dex
OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
APACHE-2.0 License
Bot releases are hidden (Show)
Published by srenatus about 6 years ago
This is the first new release after moving dex from github.com/coreos to
github.com/dexidp. In the process, a new Quay repository was created, so
you can find the official docker image for this release at:
quay.io/dexidp/dex:v2.11.0
Note that every merge to master now results in a docker image built in
that repository, making it easier to consume recent code changes, and
allowing for a more automated release process.
Features:
- Updates go to 1.10.2 to support SHA-512 for ldaps (@kpschuck, #1233)
- Fix timeout bug for etcd3 client connect (byxorna, #1266)
- Fix default baseURL for GitLab connector (@AnianZ, #1279)
- Connectors/ldap: treat 'constraint violation' on bind as bad
credentials (@srenatus, #1285)
...and many fixes to the documentation and examples. Thank you, everyone
involved in helping out here. 🎉👏
Published by rithujohn191 over 6 years ago
The official docker image for this release is available at:
quay.io/coreos/dex:v2.10.0
Features:
- Licenses for all dependencies of Dex can be generated (@diegs , https://github.com/coreos/dex/pull/1152)
- Prometheus metrics added (@brancz , https://github.com/coreos/dex/pull/1155)
- New id_provider scope that adds the connector ID and user ID to the ID token claims (@vyshane , https://github.com/coreos/dex/pull/1176)
- Improved documentation (@ericchiang , https://github.com/coreos/dex/pull/1168, https://github.com/coreos/dex/pull/1166, https://github.com/coreos/dex/pull/1157)
- Improved SAML unit tests (@srenatus , https://github.com/coreos/dex/pull/1198)
The official docker image for this release is available at:
quay.io/coreos/dex:v2.9.0
Features:
- The dex docker image is now built with Go 1.9 (@ericchiang, https://github.com/coreos/dex/pull/1119)
- The prompt for password based login options is now configurable (@srenatus, https://github.com/coreos/dex/pull/1116)
- A "select another login option" button has been added to the login page (@srenatus, https://github.com/coreos/dex/pull/1123)
- The proto API definitions now have a java package tag (@vyshane, https://github.com/coreos/dex/pull/1136)
- An Azure AD connector has been added (@pborzenkov, https://github.com/coreos/dex/pull/1131)
Bug fixes:
- Host dependencies from the protobuf build process have been removed (@ericchiang, https://github.com/coreos/dex/pull/1140)
- Rendered error pages now return HTTP error codes (@kkohtaka, https://github.com/coreos/dex/pull/1142)
This is a patch release of v2.8.0 with some minor UX improvements cherry picked.
- Make username prompt configurable https://github.com/coreos/dex/pull/1116
- Display a "go back" link when there are multiple connector https://github.com/coreos/dex/pull/1123
Published by ericchiang almost 7 years ago
Features:
- ID tokens from cross-client requests now include the requesting client ID in the audience (https://github.com/coreos/dex/pull/1088, @dpacierpnik)
- Authenticating proxy login strategy added (https://github.com/coreos/dex/pull/1100, https://github.com/coreos/dex/pull/1104, https://github.com/coreos/dex/pull/1103, @stapelberg)
- LinkedIn login strategy added (https://github.com/coreos/dex/pull/1101, @pborzenkov)
- Kubernetes storage tests are now run on PR (https://github.com/coreos/dex/pull/1072, @ericchiang)
- etcd storage backend added (https://github.com/coreos/dex/pull/1108, @dqminh)
Bug fixes:
- Kubernetes CRD storage HTTP client now has a default timeout (https://github.com/coreos/dex/pull/1085, @rphillips)
- Fix regexp for GitLab HTTP header parsing (https://github.com/coreos/dex/pull/1090, @lsjostro)
- Removed test that required internet access (https://github.com/coreos/dex/pull/1109, @ericchiang)
Misc:
- Docker build now uses multi-stage builds (https://github.com/coreos/dex/pull/1068, @furuholm)
- Kubernetes RBAC requirements for CRD storage (https://github.com/coreos/dex/pull/1081, @lrolaz)
- Additional logs for Kubernetes CRD storage (https://github.com/coreos/dex/pull/1086, @chancez)
- HTML ID attribute added to login page (https://github.com/coreos/dex/pull/1097, @cpanato)
- Additional test for the LDAP connector (https://github.com/coreos/dex/pull/1096, @ericchiang)
Published by rithujohn191 about 7 years ago
This is a patch release of dex with the following changes since v2.6.1:
v2.7.0 contains an issue(#1070) with CRD support. Please refrain from using/upgrading to v2.7.0. Only upgrade to v2.7.1!
NOTE: This release makes use of Custom Resource Definitions (CRDs) instead of Third Party Resources (TPRs) for Kubernetes storage. Since Kubernetes has deprecated TPRs, Dex has now switched to CRDs by default. For existing deployments, this either requires a manual migration of the TPR data to CRDs or a config change to continue to use TRPs.
