0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-25 08:54:17 -05:00
forgejo/models/fixtures
Johnny Oskarsson a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
..
access.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
access_token.yml
action.yml rework heatmap permissions (#14080) 2020-12-22 03:53:37 +01:00
attachment.yml Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
collaboration.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
comment.yml [API] Add "before" query to ListIssueComments and ListRepoIssue… (#9685) 2020-01-13 17:02:24 +01:00
commit_status.yml
deleted_branch.yml
deploy_key.yml
email_address.yml
follow.yml
gpg_key.yml
gpg_key_import.yml
hook_task.yml
issue.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
issue_assignees.yml
issue_label.yml Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
issue_user.yml
issue_watch.yml
label.yml Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
login_source.yml
milestone.yml [API] ListIssues add filter for milestones (#10148) 2020-04-30 01:15:39 -03:00
notice.yml
notification.yml [API] Add notification endpoint (#9488) 2020-01-09 11:56:32 +00:00
oauth2_application.yml
oauth2_authorization_code.yml
oauth2_grant.yml Minimal OpenID Connect implementation (#14139) 2021-01-02 00:33:27 +08:00
org_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
project.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_board.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_issue.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
protected_branch.yml
public_key.yml test: command keys (#9357) 2019-12-15 08:11:31 +00:00
pull_request.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
reaction.yml
release.yml Delete tag API (#13358) 2020-10-30 20:56:34 -05:00
repo_indexer_status.yml
repo_redirect.yml
repo_topic.yml
repo_unit.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
repository.yml [RFC] Make archival asynchronous (#11296) 2020-11-07 22:27:28 +02:00
review.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
star.yml
stopwatch.yml [API] extend StopWatch (#9196) 2019-12-11 23:23:05 -05:00
team.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
team_repo.yml
team_unit.yml
team_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
topic.yml
tracked_time.yml [API] Extend times API (#9200) 2019-12-27 20:30:58 +00:00
two_factor.yml
u2f_registration.yml
user.yml [RFC] Make archival asynchronous (#11296) 2020-11-07 22:27:28 +02:00
user_open_id.yml
watch.yml
webhook.yml