Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3077 commits
Select commit Hold shift + click to select a range
3ab0947
build(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4609)
dependabot[bot] Mar 5, 2026
a11b3cd
feat(gitlab): implement TokenIdentity method (#4606)
nabokihms Mar 5, 2026
7870871
build(deps): bump golang from 1.26.0-alpine3.22 to 1.26.1-alpine3.22 …
dependabot[bot] Mar 6, 2026
91bf627
build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#4…
dependabot[bot] Mar 6, 2026
8dce952
build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#4613)
dependabot[bot] Mar 6, 2026
976e45e
build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#4614)
dependabot[bot] Mar 6, 2026
f4c3102
build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 (#4615)
dependabot[bot] Mar 6, 2026
591a201
feat(tests): add MySQL 8 support in CI and tests (#4617)
nabokihms Mar 6, 2026
c03a687
fix(server): handle double-submit on approval endpoint (#4620)
mark-liu Mar 8, 2026
e2462a2
build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /examp…
dependabot[bot] Mar 9, 2026
9ba3c3f
build(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0 (#4…
dependabot[bot] Mar 9, 2026
74dd7ee
build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 (#4623)
dependabot[bot] Mar 9, 2026
e67c47c
build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 (#4624)
dependabot[bot] Mar 9, 2026
01b6822
build(deps): bump google.golang.org/grpc in /examples (#4626)
dependabot[bot] Mar 9, 2026
a4136db
build(deps): bump google.golang.org/grpc in /api/v2 (#4625)
dependabot[bot] Mar 9, 2026
35c0b56
build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#4628)
dependabot[bot] Mar 10, 2026
7bd3c2a
build(deps): bump google.golang.org/api from 0.269.0 to 0.270.0 (#4630)
dependabot[bot] Mar 10, 2026
ae8c5af
build(deps): bump anchore/sbom-action from 0.23.0 to 0.23.1 (#4629)
dependabot[bot] Mar 10, 2026
3d97c59
test: add concurrency tests for storage implementations (#4631)
nabokihms Mar 10, 2026
47b6454
build(deps): bump google.golang.org/api from 0.270.0 to 0.271.0 (#4633)
dependabot[bot] Mar 11, 2026
7777773
feat(connector): connectors for grants (#4619)
nabokihms Mar 11, 2026
f80a89d
feat(client): add allowed connectors field to client configuration (#…
nabokihms Mar 11, 2026
80d297b
feat: update CSS for improved theming and button styles (#4634)
nabokihms Mar 12, 2026
734d60f
build(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#4636)
dependabot[bot] Mar 12, 2026
13f012f
build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (#4635)
dependabot[bot] Mar 12, 2026
2bda646
test: fix token introspection tests to use consistent timestamps (#4639)
nabokihms Mar 13, 2026
5bbfbbe
feat: add PKCE (Proof Key for Code Exchange) configuration to OAuth2 …
nabokihms Mar 13, 2026
0568abe
DEP: CEL integration (#4601)
nabokihms Mar 13, 2026
175dc57
feat(cel): implement CEL compiler with library (#4607)
nabokihms Mar 13, 2026
e8f79fe
DEP: Auth Sessions - Introduce (#4561)
nabokihms Mar 14, 2026
5a4395f
feat: add UserIdentity entity and CRUD operations (#4643)
nabokihms Mar 14, 2026
4fb3e78
feat(logger): add excludeFields config for PII redaction (#4621)
mark-liu Mar 15, 2026
fe79863
build(deps): bump mheap/github-action-required-labels (#4649)
dependabot[bot] Mar 16, 2026
4433b36
build(deps): bump distroless/static-debian13 from `f512d81` to `e3f94…
dependabot[bot] Mar 16, 2026
93985de
fix: increase lock acquisition attempts from 60 to 200 for better rel…
nabokihms Mar 16, 2026
0f9b7eb
Pin GitHub API version in requests (#4647)
utafrali Mar 16, 2026
12339f2
feat: implement user identity creation and persisting consent (#4645)
nabokihms Mar 16, 2026
6b9ce00
feat: implement AuthSession CRUD operations (#4646)
nabokihms Mar 16, 2026
de1e85a
build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 (#4651)
dependabot[bot] Mar 17, 2026
72e63fa
build(deps): bump google.golang.org/api from 0.271.0 to 0.272.0 (#4652)
dependabot[bot] Mar 17, 2026
d31ed97
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.34 to 1.14.37…
dependabot[bot] Mar 17, 2026
