* [idp] Add email to ID token
* [idp] Claim that the email is verified
which is a valid claim because it's verified by the original IDP,
and this is not the user-editable value.
* Incorporate review feedback
* [papi] Add `verified` flag to config and `ActivateClientConfig` to OIDC service
* [papi] implement `ActivateClientConfig`
* [gitpod-db/go] add `setClientConfigVerifiedFlag`
* [gitpod-db/migration] add `d_b_oidc_client_config.verified` field
* [papi] Don't deactive on UpdateClientConfig
* [gitpod-db/go] add missing `Verified` field
* On "activate" request also mark as verified.
* [gitpod-db/go] fix mapping of `Verified` field
* [papi] ensure only verified OIDC client configs can be activated
* [papi] Skip the sign-in on verify-only requests.
* [papi] fix skipped tests
* [papi] fix mapping of OIDC configs
* rename RPC method
* fix tests after adding validation of claims
* fix: activation of record should deactivate others
* fix: update should unverify the entry
* remove Debug()
* [db-migration] fix: mark active entries as verified
* [papi] validate ID token claims
Some claims (e.g. email, name) are required. While it's defaults with most IdPs, some require manual configuration to make those claims appear in ID tokens.
* add test cases
* [gitpod-db] Add `d_b_oidc_client_config.active` field
* [papi] Add OIDCClientConfig.active to proto def
* [gitpod-db] Add OIDCClientConfig.active
* [papi] Add `activate` param to `/oidc/start` endpoint handler
If provided it should mark the OIDC client config as `active` in the DB.
* Fix propagation of state params and add tests.
* fix import of deprecated ioutil
* refactor GetStartParams
* consider `activate` from create request
* Add new github action to update container images digest
* Add latest tag to dockerfiles
* Update .github/workflows/update-image-digest.yml
Co-authored-by: Milan Pavlik <milan@gitpod.io>
---------
Co-authored-by: Milan Pavlik <milan@gitpod.io>
* Update go dependencies
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Update runc to v1.1.5
* Update docker cli to v23.0.2+incompatible
---------
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* [experiment] Add "Sign in with SSO" to Login
Reusing existing parts:
* `/complete-auth` page of Dashbaord to forward results of authN flows running in a modal
* Adding preliminary UI to the Login view: Org-slug and simple button.
* [gitpod-db] get team/org by slug
* [gitpod-db] fix OIDCClientConfig.OrganizationID field's type
* [oidc] consider returnTo URL
* [oidc] consider orgSlug param from start request
* [oidc] fix oauth2 clientId propagation
* [oidc] fix a flaky test
* [onboarding] skip for organizational accounts
* Move SSO Login UI into it's own component
* adjust validation a bit, add useCallbacks
* adding GetOIDCClientConfigByOrgSlug
* add table name
* removing commented out code
---------
Co-authored-by: Brad Harris <bmharris@gmail.com>
* Breaking SSO page into components & react-query
* wrapper component not needed anymore
* position off of bottom instead
* add a heading/subheading for consistency
* add clientside validation
* adding oidcConfig.issuer to api response
* updating test
* minor cleanup