Features:
CRD Support (#1062)
Migrate TPR to CRD Documentation (#1067)
OIDC conformance test setup Docs (#1050)
Bug Fixes:
Error out if go files aren't correctly formatted (#1064)
Fix panic caused by deleting refresh token twice through api (#1056)
storage backend should not explicitly lower-case email ids (#1046)
Published by estroz about 7 years ago
This is a security release of dex that addresses flaws in API query parameters and groups scope handling logic in the GitHub connector.
Issue 1: Dex's GitHub API calls used a users' display name, instead of login name, and would fail.
Issue 2: Dex would not check whether a user was a member of groups in orgs/org if a client was not configured to communicate the groups scope to dex, regardless of whether orgs/org were populated in the clients' configuration file.
Users of the GitHub connector should update to this release immediately.
Published by estroz about 7 years ago
This is a minor release of dex with the following changes since v2.5.0:
Features:
- Log high
bcryptcosts and password hash timeouts (https://github.com/coreos/dex/pull/1016) - Filter by multiple GitHub organizations and teams, document caveats (https://github.com/coreos/dex/pull/1013, https://github.com/coreos/dex/pull/1019)
- Fetch GitHub private primary email addresses if no public email is available (https://github.com/coreos/dex/pull/1018)
- LDAP and SAML query and configuration logging (https://github.com/coreos/dex/pull/1021)
Bug Fixes:
- Fixed hosted domain support for Google OIDC (https://github.com/coreos/dex/pull/1000)
Published by rithujohn191 over 7 years ago
This is a minor release of dex with the following changes since v2.4.1:
Features:
- Bump golang version to 1.8.3 (#995, #994 )
- Google hosted domain support (#974)
- Updated docs (#989, #980, #972 )
Bug Fixes:
- Fix key rotation with multiple dex instances (#998)
- Avoid generating an invalid ID attribute in SAML's AuthenRequest element (#985)
- fix localhost redirect validation for public clients (#941)
Published by rithujohn191 over 7 years ago
This is a security release of dex that addresses a vulnerability in the LDAP connector.
Issue: Dex does not protect against LDAP servers that allow unauthenticated binds (usually disabled by default), which means a user can login to dex without a password via LDAP.
Users of the LDAP connector should update to this release immediately if their LDAP servers supports unauthenticated bind.
Published by rithujohn191 over 7 years ago
This is a minor release of dex with the following changes since v2.3.1:
Features:
- Promote the SAML connector from experimental to stable (#902, #898).
- Add support for login through GitHub Enterprise (#904).
- Add LDAP integration tests (#900).
Bug Fixes:
- SAML connector workflow bug fixes (#896, #893, #885).
This is a security release of dex that address a vulnerability in SAML response processing. (https://github.com/coreos/dex/issues/895)
Users of the experimental SAML connectors should update to this release immediately.
Published by rithujohn191 over 7 years ago
This is a minor release of dex with the following changes since v2.2.0:
Features:
- Adding a gRPC client example (#812)
- Improve conformance tests (#854)
- Make static storages query real storages for some actions (#855)
- Expose oauth2.RegisterBrokenAuthHeaderProvider (#860)
- Update API version to 2 (#862)
Bug Fixes:
- Storage/kubernetes: fix hash initialization bug (#817)
- Fix conflict error detection in TRP creation (#823)
- Fix expiry detection for verification keys (#829)
- Add missing WHERE statement to refresh token update (#848)
- Validate InResponseTo SAML response field and make issuer optional (#869)
- Fix assertion fallback (#870)
- Connectors without a RefreshConnector should not error out (#872)
- Fix custom CA behavior in example-app (#875)
This is a patch release of v2.2 to backport the following bug fix:
- Fix where statement in SQL query https://github.com/coreos/dex/pull/848
This is a patch release of v2.2 to backport the following bug fix:
- Fix incorrect expiry detection of validation keys https://github.com/coreos/dex/pull/829
Published by rithujohn191 over 7 years ago
This is a patch release of v2.2.0 to backport the following bug fix:
- storage/kubernetes: fix conflict error detection in TRP creation (#823)
Published by rithujohn191 over 7 years ago
This is a patch release of v2.2.0 to backport the following bug fix:
- storage/kubernetes: fix hash initialization bug (#817).
Published by ericchiang over 7 years ago
This is a patch release of v2.2 to backport bug fixes onto v2.2.0.
Bug fixes:
- Fix various bugs in the Kubernetes storage backend (#816)
Published by rithujohn191 over 7 years ago
This is a minor release of dex with the following changes since v2.1.0:
Features:
- Improve SAML Signature and Response Validation (#785).
- Added GitLab connector (#788).
- API call to list refresh tokens (#801).
- Support for Refresh Token revocation via API call (#802).
Bug Fixes:
- Make connector name field mandatory in dex configuration (#783).
- Added pagination support for the github connector (#790).
- Authorization endpoint must support POST (#792).
- Switch from using text/template to html/template (#796).
- Surface "already exists" errors from storage (#809).
