Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy using TLS unless --no-tls flag is set #2

Closed
bobbyrullo opened this issue Aug 17, 2015 · 2 comments
Closed

Deploy using TLS unless --no-tls flag is set #2

bobbyrullo opened this issue Aug 17, 2015 · 2 comments
Labels
kind/enhancement

Comments

@bobbyrullo
Copy link
Contributor

Issue by bcwaldon
Tuesday Nov 11, 2014 at 21:16 GMT
Originally opened as https://github.com/coreos-inc/auth/issues/26

TLS is absolutely necessary to protect the transmission of client secrets. However, there are two primary use-cases for not deploying authd with TLS:

  1. development - it can be a pain to deploy services with TLS in dev environments
  2. load-balancer - it is common to terminate SSL/TLS at a load balancer

Together, these use-cases add an interesting requirement: the ability to advertise HTTP vs HTTPS in the ProviderConfig. If TLS is completely off (the development use-case), then the ProviderConfig should advertise its endpoints using HTTP. If TLS is in use between clients and the load balancer, the ProviderConfig should still advertise HTTPS, but authd actually has nothing to do with TLS.
@bobbyrullo
Copy link
Contributor Author

Comment by bcwaldon
Friday Nov 14, 2014 at 21:51 GMT

We can actually punt on TLS as our preferred deployment model incorporates SSL-termination an external LB. As long as we have #51, this can wait.

@bobbyrullo
Copy link
Contributor Author

Comment by bcwaldon
Tuesday Dec 09, 2014 at 22:12 GMT

Removing this for now as our use case does not require native TLS

bcwaldon added a commit to bcwaldon/dex that referenced this issue Dec 10, 2015
@bcwaldon
Merge pull request dexidp#2 from bcwaldon/bindings
d9b000f 
housekeeping
kpschuck pushed a commit to kpschuck/dex that referenced this issue Jul 10, 2018
@paroque28
Merge pull request dexidp#2 from paroque28/ldap
4d67477 
Ldap group unit testing with travis
wolfeidau pushed a commit to wolfeidau/dex that referenced this issue Mar 14, 2020
@justin-slowik @wolfeidau
Device flow token code exchange (dexidp#2)
a3c8eaf 
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry
JoelSpeed pushed a commit that referenced this issue Aug 28, 2020
@justin-slowik
Device flow token code exchange (#2)
9bbdc72 
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
rene-dekker referenced this issue in rene-dekker/dex Jul 25, 2022
@freecaykes
[CHERRY-PICK] Porting web pkg with Calico branding to master (#2)
05a787a 
* feat(web): porting calico web branding

* feat(Makefile): add tag for image

* fix(Makefile): using extra tags var
@renovate renovate bot mentioned this issue Feb 8, 2024
Open
1 task
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bobbyrullo