mirror of
1
Fork 0
forgejo/models/fixtures
Johnny Oskarsson a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
..
access.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
access_token.yml Hash App token (#6724) 2019-05-04 11:45:34 -04:00
action.yml rework heatmap permissions (#14080) 2020-12-22 03:53:37 +01:00
attachment.yml Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
collaboration.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
comment.yml [API] Add "before" query to ListIssueComments and ListRepoIssue… (#9685) 2020-01-13 17:02:24 +01:00
commit_status.yml Status-API (#1332) 2017-04-21 19:32:31 +08:00
deleted_branch.yml Add deleted_branch table fixture (#2832) 2017-11-04 15:31:59 +02:00
deploy_key.yml Writable deploy keys (closes #671) (#3225) 2018-01-07 00:55:53 +02:00
email_address.yml test: Add user mail testing. (#833) 2017-02-04 09:20:56 +08:00
follow.yml Fix and test for delete user (#1713) 2017-05-20 16:48:22 +08:00
gpg_key.yml Add missing fixture to clean gpg_key table (#2494) 2017-09-12 13:54:45 +03:00
gpg_key_import.yml add .gpg url (match github behaviour) (#6610) 2019-04-14 12:43:56 -04:00
hook_task.yml API endpoint for testing webhook (#3550) 2018-04-29 14:21:33 +08:00
issue.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
issue_assignees.yml [UI] IssuePage multi repo select (#8741) 2019-12-01 22:50:36 -05:00
issue_label.yml Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
issue_user.yml Multiple assignees (#3705) 2018-05-09 19:29:04 +03:00
issue_watch.yml Refactor Issues Subscription (#8738) 2019-11-20 22:50:54 +08:00
label.yml Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
login_source.yml Add LDAP integration tests (#3897) 2018-05-11 15:55:32 +08:00
milestone.yml [API] ListIssues add filter for milestones (#10148) 2020-04-30 01:15:39 -03:00
notice.yml Unit tests for models/admin 2017-01-09 21:49:51 +01:00
notification.yml [API] Add notification endpoint (#9488) 2020-01-09 11:56:32 +00:00
oauth2_application.yml Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
oauth2_authorization_code.yml Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
oauth2_grant.yml Minimal OpenID Connect implementation (#14139) 2021-01-02 00:33:27 +08:00
org_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
project.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_board.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_issue.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
protected_branch.yml Don't recreate database in integration tests (#1697) 2017-05-11 23:32:43 +08:00
public_key.yml test: command keys (#9357) 2019-12-15 08:11:31 +00:00
pull_request.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
reaction.yml [API] Add Reactions (#9220) 2019-12-07 17:04:19 -05:00
release.yml Delete tag API (#13358) 2020-10-30 20:56:34 -05:00
repo_indexer_status.yml Code/repo search (#2582) 2017-10-27 09:10:54 +03:00
repo_redirect.yml Unit tests for repo redirects (#961) 2017-02-17 08:55:33 +08:00
repo_topic.yml Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
repo_unit.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
repository.yml [RFC] Make archival asynchronous (#11296) 2020-11-07 22:27:28 +02:00
review.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
star.yml Unit tests for models/star (#752) 2017-01-25 18:37:10 +08:00
stopwatch.yml [API] extend StopWatch (#9196) 2019-12-11 23:23:05 -05:00
team.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
team_repo.yml Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
team_unit.yml Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
team_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
topic.yml Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
tracked_time.yml [API] Extend times API (#9200) 2019-12-27 20:30:58 +00:00
two_factor.yml org/members: display 2FA members states + optimize sql requests (#7621) 2019-08-02 12:06:27 -04:00
u2f_registration.yml Add support for FIDO U2F (#3971) 2018-05-19 17:12:37 +03:00
user.yml [RFC] Make archival asynchronous (#11296) 2020-11-07 22:27:28 +02:00
user_open_id.yml Show user OpenID URIs in their profile (#1314) 2017-03-20 09:31:08 +01:00
watch.yml Auto-subscribe user to repository when they commit/tag to it (#7657) 2019-11-10 09:22:19 +00:00
webhook.yml Implement webhook branch filter (#7791) 2019-09-09 08:48:21 +03:00