithi
2024-06-17Delete request to obsoleted endpoint.Frederick Muriuki Muriithi
2024-06-17Create a new resource role.Frederick Muriuki Muriithi
2024-06-17Update URI formsFrederick Muriuki Muriithi
2024-06-17Use json for communication with gn-authFrederick Muriuki Muriithi
2024-06-11List user assigned role of interest.Frederick Muriuki Muriithi
2024-06-10Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Import the UUID class directly.Frederick Muriuki Muriithi
2024-06-10Implement "Resource Role Page"Frederick Muriuki Muriithi
Show the page, providing all UI elements necessary, even if the elements themselves are not active.
2024-06-10Generalise `render_ur` for the resources pagesFrederick Muriuki Muriithi
2024-06-10Set default headers for OAuth2Client requests.Frederick Muriuki Muriithi
2024-06-07Update UI: Use resource roles rather than obsolete group rolesFrederick Muriuki Muriithi
In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments.
2024-06-06Fix displayed error messageFrederick Muriuki Muriithi
2024-06-06Remove the "Roles" page.Frederick Muriuki Muriithi
generated by cgit v1.2.3 (git 2.44.0) at 2024-11-22 09:30:15 +0000