matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,449 Commits 59 Branches 22 Tags
4d3efeb25b85b8e211c19d434be89233b71837cf
Commit Graph

356 Commits

Author SHA1 Message Date
Quentin Gliech
23fd833d45 Save the post auth action during upstream OAuth login 2022-12-05 19:39:51 +01:00
Quentin Gliech
4d93f4d4f0 Refactor the upstream oauth session cookie 2022-12-05 19:39:51 +01:00
Quentin Gliech
989e464dd0 WIP: Provider list on the login page 2022-12-05 19:39:51 +01:00
Quentin Gliech
2e7112ef13 GraphQL API 2022-12-05 19:39:51 +01:00
Quentin Gliech
07636dd9e7 Tidy up upstream linking templates 2022-12-05 19:39:51 +01:00
Quentin Gliech
fcb6190a56 Simplify route error handling 2022-12-05 19:39:51 +01:00
Quentin Gliech
28bfce7e45 Save the ID token during an upstream authorization 2022-12-05 19:39:51 +01:00
Quentin Gliech
bf432a31e1 OIDC account linking and login 2022-12-05 19:39:51 +01:00
Quentin Gliech
22a337cd45 WIP: handle account linking 2022-12-05 19:39:51 +01:00
Quentin Gliech
cde9187adc Lookup and save upstream links 2022-12-05 19:39:51 +01:00
Quentin Gliech
4227fa7a83 Add a global HTTP client factory 2022-12-05 19:39:51 +01:00
Quentin Gliech
16088fc11c Refactor the provider client credentials extraction 2022-12-05 19:39:51 +01:00
Quentin Gliech
bedcf44741 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
Quentin Gliech
95a879585b Make the OIDC issuer a string instead of a URL 2022-12-02 18:04:07 +01:00
Quentin Gliech
0ca4366f75 Use associated error type in claims validator instead of anyhow. 2022-12-01 14:34:19 +01:00
Quentin Gliech
809f836bb4 Migrate to axum 0.6.0-rc.5 2022-11-21 15:04:16 +01:00
Quentin Gliech
9c0ece7512 Do not embed the templates and static files in the binary 2022-11-18 22:37:55 +01:00
Quentin Gliech
834214bcac Do not embed the WASM-compiled policies in the binary 2022-11-18 22:37:55 +01:00
Quentin Gliech
c76a1dd2e7 Bump the latest axum rc 2022-11-18 14:57:22 +01:00
Quentin Gliech
78778648ca Allow fetching more nodes by their IDs 2022-11-18 13:43:01 +01:00
Quentin Gliech
13c7d2772f Move the GraphQL schema to its own crate 2022-11-09 19:17:12 +01:00
Quentin Gliech
c13b0478e6 Initial GraphQL API 2022-11-09 19:17:12 +01:00
Quentin Gliech
eeb442b6d0 Bump rustc to 1.65 2022-11-03 21:56:58 +01:00
Quentin Gliech
ba3379434d Generate a random secret on client registration 2022-11-02 18:59:00 +01:00
Quentin Gliech
8ccc23cc47 Better userinfo error codes 2022-11-02 18:59:00 +01:00
Quentin Gliech
2d2127dcdb More cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
368a9282a1 Cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
b7c50b5403 Pass time and RNG in CSRF verification methods 2022-11-02 18:59:00 +01:00
Quentin Gliech
f1aa42fae4 Disallow Ulid generation without explicit timestamp and rng 2022-11-02 18:59:00 +01:00
Quentin Gliech
559181c2c3 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
5580179537 Better logging of user-related DB operations 
Also fixes a bug where the user would get redirected to the wrong URL
for verifying their email address
 2022-11-02 18:59:00 +01:00
Quentin Gliech
e2142f9cd4 Database refactoring 2022-11-02 18:59:00 +01:00
Kévin Commaille
51515358f7 Make more enum types accept unknown values 2022-10-17 14:15:35 +02:00
Quentin Gliech
fc5c8314b5 Fix handlers tests 2022-10-17 11:39:45 +02:00
Quentin Gliech
84ac87f551 WIP: better listeners 
- listen on UNIX domain sockets
- handle TLS stuff
- allow mounting only some resources
 2022-10-17 11:39:45 +02:00
Quentin Gliech
7fbfb74a5e WIP: better HTTP listeners 2022-10-17 11:39:45 +02:00
Quentin Gliech
93ce5c797c Mount the static assets on /assets 2022-10-17 11:39:45 +02:00
Kévin Commaille
80d317f23c Add variants for unknown values on mas-iana types 
Remove the Copy derive and mark enums as non-exhaustive.
 2022-09-28 13:43:39 +02:00
Kévin Commaille
1bbd2c2970 Allow access token types in introspection auth methods 2022-09-27 19:11:32 +02:00
Kévin Commaille
19721959f8 Export list of supported algorithms from mas-jose 2022-09-16 11:48:06 +02:00
Quentin Gliech
6cff677550 Properly advertise all the supported JWT verification algorithms 2022-09-13 15:19:19 +02:00
Kévin Commaille
fca6cfa393 Use ResponseType that doesn't care about tokens order 2022-09-13 15:15:30 +02:00
Kévin Commaille
0452ac10e6 Move claim hash token function to mas-jose crate 
Change the hash function according to the signature algorithm,
according to the OpendID Connect spec.
 2022-09-06 14:15:05 +02:00
Quentin Gliech
36668d9b91 Move the healthcheck route to the API router 2022-09-06 13:11:54 +02:00
Quentin Gliech
fa47f6e150 Upgrade axum to 0.6.0-rc.1 2022-09-06 13:11:54 +02:00
Quentin Gliech
cc6c6e8bdb Remove the config dependency from the email, templates & handlers crates 2022-09-02 16:01:11 +02:00
Quentin Gliech
1f0e273ac3 JWT response wrapper 
Helps replying with a JWT to a request, with a
`Content-Type: application/jwt` header
 2022-09-02 15:37:46 +02:00
Quentin Gliech
b9e46dfc55 Some cleanups 2022-09-02 15:37:46 +02:00
Quentin Gliech
8c25dc03ce Move the Encrypter from the config to the keystore 2022-09-02 15:37:46 +02:00
Quentin Gliech
e1d50b818e Add a dedicated keystore crate 2022-09-02 15:37:46 +02:00