90fd51b
feat(ldap): allow specifying multiple attributes on username input (#…
yardenshoham Mar 17, 2026
1e65dda
fix(localSigner): simplify Algorithm method to always return RSA algo…
nabokihms Mar 17, 2026
285d83b
build(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#4658)
dependabot[bot] Mar 18, 2026
7f4a5a7
build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.12 to 3.4.13 (#…
dependabot[bot] Mar 18, 2026
8af6d3c
build(deps): bump google.golang.org/grpc in /examples (#4661)
dependabot[bot] Mar 18, 2026
cbd7dd7
feat: Create AuthSessions and set cookies (#4650)
nabokihms Mar 18, 2026
503ddca
DEP for Identity Assertion JWT Authorization Grant (ID-JAG) / request…
kanywst Mar 18, 2026
86abd33
Two-Factor authentication (TOTP) (#3712)
nabokihms Mar 18, 2026
8938c98
build(deps): bump github.com/russellhaering/goxmldsig (#4664)
dependabot[bot] Mar 18, 2026
56914a8
build(deps): bump github.com/lib/pq from 1.11.2 to 1.12.0 (#4666)
dependabot[bot] Mar 19, 2026
ff5bc7c
build(deps): bump actions/cache from 5.0.3 to 5.0.4 (#4665)
dependabot[bot] Mar 19, 2026
7ec1760
feat: Add OIDC conformance testing scripts and configuration (#4663)
nabokihms Mar 19, 2026
c3bc1d7
feat: add auth_time, prompt, and max_age fields (#4662)
nabokihms Mar 19, 2026
92f51f9
fix non-constant format string in call to newRedirectedErr (#4671)
taylorsilva Mar 20, 2026
3b5be6a
Disable MFA configuration in config-dev.yaml (#4672)
nabokihms Mar 20, 2026
5bbc400
feat: implement id_token_hint (#4670)
nabokihms Mar 20, 2026
449f664
feat: Add AuthSession GC (#4667)
nabokihms Mar 20, 2026
3c7e159
chore: update Go and gRPC dependencies to latest versions (#4673)
nabokihms Mar 20, 2026
363e9d5
feat: use protobuf for session cookie (#4675)
nabokihms Mar 20, 2026
9d22748
build(deps): bump github/codeql-action from 4.33.0 to 4.34.1 (#4679)
dependabot[bot] Mar 24, 2026
2e41d5b
build(deps): bump anchore/sbom-action from 0.23.1 to 0.24.0 (#4681)
dependabot[bot] Mar 24, 2026
894f87d
build(deps): bump the etcd group with 2 updates (#4680)
dependabot[bot] Mar 24, 2026
cf2c017
build(deps): update entgo.io/ent to v0.14.6 and ariga.io/atlas to v0.…
nabokihms Mar 24, 2026
08dc8ee
docs: add CONTRIBUTING.md (#4685)
nabokihms Mar 25, 2026
098ab60
feat: support ES256 local signer (#4682)
space-arens Mar 25, 2026
896c695
build(deps): bump google.golang.org/api from 0.272.0 to 0.273.0 (#4689)
dependabot[bot] Mar 26, 2026
58e387a
build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (#4692)
dependabot[bot] Mar 27, 2026
9f92c71
feat: cookies encryption support (#4676)
nabokihms Mar 27, 2026
9caf0f1
feat: prompt select_login (#4678)
nabokihms Mar 27, 2026
1558aac
fix: fix handler tests after merging cookie enc (#4693)
nabokihms Mar 27, 2026
31cf652
feat: add a jti per default (#4695)
bufferoverflow Mar 28, 2026
89f4321
Updating the maintainers list (#4696)
nabokihms Mar 29, 2026
bf323d3
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.37 to 1.14.38…
dependabot[bot] Mar 30, 2026
6e695a6
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#4700)
dependabot[bot] Mar 30, 2026
2fa7d80
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 (#4698)
dependabot[bot] Mar 30, 2026
f90a36c
docs: mention LDAP recursionGroupAttr in config.yaml.dist (#4697)
space-arens Mar 30, 2026
780cbe1
feat: disconnect upstream refreshing
nabokihms Mar 30, 2026
8031f5b
feat: add home page with user session info (#4677)
nabokihms Mar 30, 2026
bc8f045
feat: include prompt=select_account in back link for multiple connect…
nabokihms Mar 30, 2026
d4807b6
fix: update parseSession callas after merging home page (#4701)
nabokihms Mar 30, 2026
830fca9
fix: migrate Bitbucket Cloud connector to current workspace API (#4687)
nicknikolakakis Mar 31, 2026
06c5233
build(deps): bump github.com/lib/pq from 1.12.0 to 1.12.1 (#4702)
dependabot[bot] Mar 31, 2026
142d776
build(deps): bump google.golang.org/api from 0.273.0 to 0.273.1 (#4707)
dependabot[bot] Apr 1, 2026
486320d
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (…
dependabot[bot] Apr 1, 2026
58f148d
