6 Commits

Author	SHA1	Message	Date
jyio	ba14a1bea7	OIDC: Support overriding end_session_endpoint using environment variable GRIST_OIDC_IDP_END_SESSION_ENDPOINT (#802) ... Support overriding `end_session_endpoint` using environment variable `GRIST_OIDC_IDP_END_SESSION_ENDPOINT`	2024-01-03 15:49:32 -05:00
jyio	0fc3f80ff0	Rename endSessionEndpoint flag to skipEndSessionEndpoint (#793)	2023-12-17 15:10:10 -05:00
Florent	1fec674d28	OIDC: ensure that email_veridied is set by default (#765) ... Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>	2023-11-22 14:58:29 -05:00
Florent	f8c6892643	OIDC allow to configure name and email attrs, and to skipp end session endpoint (#746) ... * support GRIST_OIDC_SP_PROFILE_NAME_ATTR, defaulting to the concatenation of "given_name" + "family_name" or the "name" attribute. * support GRIST_OIDC_SP_PROFILE_EMAIL_ATTR, defaulting to "email". * support GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT: If set to "true", will not attempt to call the IdP's end_session_endpoint. Fail early if the endpoint does not exist, and this variable isn't set. The last part is because some IdPs like Gitlab do not provide end_session_endpoint. In such cases, GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT=true should be set to have the Grist logout button only log out of Grist, and not out of the IdP. --------- Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>	2023-11-21 15:20:40 -05:00
Florent	e8789e6531	Issue 740 OIDC login redirect (#742) ... * Fix OIDC redirects from team site to personal page after login #740 Also: - compare state in session and state passed through parameters (otherwise the state won't have any effect regarding the security). - delete the session even after an authentication failure * More logs for OIDC #740 --------- Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>	2023-11-15 09:23:32 -05:00
Florent	a4998b4b21	Add native OIDC support in Grist #707 (#717)	2023-11-09 14:56:39 -05:00