clinch

Author	SHA1	Message	Date
Dan Milne	75cc223329	303 is the correct response	2026-01-05 13:05:24 +11:00
Dan Milne	25e1043312	Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.	2026-01-05 12:03:01 +11:00
Dan Milne	0bb84f08d6	OpenID conformance test: we get a warning for not having a value for every claim. But we can explictly list support claims. Nothing we can do about a warning in the complience. Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 16:35:12 +11:00
Dan Milne	182682024d	OpenID Conformance: Include all required scopes when profile is requested, even if they're empty Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 15:47:40 +11:00
Dan Milne	b517ebe809	OpenID conformance test: Allow posting the access token in the body for userinfo endpoint Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 15:41:07 +11:00
Dan Milne	f67a73821c	OpenID Conformance: user info endpoint should support get and post requets, not just get Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 15:26:39 +11:00
Dan Milne	b09ddf6db5	OpenID Conformance: We need to return to the redirect_uri in the case of errors. Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 15:12:55 +11:00
Dan Milne	abbb11a41d	Return only scopes requested, add tests ( OpenID conformance test ) Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 14:55:06 +11:00
Dan Milne	ae99d3d9cf	Fix webauthn bug. Fix tests. Update docs Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 15:24:56 +11:00
Dan Milne	1afcd041f9	Update README, fix a test	2026-01-01 15:17:28 +11:00
Dan Milne	71198340d0	fix tests and add a Claude.md file Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 15:11:46 +11:00
Dan Milne	d597ca8810	Fix tests	2026-01-01 14:52:24 +11:00
Dan Milne	9b81aee490	Fix linting error Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 13:45:10 +11:00
Dan Milne	265518ab25	Move integration tests into right directory Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 13:43:13 +11:00
Dan Milne	93a0edb0a2	StandardRB fixes Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 13:29:44 +11:00
Dan Milne	9234904e47	Add security-todo and beta-checklists, and some security rake tasks Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 13:06:54 +11:00
Dan Milne	d036e25fef	Add auth_time, acr and azp support for OIDC claims	2025-12-31 17:07:54 +11:00
Dan Milne	fcdd2b6de7	Continue adding auth_time - need it in the refresh token too, so we can accurately create new access tokens.	2025-12-31 16:57:28 +11:00
Dan Milne	3939ea773f	We already have a login_time stored - the time stamp of the Session instance creation ( created after successful login ).	2025-12-31 16:45:45 +11:00
Dan Milne	4b4afe277e	Include auth_time in ID token. Switch from upsert -> find_and_create_by so we actually get sid values for consent on the creation of the record	2025-12-31 16:36:32 +11:00
Dan Milne	364e6e21dd	Fixes for tests and AR Encryption Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-31 16:08:05 +11:00
Dan Milne	9d352ab8ec	Fix tests - add missing files	2025-12-31 16:01:31 +11:00
Dan Milne	ed7ceedef5	Include the hash of the access token in the JWT / ID Token under the key at_hash as per the requirements. Update the discovery endpoint to describe subject_type as 'pairwise', rather than 'public', since we do pairwise subject ids. Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-31 14:45:38 +11:00
Dan Milne	29c0981a59	Improve readme and tests Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-31 11:56:09 +11:00
Dan Milne	9d402fcd92	Clean up and secure web_authn controller Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-31 11:44:11 +11:00
Dan Milne	cc7beba9de	PKCE is now default enabled. You can now create public / no-secret apps OIDC apps	2025-12-31 09:22:18 +11:00
Dan Milne	00eca6d8b2	Default deny forward_auth requests	2025-12-30 16:04:01 +11:00
Dan Milne	71d59e7367	Remove plain text token from everywhere Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-30 11:58:11 +11:00
Dan Milne	0761c424c1	Fix tests. Remove tests which test rails functionality Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-30 00:18:19 +11:00
Dan Milne	2a32d75895	Fix tests - don't test standard rails features	2025-12-29 19:45:01 +11:00
Dan Milne	4c1df53fd5	Fix more tests Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-29 19:22:08 +11:00
Dan Milne	acab15ce30	Fix more tests	2025-12-29 18:48:41 +11:00
Dan Milne	0361bfe470	Fix forward_auth bugs - including disabled apps still working. Fix forward_auth tests Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-12-29 15:37:12 +11:00
Dan Milne	5b9d15584a	Add more rate limiting, and more restrictive headers	2025-12-29 13:29:14 +11:00
Dan Milne	d6029556d3	Add OIDC fixes, add prefered_username, add application-user claims	2025-11-25 16:29:40 +11:00
Dan Milne	7796c38c08	Add pairwise SID with a UUIDv4, a significatant upgrade over User.id.to_s. Complete allowing admin to enforce TOTP per user Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-23 11:16:06 +11:00
Dan Milne	ab0085e9c9	More complete oidc	2025-11-18 20:02:45 +11:00
Dan Milne	1ee3302319	Improvements derived from rodauth-oauth	2025-11-12 22:17:55 +11:00
Dan Milne	33ad956508	Add test	2025-11-12 15:50:04 +11:00
Dan Milne	038801f34b	Add pkce Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-09 10:21:29 +11:00
Dan Milne	fb14ce032f	Strip out more inline javascript code. Encrypt backup codes and treat the backup codes attribute as a json array	2025-11-04 18:46:11 +11:00
Dan Milne	ef15db77f9	Massive refactor. Merge forward_auth into App, remove references to unimplemented OIDC federation and SAML features. Add group and user custom claims. Groups now allocate which apps a user can use Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-04 13:21:55 +11:00
Dan Milne	baa75a3456	Use the IPAddr library to detect ipv4 and ipv6 addresses Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-29 13:47:23 +11:00
Dan Milne	cfab21b130	More tests	2025-10-28 08:27:19 +11:00
Dan Milne	431e947a4c	Some more tests. Fix invitation link and password reset links. After creating their account and setting a password, the user is logged in Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-26 23:09:38 +11:00
Dan Milne	8dd3e60071	Add a list_sign_in_at field for users so magick links work	2025-10-26 22:40:54 +11:00
Dan Milne	e4e7a0873e	Fixes	2025-10-26 22:03:03 +11:00
Dan Milne	b5b1d94d47	Fix the CLINCH_HOST issue.	2025-10-26 21:59:27 +11:00
Dan Milne	52cfd6122c	Typo. More tests	2025-10-26 20:42:18 +11:00
Dan Milne	227e29ce0a	Fix/add some tests. Configure email sending address	2025-10-26 20:13:39 +11:00

1 2

56 Commits