feat: implement OIDC RP-Initiated logout (#4674)
nabokihms Apr 1, 2026
546e66c
feat: add WebAuthn support (#4704)
nabokihms Apr 2, 2026
3bf25fd
feat: add SSO sharing policy (#4705)
nabokihms Apr 2, 2026
6f2e233
feat: example app session refactoring (#4712)
nabokihms Apr 2, 2026
ed88652
build(deps): bump google.golang.org/grpc in /examples (#4710)
dependabot[bot] Apr 2, 2026
61635a6
build(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 (#4709)
dependabot[bot] Apr 2, 2026
6511fb9
build(deps): bump the etcd group with 2 updates (#4708)
dependabot[bot] Apr 2, 2026
5b5b467
build(deps): bump github.com/go-jose/go-jose/v4 (#4718)
dependabot[bot] Apr 3, 2026
7bd2f57
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.38 to 1.14.39…
dependabot[bot] Apr 3, 2026
af47557
build(deps): bump github.com/go-webauthn/webauthn from 0.16.1 to 0.16…
dependabot[bot] Apr 3, 2026
503e461
build(deps): bump github.com/lib/pq from 1.12.1 to 1.12.2 (#4716)
dependabot[bot] Apr 3, 2026
6e7a983
build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4713)
dependabot[bot] Apr 3, 2026
a10dd9b
build(deps): bump google.golang.org/api from 0.273.1 to 0.274.0 (#4714)
dependabot[bot] Apr 3, 2026
a90912e
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.39 to 1.14.40…
dependabot[bot] Apr 6, 2026
a0f1231
build(deps): bump github.com/go-webauthn/webauthn from 0.16.2 to 0.16…
dependabot[bot] Apr 6, 2026
ea243dd
build(deps): bump github.com/lib/pq from 1.12.2 to 1.12.3 (#4720)
dependabot[bot] Apr 6, 2026
0977c87
docs: update README and remove gitpod (#4719)
nabokihms Apr 6, 2026
4d4c58d
Use the C approach
nabokihms Apr 6, 2026
90bb8eb
Fixes according to codereview comments
nabokihms Apr 6, 2026
832caae
build(deps): bump oras-project/setup-oras from 1.2.4 to 2.0.0 (#4723)
dependabot[bot] Apr 7, 2026
cda5c37
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.40 to 1.14.41…
dependabot[bot] Apr 7, 2026
9c138ef
fix: mfa not enforced on session validation (#4726)
jnfrati Apr 8, 2026
52ef42f
build(deps): bump golang from 1.26.1-alpine3.22 to 1.26.2-alpine3.22 …
dependabot[bot] Apr 8, 2026
d11dbd2
build(deps): bump google.golang.org/api from 0.274.0 to 0.275.0 (#4729)
dependabot[bot] Apr 8, 2026
05c23bd
build(deps): bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 …
dependabot[bot] Apr 8, 2026
95fefb4
build(deps): bump github.com/coreos/go-oidc/v3 in /examples (#4730)
dependabot[bot] Apr 8, 2026
2fb5d78
feat: Add more tests for sessions and edge case
nabokihms Apr 8, 2026
6189b20
Fix nonce comparison to prevent timing
nabokihms Apr 8, 2026
ae0c5c0
Fix linter
nabokihms Apr 8, 2026
683d1ee
feat: Add more tests for sessions and edge cases (#4731)
nabokihms Apr 8, 2026
066f34c
build(deps): bump github.com/google/cel-go from 0.27.0 to 0.28.0 (#4733)
dependabot[bot] Apr 9, 2026
0e0b936
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.41 to 1.14.42…
dependabot[bot] Apr 9, 2026
f49dddc
build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 (#4738)
dependabot[bot] Apr 10, 2026
eec8f76
feat(microsoft): map userPrincipalName to preferred_username claim (#…
matzegebbe Apr 10, 2026
410a58f
build(deps): bump github.com/go-webauthn/webauthn from 0.16.3 to 0.16…
dependabot[bot] Apr 10, 2026
bdfac38
build(deps): bump docker/build-push-action from 7.0.0 to 7.1.0 (#4740)
dependabot[bot] Apr 13, 2026
6f78bb6
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#4741)
dependabot[bot] Apr 13, 2026
acd853b
build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#4744)
dependabot[bot] Apr 14, 2026
6f68a40
feat(oauth2): populate groups claim in client_credentials tokens (#4691)
carlesarnal Apr 14, 2026
5d33f94
build(deps): bump alpine from 3.23.3 to 3.23.4 (#4746)
dependabot[bot] Apr 16, 2026
2d12818
build(deps): bump google.golang.org/api from 0.275.0 to 0.276.0 (#4745)
dependabot[bot] Apr 16, 2026
5f9ad5c
build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#4747)
dependabot[bot] Apr 16, 2026
75934f3
Add OpenSSF Best Practices badge (#4748)
nabokihms Apr 16, 2026
6cf5b52
Add LFX Health Score badge (#4749)
nabokihms Apr 16, 2026
ec003f5
