Embed Dex as a built-in IdP to simplify self-hosting setup.
Adds an embedded OIDC Identity Provider (Dex) with local user management and optional external IdP connectors (Google/GitHub/OIDC/SAML), plus device-auth flow for CLI login. Introduces instance onboarding/setup endpoints (including owner creation), field-level encryption for sensitive user data, a streamlined self-hosting provisioning script, and expanded APIs + test coverage for IdP management.
more at https://github.com/netbirdio/netbird/pull/5008#issuecomment-3718987393
Upgrade Go toolchain and golang.org/x/* deps to 1.24.10, standardize GitHub Actions to derive Go version from go.mod and adjust checkout ordering, raise WASM size limit to 55 MB, update FreeBSD tarball and gomobile refs, fix a few format-string/logging calls, treat usernames ending with $ as system accounts, and add Windows tests.
* Open quick settings window if netbird-ui is already running
* [client-ui] fix connection status comparison
* [client-ui] modularize quick actions code
* [client-ui] add netbird-disconnected logo
* [client-ui] change quickactions UI
It now displays the NetBird logo and a single button
with a round icon
* [client-ui] add hint message to quick actions screen
This also updates fyne to v2.7.0
* [client-ui] remove unnecessary default clause
* [client-ui] remove commented code
* [client-ui] remove unused dependency
* [client-ui] close quick actions on connection change
* [client-ui] add function to get image from embed resources
* [client] Return error when calling sendShowWindowSignal from Windows
* [client-ui] Add commentary on empty OnTapped function for toggleConnectionButton
* [client-ui] Fix tests
* [client-ui] Add context to menuUpClick call
* [client-ui] Pass serviceClient app as parameter
To use its clipboard rather than the window's when showing
the upload success dialog
* [client-ui] Replace for select with for range chan
* [client-ui] Replace settings change listener channel
Settings now accept a function callback
* [client-ui] Add missing iconAboutDisconnected to icons_windows.go
* [client] Add quick actions signal handler for Windows with named events
* [client] Run go mod tidy
* [client] Remove line break
* [client] Log unexpected status in separate function
* [client-ui] Refactor quick actions window
To address racing conditions, it also replaces
usage of pause and resume channels with an
atomic bool.
* [client-ui] use derived context from ServiceClient
* [client] Update signal_windows log message
Also, format error when trying to set event on
sendShowWindowSignal
* go mod tidy
* [client-ui] Add struct to pass fewer parameters
to applyQuickActionsUiState function
* [client] Add missing import
---------
Co-authored-by: Viktor Liu <viktor@netbird.io>
Deduplicate STUN package sending.
Originally, because every peer shared the same UDP address, the library could not distinguish which STUN message was associated with which candidate. As a result, the Pion library responded from all candidates for every STUN message.
This PR adds a validate flow response feature to the management server by integrating an IntegratedValidator component. The main purpose is to enable validation of PKCE authorization flows through an integrated validator interface.
- Adds a new ValidateFlowResponse method to the IntegratedValidator interface
- Integrates the validator into the management server to validate PKCE authorization flows
- Updates dependency version for management-integrations
Add an upload bundle option with the flag --upload-bundle; by default, the upload will use a NetBird address, which can be replaced using the flag --upload-bundle-url.
The upload server is available under the /upload-server path. The release change will push a docker image to netbirdio/upload image repository.
The server supports using s3 with pre-signed URL for direct upload and local file for storing bundles.
This PR fixes configuration inconsistencies and updates the store engine type usage throughout the management code. Key changes include:
- Replacing outdated server.Config references with types.Config and updating related flag variables (e.g. types.MgmtConfigPath).
- Converting engine constants (SqliteStoreEngine, PostgresStoreEngine, MysqlStoreEngine) to use types.Engine for consistent type–safety.
- Adjusting various test and migration code paths to correctly reference the new configuration and engine types.
