kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-05 09:55:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
27,417 Commits 1 Branch 0 Tags
65c7f34f2d4c92ffbb51646aacc264f8db33cc06
Commit Graph

3 Commits

Author SHA1 Message Date
Daniel Bennett
6a06653032 auth: decrease size of oidc request cache (#25371) 
if the auth-url api is getting DOS'd,
then we do not expect it to still function;
we only protect the rest of the system.

users will need to use a break-glass ACL
token if they need Nomad UI/API access
during such a denial of service.
 2025-03-12 12:37:47 -05:00
Daniel Bennett
38f063a341 auth: oidc request lru cache (#25336) 
use hashicorp/golang-lru instead of my hand-rolled cache
 2025-03-11 08:46:23 -05:00
Daniel Bennett
8e56805fea oidc: support PKCE and client assertion / private key JWT (#25231) 
PKCE is enabled by default for new/updated auth methods.
 * ref: https://oauth.net/2/pkce/

Client assertions are an optional, more secure replacement for client secrets
 * ref: https://oauth.net/private-key-jwt/

a change to the existing flow, even without these new options,
is that the oidc.Req is retained on the Nomad server (leader)
in between auth-url and complete-auth calls.

and some fields in auth method config are now more strictly required.
 2025-03-10 13:32:53 -05:00