Read User Identity once
nabokihms Apr 17, 2026
ed65360
feat: disconnect upstream refreshing (#4703)
nabokihms Apr 18, 2026
273de3b
build(deps): bump github.com/go-webauthn/webauthn from 0.16.4 to 0.16…
dependabot[bot] Apr 20, 2026
15bed0b
build(deps): bump golang from `c259ff7` to `18e6f5a` (#4750)
dependabot[bot] Apr 20, 2026
7154549
build(deps): bump golang from `18e6f5a` to `7ef9411` (#4753)
dependabot[bot] Apr 21, 2026
4c99c75
build(deps): bump github.com/go-webauthn/webauthn from 0.16.5 to 0.17…
dependabot[bot] Apr 21, 2026
050b262
build(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 (#4…
dependabot[bot] Apr 23, 2026
d7ba134
build(deps): bump github.com/Azure/go-ntlmssp from 0.1.0 to 0.1.1 (#4…
dependabot[bot] Apr 24, 2026
98c0b47
fix(google): preserve username when absent in refresh token (#4758)
hisamafahri Apr 28, 2026
b3bb230
feat: Add Kerberos support (#4640)
Jabejixo Apr 29, 2026
0d80ea7
build(deps): bump github.com/go-sql-driver/mysql from 1.9.3 to 1.10.0…
dependabot[bot] Apr 30, 2026
a6b7ef0
build(deps): bump google.golang.org/api from 0.276.0 to 0.277.0 (#4763)
dependabot[bot] Apr 30, 2026
2db4a35
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.42 to 1.14.44…
dependabot[bot] May 5, 2026
81ba65a
build(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2 (#4779)
dependabot[bot] May 7, 2026
60ca776
build(deps): bump google.golang.org/api from 0.277.0 to 0.278.0 (#4778)
dependabot[bot] May 7, 2026
5eb9530
build(deps): bump google.golang.org/grpc in /examples (#4775)
dependabot[bot] May 7, 2026
c57f56f
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#4768)
dependabot[bot] May 7, 2026
b940e43
build(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 (#4772)
dependabot[bot] May 7, 2026
f074c3d
build(deps): bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1 (…
dependabot[bot] May 7, 2026
b0ac753
feat(server): log successful token exchange requests (#4780)
0x2b3bfa0 May 8, 2026
a99e764
build(deps): bump golang from 1.26.2-alpine3.22 to 1.26.3-alpine3.22 …
dependabot[bot] May 9, 2026
67fcd7b
build(deps): bump github.com/go-webauthn/webauthn from 0.17.0 to 0.17…
dependabot[bot] May 9, 2026
7d3bb7e
build(deps): bump the etcd group across 1 directory with 2 updates (#…
dependabot[bot] May 9, 2026
ca3d567
build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#4782)
dependabot[bot] May 9, 2026
344cc3c
build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 (#4789)
dependabot[bot] May 11, 2026
4eec117
build(deps): bump github.com/go-webauthn/webauthn from 0.17.2 to 0.17…
dependabot[bot] May 11, 2026
aaf8f28
ci: improve behavior for first time forks (#4790)
cardoe May 11, 2026
f0cd676
fix(server): enforce client.AllowedConnectors in handleTokenExchange …
matte1782 May 11, 2026
4b634da
build(deps): bump google.golang.org/api from 0.278.0 to 0.280.0 (#4801)
dependabot[bot] May 20, 2026
cd5f614
build(deps): bump github.com/google/cel-go from 0.28.0 to 0.28.1 (#4792)
dependabot[bot] May 20, 2026
66005b9
build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#4799)
dependabot[bot] May 20, 2026
f242140
build(deps): bump distroless/static-debian13 from `e3f9456` to `963fa…
dependabot[bot] May 20, 2026
eefcd80
build(deps): bump google.golang.org/grpc in /examples (#4795)
dependabot[bot] May 20, 2026
6e13117
build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.…
dependabot[bot] May 20, 2026
e703bc3
feat(gitlab): support inherited group claims (#4800)
AntonKulyashov May 20, 2026
b78c3dd
fix(gitlab): avoid openid scope without groups (#4810)
space-arens May 27, 2026
dbb8276
fix(storage): compare DeviceRequest expiry by instant in conformance …
arpitjain099 Jun 5, 2026
29183b7
build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#4803)
dependabot[bot] Jun 5, 2026
274455a
build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 (#4809)
dependabot[bot] Jun 5, 2026
86298b8
build(deps): bump alpine from 3.23.4 to 3.24.0 (#4820)
dependabot[bot] Jun 10, 2026
bab7f0f
build(deps): bump the etcd group across 1 directory with 2 updates (#…
dependabot[bot] Jun 10, 2026
c306797
build(deps): bump github.com/go-webauthn/webauthn from 0.17.3 to 0.17…
dependabot[bot] Jun 10, 2026
7d73f7e
build(deps): bump docker/login-action from 4.1.0 to 4.2.0 (#4807)
dependabot[bot] Jun 10, 2026
275a7b2
build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 (#4804)
dependabot[bot] Jun 10, 2026
035be36
build(deps): bump google.golang.org/api from 0.280.0 to 0.283.0 (#4816)
dependabot[bot] Jun 10, 2026
5abce27
build(deps): bump docker/metadata-action from 6.0.0 to 6.1.0 (#4806)
dependabot[bot] Jun 10, 2026
1018112
build(deps): bump golang from 1.26.3-alpine3.22 to 1.26.4-alpine3.22 …
dependabot[bot] Jun 10, 2026
d57ed65
build(deps): bump docker/build-push-action from 7.1.0 to 7.2.0 (#4802)
dependabot[bot] Jun 16, 2026
8f65c7e
build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#4826)
dependabot[bot] Jun 16, 2026
e236751
build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#4825)
dependabot[bot] Jun 16, 2026
c13b373
build(deps): bump google.golang.org/api from 0.283.0 to 0.284.0 (#4822)
dependabot[bot] Jun 16, 2026
6b62669
build(deps): bump github/codeql-action from 4.36.0 to 4.36.2 (#4819)
dependabot[bot] Jun 16, 2026
c54d121
build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 (#4805)
dependabot[bot] Jun 16, 2026
db855ad
build(deps): bump alpine from 3.24.0 to 3.24.1 (#4834)
dependabot[bot] Jun 17, 2026
5a9736a
build(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#4824)
dependabot[bot] Jun 23, 2026
9bacf95
build(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#4823)
dependabot[bot] Jun 23, 2026
02ec139
feat: gRPC API for sessions (#4783)
nabokihms Jun 23, 2026
c4a2320
build(deps): bump github.com/coreos/go-oidc/v3 in /examples (#4838)
dependabot[bot] Jun 23, 2026
4356379
build(deps): bump google.golang.org/api from 0.284.0 to 0.286.0 (#4835)
dependabot[bot] Jun 23, 2026
c36be68
build(deps): bump github.com/coreos/go-oidc/v3 from 3.18.0 to 3.19.0 …
dependabot[bot] Jun 23, 2026
e93dcf4
build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#4840)
dependabot[bot] Jun 23, 2026
4eced3f
build(deps): bump actions/setup-go from 6.4.0 to 6.5.0
dependabot[bot] Jun 24, 2026
847872d
build(deps): bump github.com/openbao/openbao/api/v2 from 2.5.1 to 2.6…
dependabot[bot] Jun 24, 2026
f5c7bc5
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.44 to 1.14.47
dependabot[bot] Jun 24, 2026
5d04dfb
build(deps): bump actions/cache from 5.0.5 to 6.0.0 (#4846)
dependabot[bot] Jun 24, 2026
dc12afa
Merge pull request #4847 from dexidp/dependabot/github_actions/action…
sagikazarmark Jul 2, 2026
7bda291
Merge pull request #4849 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Jul 2, 2026
d2cfe8e
build: replace nix flake with devenv environment
sagikazarmark Jul 2, 2026
287c31d
Merge pull request #4863 from dexidp/devenv
sagikazarmark Jul 2, 2026
bd5e9b6
test(connector/saml): update expired OAM test cert
sagikazarmark Jul 2, 2026
b31f708
Merge pull request #4864 from dexidp/fix-expired-saml-oam
sagikazarmark Jul 2, 2026
8a38891
build(deps): bump docker/setup-qemu-action from 4.1.0 to 4.2.0
dependabot[bot] Jul 2, 2026
ae48e32
build(deps): bump the etcd group across 1 directory with 2 updates
dependabot[bot] Jul 2, 2026
c5cfdeb
build(deps): bump actions/cache from 6.0.0 to 6.1.0
dependabot[bot] Jul 2, 2026
4f05ab3
build(deps): bump google.golang.org/grpc from 1.81.1 to 1.82.0
dependabot[bot] Jul 2, 2026
ea9c9a5
build(deps): bump actions/attest-build-provenance from 4.1.0 to 4.1.1
dependabot[bot] Jul 2, 2026
ef4a709
build(deps): bump actions/cache/save from 6.0.0 to 6.1.0
dependabot[bot] Jul 2, 2026
2683d0b
Merge pull request #4861 from dexidp/dependabot/go_modules/etcd-15be9…
sagikazarmark Jul 2, 2026
62de099
Merge pull request #4860 from dexidp/dependabot/github_actions/docker…
sagikazarmark Jul 2, 2026
aaa50d0
Merge pull request #4856 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Jul 2, 2026
ff8f3a0
Merge pull request #4854 from dexidp/dependabot/github_actions/action…
sagikazarmark Jul 2, 2026
388f4b6
Merge pull request #4853 from dexidp/dependabot/github_actions/action…
sagikazarmark Jul 2, 2026
0082deb
Merge pull request #4852 from dexidp/dependabot/github_actions/action…
sagikazarmark Jul 2, 2026
fac54c9
build(deps): bump google.golang.org/api from 0.286.0 to 0.287.0
dependabot[bot] Jul 2, 2026
955b498
Merge pull request #4855 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Jul 2, 2026
545573b
build(deps): bump google.golang.org/grpc in /api/v2
dependabot[bot] Jul 2, 2026
4b8fa12
build(deps): bump google.golang.org/grpc in /examples
dependabot[bot] Jul 2, 2026
e8aaa98
GitHub Connector: Implement support for refresh tokens
matheuscscp Jun 23, 2026
ac16810
Merge pull request #4857 from dexidp/dependabot/go_modules/api/v2/goo…
sagikazarmark Jul 2, 2026
d36ca4b
Merge pull request #4858 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Jul 2, 2026
c6ea5d1
Merge pull request #4845 from matheuscscp/github-refresh-tokens
sagikazarmark Jul 2, 2026
4bfc182
build(deps): bump golang.org/x/net (#4871)
dependabot[bot] Jul 7, 2026
f813439
feat: add logout confirmation page (#4734)
nabokihms Jul 7, 2026
07d464c
build(deps): bump golang.org/x/net (#4870)
dependabot[bot] Jul 7, 2026
17a54e9
build(deps): bump docker/metadata-action from 6.1.0 to 6.2.0 (#4867)
dependabot[bot] Jul 7, 2026
4df839f
build(deps): bump docker/login-action from 4.2.0 to 4.4.0 (#4873)
dependabot[bot] Jul 8, 2026
7b088d9
build(deps): bump github.com/google/cel-go from 0.28.1 to 0.29.1 (#4872)
dependabot[bot] Jul 8, 2026
ec1a183
build(deps): bump google.golang.org/api from 0.287.0 to 0.287.1 (#4874)
dependabot[bot] Jul 8, 2026
5af2b61
fix(mfa): enforce WebAuthn clone detection, TOTP single-use, and acco…
nabokihms Jul 11, 2026
7cb2317
fix(sessions): make SSO sharing non-transitive; drop redirect_uri dou…
nabokihms Jul 11, 2026
e463862
build(deps): bump distroless/static-debian13 from `963fa6c` to `d29e6…
dependabot[bot] Jul 12, 2026
0a52cf2
build(deps): bump github.com/coreos/go-oidc/v3 in /examples (#4883)
dependabot[bot] Jul 12, 2026
4b8735e
build(deps): bump github/codeql-action/upload-sarif (#4878)
dependabot[bot] Jul 12, 2026
a5ed0cb
fix(server): enforce client AllowedConnectors on all token grants (#4…
nabokihms Jul 14, 2026
01b2461
build(deps): bump oras-project/setup-oras from 2.0.0 to 2.0.1 (#4888)
dependabot[bot] Jul 14, 2026
fd84b8e
refactor(server): split handlers.go into focused per-flow files (#4891)
nabokihms Jul 14, 2026
0969327
refactor(server): split the device flow into focused per-flow files (…
nabokihms Jul 14, 2026
21d30c2
feat(server): introduce a token issuer abstraction (#4893)
nabokihms Jul 15, 2026
82a5e4a
build(deps): bump distroless/static-debian13 from `d29e660` to `f7f8f…
dependabot[bot] Jul 15, 2026
08a88e1
build(deps): bump golang.org/x/net from 0.56.0 to 0.57.0 (#4880)
dependabot[bot] Jul 15, 2026
6de9d1d
build(deps): bump docker/build-push-action from 7.2.0 to 7.3.0 (#4865)
dependabot[bot] Jul 15, 2026
7696618
feat(server): own the refresh token lifecycle in the issuer (#4895)
nabokihms Jul 15, 2026
a5db0df
build(deps): bump mheap/github-action-required-labels (#4875)
dependabot[bot] Jul 15, 2026
69045b4
refactor(server): split templates, connector cache and tokens into su…
nabokihms Jul 15, 2026
cf4ab8b
refactor(server): add a handler abstraction and extract discovery (#4…
nabokihms Jul 16, 2026
7896f96
refactor(server): extract the device authorization endpoints into a p…
nabokihms Jul 16, 2026
5e0dc1e
build(deps): bump actions/setup-go from 6.5.0 to 7.0.0 (#4900)
dependabot[bot] Jul 16, 2026
b95ce94
connector/oidc: allow overriding userinfo and device auth URLs (#4897)
Kunalbehbud Jul 16, 2026
7ba767f
refactor(server): move the request codecs into internal and extract h…
nabokihms Jul 16, 2026
dbf7af7
docs(server): give each subpackage a doc.go (#4909)
nabokihms Jul 16, 2026
302ac1f
build(deps): bump google.golang.org/grpc in /examples (#4904)
dependabot[bot] Jul 16, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 2 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
bin
bin/
tmp/
30 changes: 30 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
root = true

