0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-25 21:14:50 +01:00
gitea/modules
Shivaram Lingamneni 2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
..
actions
activitypub
analyze
assetfs
auth Add Passkey login support (#31504) 2024-06-29 22:50:03 +00:00
avatar
badge
base fix OIDC introspection authentication (#31632) 2024-07-23 12:43:03 +00:00
cache Add cache test for admins (#31265) 2024-06-17 21:22:39 +02:00
charset
container Allow disabling authentication related user features (#31535) 2024-07-09 17:36:31 +00:00
csv
dump
emoji
eventsource
generate
git Fix slow patch checking with commits that add or remove many files (#31548) 2024-07-04 18:57:11 +00:00
gitgraph
gitrepo
graceful
hcaptcha
highlight
hostmatcher
html
httpcache
httplib Fix duplicate sub-path for avatars (#31365) 2024-06-15 11:43:57 +08:00
indexer Allow searching issues by ID (#31479) 2024-07-17 00:49:05 +02:00
issue/template Issue Templates: add option to have dropdown printed list (#31577) 2024-07-14 16:38:45 +02:00
json
label
lfs Support legacy _links LFS batch responses (#31513) 2024-06-28 08:42:57 +00:00
log
markup Fix markdown preview $$ support (#31514) 2024-06-29 23:23:47 +00:00
mcaptcha
metrics
migration
nosql
optional
options
packages Extract and display readme and comments for Composer packages (#30927) 2024-06-14 04:45:52 +00:00
paginator
pprof
private
process
proxy
proxyprotocol
public
queue
recaptcha
references Refactor to use UnsafeStringToBytes (#31358) 2024-06-14 01:26:33 +00:00
regexplru
repository Fix adopt repository has empty object name in database (#31333) 2024-06-12 18:22:01 +08:00
secret
session
setting Add option to change mail from user display name (#31528) 2024-07-14 23:27:00 +02:00
sitemap
ssh
storage
structs add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
svg
sync
system Refactor to use UnsafeStringToBytes (#31358) 2024-06-14 01:26:33 +00:00
templates Refactor names (#31405) 2024-06-19 06:32:45 +08:00
test
testlogger
timeutil
translation
turnstile
typesniffer
updatechecker
uri
user
util Refactor to use UnsafeStringToBytes (#31358) 2024-06-14 01:26:33 +00:00
validation
web Refactor names (#31405) 2024-06-19 06:32:45 +08:00
webhook