sso-server issueshttps://git.autistici.org/id/sso-server/-/issues2022-02-06T10:46:18Zhttps://git.autistici.org/id/sso-server/-/issues/4Add "Authentication expired" error message2022-02-06T10:46:18ZaleAdd "Authentication expired" error messageCurrently all auth errors are presented to the user as "Authentication failed", which is a bit hostile in the re-authentication case. A better error message for the "token expired" case would be nice.Currently all auth errors are presented to the user as "Authentication failed", which is a bit hostile in the re-authentication case. A better error message for the "token expired" case would be nice.https://git.autistici.org/id/sso-server/-/issues/3Replace regex-based HTML parsing with a proper high-level parser in tests2022-02-06T10:44:06ZaleReplace regex-based HTML parsing with a proper high-level parser in testshttps://git.autistici.org/id/sso-server/-/issues/1Dependency Dashboard2024-03-04T19:35:55ZrenovateDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Rate-Limited
These updates are currently rate-limited. Click on a...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Rate-Limited
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
- [ ] <!-- unlimit-branch=renovate/mini-css-extract-plugin-2.x -->Update dependency mini-css-extract-plugin to v2.8.1
## Edited/Blocked
These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.
- [ ] <!-- rebase-branch=renovate/golang.org-x-crypto-0.x -->[Update module golang.org/x/crypto to v0.21.0](!64)
## Open
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
- [ ] <!-- rebase-branch=renovate/github.com-duo-labs-webauthn-digest -->[Update github.com/duo-labs/webauthn digest to ebaf9b7](!88)
- [ ] <!-- rebase-branch=renovate/github.com-crewjam-saml-0.x -->[Update module github.com/crewjam/saml to v0.4.14](!98)
- [ ] <!-- rebase-branch=renovate/bootstrap-5.x -->[Update dependency bootstrap to v5.3.3](!93)
- [ ] <!-- rebase-branch=renovate/css-loader-6.x -->[Update dependency css-loader to v6.10.0](!102)
- [ ] <!-- rebase-branch=renovate/html-webpack-plugin-5.x -->[Update dependency html-webpack-plugin to v5.6.0](!101)
- [ ] <!-- rebase-branch=renovate/github.com-oschwald-maxminddb-golang-1.x -->[Update module github.com/oschwald/maxminddb-golang to v1.12.0](!95)
- [ ] <!-- rebase-branch=renovate/github.com-prometheus-client_golang-1.x -->[Update module github.com/prometheus/client_golang to v1.19.0](!34)
- [ ] <!-- rebase-branch=renovate/opentelemetry-go-monorepo -->[Update opentelemetry-go monorepo to v1.24.0](!61) (`go.opentelemetry.io/otel`, `go.opentelemetry.io/otel/trace`)
- [ ] <!-- rebase-branch=renovate/glob-10.x -->[Update dependency glob to v10](!85)
- [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open MRs at once**
## Detected dependencies
<details><summary>gomod</summary>
<blockquote>
<details><summary>go.mod</summary>
- `go 1.14`
- `git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6@b3aa3fb514d6`
- `git.autistici.org/id/auth v0.0.0-20230817085209-0fd54184239d@0fd54184239d`
- `git.autistici.org/id/go-sso v0.0.0-20230822064459-ed921a53bb33@ed921a53bb33`
- `git.autistici.org/id/keystore v0.0.0-20230901162242-63f23c4799e9@63f23c4799e9`
- `git.autistici.org/id/usermetadb v0.0.0-20230817075814-ec109f54aa90@ec109f54aa90`
- `github.com/crewjam/saml v0.4.13`
- `github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499@03696f3d4499`
- `github.com/elazarl/go-bindata-assetfs v1.0.1`
- `github.com/gorilla/csrf v1.7.2`
- `github.com/gorilla/mux v1.8.1`
- `github.com/gorilla/securecookie v1.1.2`
- `github.com/mssola/user_agent v0.6.0`
- `github.com/oschwald/maxminddb-golang v1.10.0`
- `github.com/prometheus/client_golang v1.12.2`
- `github.com/rs/cors v1.10.1`
- `github.com/yl2chen/cidranger v1.0.2`
- `go.opentelemetry.io/otel v1.10.0`
- `go.opentelemetry.io/otel/trace v1.10.0`
- `golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90@c86fa9a7ed90`
- `gopkg.in/yaml.v3 v3.0.1`
</details>
</blockquote>
</details>
<details><summary>npm</summary>
<blockquote>
<details><summary>ui/package.json</summary>
- `@popperjs/core 2.11.8`
- `base64-js 1.5.1`
- `bootstrap 5.2.3`
- `css-loader 6.8.1`
- `extract-loader 5.1.0`
- `glob 8.1.0`
- `html-webpack-plugin 5.5.3`
- `mini-css-extract-plugin 2.7.6`
- `purgecss-webpack-plugin 5.0.0`
- `webpack-subresource-integrity 5.1.0`
</details>
</blockquote>
</details>https://git.autistici.org/id/sso-server/-/issues/9Remove private attributes from Config2023-06-07T09:54:12ZaleRemove private attributes from ConfigThe Compile() idiom is ugly. Create appropriate runtime types and corresponding Parse() functions.The Compile() idiom is ugly. Create appropriate runtime types and corresponding Parse() functions.https://git.autistici.org/id/sso-server/-/issues/10Implement forced user workflows2023-06-07T09:54:21ZaleImplement forced user workflowsSometimes we want to force the user onto a particular workflow on login (canonical example: mandating a password change), this should be implemented in the login server (call to accountserver?).Sometimes we want to force the user onto a particular workflow on login (canonical example: mandating a password change), this should be implemented in the login server (call to accountserver?).https://git.autistici.org/id/sso-server/-/issues/8Drop nonce from the /exchange endpoint2023-06-07T09:53:25ZaleDrop nonce from the /exchange endpointIt's silly for it to be there - it's just to satisfy the underlying sso API requirements.It's silly for it to be there - it's just to satisfy the underlying sso API requirements.https://git.autistici.org/id/sso-server/-/issues/7Consider moving /exchange to a separate HTTPS address2023-06-07T09:53:18ZaleConsider moving /exchange to a separate HTTPS addressMight make it easier to isolate traffic flows that way -- are exchange requests only internal?Might make it easier to isolate traffic flows that way -- are exchange requests only internal?