You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Options are now set to parse URLs directly as environmental configuration variables instead of as strings.
Option structures throw errors on first encounter instead of building error string slices which had (at least for me, especially when testing) where struct.New() would create unpredictable struct state and runtime nil pointer errors.
Removed "groups" from the authentication abstraction in favor of having it handled by authorization package. Though google supports groups, support amongst other identity providers is spottier.
Replaced vanilla http client with /x/oauth2 and oidc libraries for identity calls. The big benefit here is as providers update their endpoint URLs in .wellknown we will update as well.
Non standard OpenID connect endpoints like revoke still use vanilla http (see google/okta for examples). Revoke URLs are still populated from .well-known/openid-configuration
Removed internal_utils. If we are concerned about secrets in logs we should either use a secure hash function, or not log it.
Broke out "googleClient" to be its own package since there's nothing really google specific about it. Useful for non-oauth2 endpoints like revoke.
Proxy
Fixed a bug where RequireHTTPS middleware which would cause infinite redirects when served directly where scheme and http-forward-protocol could be empty .
Happy new years. 馃帀
All
Authenticate
urandom
overopenssl rand
.Authenticate/providers
.wellknown
we will update as well..well-known/openid-configuration
Proxy
Deployment
Session/Cookie
Nota bene, the following significant features were removed:
The text was updated successfully, but these errors were encountered: