ambassador-auth-oidc
ambassador-auth-oidc copied to clipboard
ajmyyra
OpenID Connect AuthService for Ambassador API Gateway
in some OIDC provider such as Azure Active Directory it's possible to configure the client application to emit groups claim (or roles claim). For instance, [this](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims) and [that](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles). With these...
Still a work in progress, but the aim is to create a new version of this software more in line with Golang of 2020. This should make it easier to...
Staring it against https keycloak i get this error. 2019/01/17 11:26:54 OIDC provider setup failed: Get https://sso-keycloak-sso.cloudapps02.euan-hume-02-ocp.svcs.dxc.com/auth/realms/kubeflow/.well-known/openid-configuration: x509: certificate signed by unknown authority
I think it would be best-practice to use UTC time explicitly as the dex codebase does: https://github.com/dexidp/dex/search?q=UTC&unscoped_q=UTC Otherwise the code will just use whatever timezone the server is using. I...
Currently every user able to login at OIDC endpoint will be let in. Make it possible to limit users, for example with email domain or if their email_verified is set...
Logging is currently all over the place and repeats itself on many lines. Create a separate logger to handle the cases.