[*]
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true

[*.go]
indent_style = tab

[*.proto]
indent_size = 2

[{Makefile,*.mk}]
indent_style = tab

[{config.yaml.dist,config.dev.yaml}]
indent_size = 2

[.golangci.yaml]
indent_size = 2

[*.nix]
indent_size = 2

[devenv.yaml]
indent_size = 2
2 changes: 2 additions & 0 deletions .github/.editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[{*.yml,*.yaml}]
indent_size = 2
3 changes: 3 additions & 0 deletions .github/CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## Community Code of Conduct

This project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
File renamed without changes.
102 changes: 102 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
name: 🐛 Bug report
description: Report a bug to help us improve Dex
body:
- type: markdown
attributes:
value: |
Thank you for submitting a bug report!

Please fill out the template below to make it easier to debug your problem.

If you are not sure if it is a bug or not, you can contact us via the available [support channels](https://github.com/dexidp/dex/issues/new/choose).
- type: checkboxes
attributes:
label: Preflight Checklist
description: Please ensure you've completed all of the following.
options:
- label: I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
required: true
- label: I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
required: true
- label: I am not looking for support or already pursued the available [support channels](https://github.com/dexidp/dex/issues/new/choose) without success.
required: true
- type: input
attributes:
label: Version
description: What version of Dex are you running?
placeholder: 2.29.0
validations:
required: true
- type: dropdown
attributes:
label: Storage Type
description: Which persistent storage type are you using?
options:
- etcd
- Kubernetes
- In-memory
- Postgres
- MySQL
- SQLite
validations:
required: true
- type: dropdown
attributes:
label: Installation Type
description: How did you install Dex?
options:
- Binary
- Official container image
- Official Helm chart
- Custom container image
- Custom Helm chart
- Other (specify below)
multiple: true
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: A clear and concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual Behavior
description: A clear description of what actually happens.
validations:
required: true
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior if it is not self-explanatory.
placeholder: |
1. In this environment...
2. With this config...
3. Run '...'
4. See error...
- type: textarea
attributes:
label: Additional Information
description: Links? References? Anything that will give us more context about the issue that you are encountering!
- type: textarea
attributes:
label: Configuration
description: Contents of your configuration file (if relevant).
render: yaml
placeholder: |
issuer: http://127.0.0.1:5556/dex

storage:
# ...

connectors:
# ...

staticClients:
# ...
- type: textarea
attributes:
label: Logs
description: Dex application logs (if relevant).
render: shell
21 changes: 21 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
blank_issues_enabled: false
contact_links:
- name: 📖 Documentation enhancement
url: https://github.com/dexidp/website/issues
about: Suggest an improvement to the documentation

- name: ❓ Ask a question
url: https://github.com/dexidp/dex/discussions/new?category=q-a
about: Ask and discuss questions with other Dex community members

- name: 📚 Documentation
url: https://dexidp.io/docs/
about: Check the documentation for help

- name: 💬 Slack channel
url: https://cloud-native.slack.com/messages/dexidp
about: Please ask and answer questions here

- name: 💡 Dex Enhancement Proposal
url: https://github.com/dexidp/dex/tree/master/docs/enhancements/README.md
about: Open a proposal for significant architectural change
40 changes: 40 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: 🎉 Feature request
description: Suggest an idea for Dex
body:
- type: markdown
attributes:
value: |
Thank you for submitting a feature request!

