1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-11-04 08:17:24 -05:00
gitea/modules
Shivaram Lingamneni 2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
..
actions Resolve lint for unused parameter and unnecessary type arguments (#30750) 2024-04-29 08:47:56 +00:00
activitypub
analyze
assetfs
auth Add Passkey login support (#31504) 2024-06-29 22:50:03 +00:00
avatar Use crypto/sha256 (#29386) 2024-02-25 13:32:13 +00:00
badge Implement actions badge svgs (#28102) 2024-02-27 18:56:18 +01:00
base fix OIDC introspection authentication (#31632) 2024-07-23 12:43:03 +00:00
cache Add cache test for admins (#31265) 2024-06-17 21:22:39 +02:00
charset Render embedded code preview by permlink in markdown (#30234) 2024-04-02 17:48:27 +00:00
container Allow disabling authentication related user features (#31535) 2024-07-09 17:36:31 +00:00
csv Render embedded code preview by permlink in markdown (#30234) 2024-04-02 17:48:27 +00:00
dump Refactor "dump" sub-command (#30240) 2024-04-03 02:16:46 +00:00
emoji
eventsource
generate Refactor JWT secret generating & decoding code (#29172) 2024-02-16 15:18:30 +00:00
git Fix slow patch checking with commits that add or remove many files (#31548) 2024-07-04 18:57:11 +00:00
gitgraph
gitrepo Use repo as of renderctx's member rather than a repoPath on metas (#29222) 2024-05-30 07:04:01 +00:00
graceful Remove unused error in graceful manager (#29871) 2024-03-18 21:14:51 +00:00
hcaptcha
highlight
hostmatcher
html
httpcache Also match weakly validated ETags (#28957) 2024-01-29 16:18:40 +00:00
httplib Fix duplicate sub-path for avatars (#31365) 2024-06-15 11:43:57 +08:00
indexer Allow searching issues by ID (#31479) 2024-07-17 00:49:05 +02:00
issue/template Issue Templates: add option to have dropdown printed list (#31577) 2024-07-14 16:38:45 +02:00
json
label
lfs Support legacy _links LFS batch responses (#31513) 2024-06-28 08:42:57 +00:00
log Add some tests to clarify the "must-change-password" behavior (#30693) 2024-04-27 12:23:37 +00:00
markup Fix markdown preview $$ support (#31514) 2024-06-29 23:23:47 +00:00
mcaptcha
metrics Rename project board -> column to make the UI less confusing (#30170) 2024-05-27 08:59:54 +00:00
migration Refactor locale&string&template related code (#29165) 2024-02-14 21:48:45 +00:00
nosql
optional Resolve lint for unused parameter and unnecessary type arguments (#30750) 2024-04-29 08:47:56 +00:00
options
packages Extract and display readme and comments for Composer packages (#30927) 2024-06-14 04:45:52 +00:00
paginator
pprof
private Move database operations of merging a pull request to post receive hook and add a transaction (#30805) 2024-05-07 07:36:48 +00:00
process Update misspell to 0.5.1 and add misspellings.csv (#30573) 2024-04-27 08:03:49 +00:00
proxy
proxyprotocol
public
queue Fix queue test (#30646) 2024-04-22 23:55:43 +00:00
recaptcha
references Refactor to use UnsafeStringToBytes (#31358) 2024-06-14 01:26:33 +00:00
regexplru
repository Fix adopt repository has empty object name in database (#31333) 2024-06-12 18:22:01 +08:00
secret Use crypto/sha256 (#29386) 2024-02-25 13:32:13 +00:00
session Improve oauth2 client "preferred username field" logic and the error handling (#30622) 2024-04-25 11:22:32 +00:00
setting Add option to change mail from user display name (#31528) 2024-07-14 23:27:00 +02:00
sitemap
ssh
storage Enable unparam linter (#31277) 2024-06-11 18:47:45 +00:00
structs add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
svg Refactor markdown attention render (#29984) 2024-03-22 12:16:23 +00:00
sync
system Refactor to use UnsafeStringToBytes (#31358) 2024-06-14 01:26:33 +00:00
templates Refactor names (#31405) 2024-06-19 06:32:45 +08:00
test Remove sub-path from container registry realm (#31293) 2024-06-09 16:29:29 +08:00
testlogger
timeutil Refactor "dump" sub-command (#30240) 2024-04-03 02:16:46 +00:00
translation Render embedded code preview by permlink in markdown (#30234) 2024-04-02 17:48:27 +00:00
turnstile
typesniffer
updatechecker
uri
user
util Refactor to use UnsafeStringToBytes (#31358) 2024-06-14 01:26:33 +00:00
validation
web Refactor names (#31405) 2024-06-19 06:32:45 +08:00
webhook Fix schedule tasks bugs (#28691) 2024-01-12 21:50:38 +00:00