0
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-14 22:45:31 +01:00
gitea/tests
Shivaram Lingamneni 2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
..
e2e Add typescript guideline and typescript-specific eslint plugins and fix issues (#31521) 2024-07-03 17:48:14 +02:00
fuzz Rework markup link rendering (#26745) 2024-01-15 08:49:24 +00:00
gitea-lfs-meta
gitea-repositories-meta Use raw Wiki links for non-renderable Wiki files (#30273) 2024-04-10 17:49:57 +00:00
integration fix OIDC introspection authentication (#31632) 2024-07-23 12:43:03 +00:00
testdata/data/attachments/a/0
mssql.ini.tmpl Azure blob storage support (#30995) 2024-05-30 07:33:50 +00:00
mysql.ini.tmpl
pgsql.ini.tmpl Azure blob storage support (#30995) 2024-05-30 07:33:50 +00:00
sqlite.ini.tmpl
test_utils.go Add some tests to clarify the "must-change-password" behavior (#30693) 2024-04-27 12:23:37 +00:00