Please describe what you would like to change/add and why in detail by filling out the template below.

If you are not sure if your request fits into Dex, you can contact us via the available [support channels](https://github.com/dexidp/dex/issues/new/choose).
- type: checkboxes
attributes:
label: Preflight Checklist
description: Please ensure you've completed all of the following.
options:
- label: I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
required: true
- label: I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
required: true
- type: textarea
attributes:
label: Problem Description
description: A clear and concise description of the problem you are seeking to solve with this feature request.
validations:
required: true
- type: textarea
attributes:
label: Proposed Solution
description: A clear and concise description of what would you like to happen.
validations:
required: true
- type: textarea
attributes:
label: Alternatives Considered
description: A clear and concise description of any alternative solutions or features you've considered.
- type: textarea
attributes:
label: Additional Information
description: Add any other context about the problem here.
23 changes: 23 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<!--
Thank you for sending a pull request! Here are some tips for contributors:

1. Fill the description template below.
2. Sign a DCO (if you haven't already signed it).
3. Include appropriate tests (if necessary). Make sure that all CI checks passed.
4. If the Pull Request is a work in progress, make use of GitHub's "Draft PR" feature and mark it as such.
-->

#### Overview

<!-- Describe your changes briefly here. -->

#### What this PR does / why we need it

<!--
- Please state in detail why we need this PR and what it solves.
- If your PR closes some of the existing issues, please add links to them here.
Mentioned issues will be automatically closed.
Usage: "Closes #<issue number>", or "Closes (paste link of issue)"
-->

#### Special notes for your reviewer
24 changes: 24 additions & 0 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Security Policy

## Reporting a vulnerability

To report a vulnerability, send an email to [cncf-dex-maintainers@lists.cncf.io](mailto:cncf-dex-maintainers@lists.cncf.io)
detailing the issue and steps to reproduce. The reporter(s) can expect a
response within 48 hours acknowledging the issue was received. If a response is
not received within 48 hours, please reach out to any maintainer directly
to confirm receipt of the issue.

## Review Process

Once a maintainer has confirmed the relevance of the report, a draft security
advisory will be created on GitHub. The draft advisory will be used to discuss
the issue with maintainers, the reporter(s).
If the reporter(s) wishes to participate in this discussion, then provide
reporter GitHub username(s) to be invited to the discussion. If the reporter(s)
does not wish to participate directly in the discussion, then the reporter(s)
can request to be updated regularly via email.

If the vulnerability is accepted, a timeline for developing a patch, public
disclosure, and patch release will be determined. The reporter(s) are expected
to participate in the discussion of the timeline and abide by agreed upon dates
for public disclosure.
41 changes: 41 additions & 0 deletions .github/dependabot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
version: 2

updates:
- package-ecosystem: "gomod"
directory: "/"
labels:
- "area/dependencies"
schedule:
interval: "daily"
groups:
etcd:
patterns:
- "go.etcd.io/*"

- package-ecosystem: "gomod"
directory: "/api/v2"
labels:
- "area/dependencies"
schedule:
interval: "daily"

- package-ecosystem: "gomod"
directory: "/examples"
labels:
- "area/dependencies"
schedule:
interval: "daily"

- package-ecosystem: "docker"
directory: "/"
labels:
- "area/dependencies"
schedule:
interval: "daily"

- package-ecosystem: "github-actions"
directory: "/"
labels:
- "area/dependencies"
schedule:
interval: "daily"
30 changes: 30 additions & 0 deletions .github/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
changelog:
exclude:
labels:
- release-note/ignore
categories:
- title: Exciting New Features 🎉
labels:
- kind/feature
- release-note/new-feature
- title: Enhancements 🚀
labels:
- kind/enhancement
- release-note/enhancement
- title: Bug Fixes 🐛
labels:
- kind/bug
- release-note/bug-fix
- title: Breaking Changes 🛠
labels:
- release-note/breaking-change
- title: Deprecations ❌
labels:
- release-note/deprecation
- title: Dependency Updates ⬆️
labels:
- area/dependencies
- release-note/dependency-update
- title: Other Changes
labels:
- "*"
47 changes: 47 additions & 0 deletions .github/workflows/analysis-scorecard.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: OpenSSF Scorecard

on:
branch_protection_rule:
push:
branches: [ main ]
schedule:
- cron: '30 0 * * 5'

permissions:
contents: read

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

permissions:
actions: read
contents: read
id-token: write
security-events: write

steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- name: Run analysis
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true

- name: Upload results as artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: OpenSSF Scorecard results
path: results.sarif
retention-days: 5

- name: Upload results to GitHub Security tab
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v3.29.5
with:
sarif_file: results.sarif
Loading