matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,166 Commits 59 Branches 22 Tags
7d9d97a006fd5104c4dc156b91cfe98d3f213b79
Commit Graph

325 Commits

Author SHA1 Message Date
Quentin Gliech
e2142f9cd4 Database refactoring 2022-11-02 18:59:00 +01:00
Kévin Commaille
51515358f7 Make more enum types accept unknown values 2022-10-17 14:15:35 +02:00
Quentin Gliech
fc5c8314b5 Fix handlers tests 2022-10-17 11:39:45 +02:00
Quentin Gliech
84ac87f551 WIP: better listeners 
- listen on UNIX domain sockets
- handle TLS stuff
- allow mounting only some resources
 2022-10-17 11:39:45 +02:00
Quentin Gliech
7fbfb74a5e WIP: better HTTP listeners 2022-10-17 11:39:45 +02:00
Quentin Gliech
93ce5c797c Mount the static assets on /assets 2022-10-17 11:39:45 +02:00
Kévin Commaille
80d317f23c Add variants for unknown values on mas-iana types 
Remove the Copy derive and mark enums as non-exhaustive.
 2022-09-28 13:43:39 +02:00
Kévin Commaille
1bbd2c2970 Allow access token types in introspection auth methods 2022-09-27 19:11:32 +02:00
Kévin Commaille
19721959f8 Export list of supported algorithms from mas-jose 2022-09-16 11:48:06 +02:00
Quentin Gliech
6cff677550 Properly advertise all the supported JWT verification algorithms 2022-09-13 15:19:19 +02:00
Kévin Commaille
fca6cfa393 Use ResponseType that doesn't care about tokens order 2022-09-13 15:15:30 +02:00
Kévin Commaille
0452ac10e6 Move claim hash token function to mas-jose crate 
Change the hash function according to the signature algorithm,
according to the OpendID Connect spec.
 2022-09-06 14:15:05 +02:00
Quentin Gliech
36668d9b91 Move the healthcheck route to the API router 2022-09-06 13:11:54 +02:00
Quentin Gliech
fa47f6e150 Upgrade axum to 0.6.0-rc.1 2022-09-06 13:11:54 +02:00
Quentin Gliech
cc6c6e8bdb Remove the config dependency from the email, templates & handlers crates 2022-09-02 16:01:11 +02:00
Quentin Gliech
1f0e273ac3 JWT response wrapper 
Helps replying with a JWT to a request, with a
`Content-Type: application/jwt` header
 2022-09-02 15:37:46 +02:00
Quentin Gliech
b9e46dfc55 Some cleanups 2022-09-02 15:37:46 +02:00
Quentin Gliech
8c25dc03ce Move the Encrypter from the config to the keystore 2022-09-02 15:37:46 +02:00
Quentin Gliech
e1d50b818e Add a dedicated keystore crate 2022-09-02 15:37:46 +02:00
Quentin Gliech
2c400d4cc1 Get rid of legacy JWKS store 2022-09-02 15:37:46 +02:00
Quentin Gliech
ca125a14c5 WIP: better JOSE 2022-09-02 15:37:46 +02:00
Quentin Gliech
495285162b Remove support for the token response type 2022-09-02 13:59:10 +02:00
Kévin Commaille
7b281f4c21 Improve docs and spec compliance of oauth2-types requests 2022-09-02 11:25:21 +02:00
Kévin Commaille
ee47c821e3 Use an enum for client error codes 
Replace the ClientError constants with From<ClientErrorCode>.
 2022-09-01 17:59:37 +02:00
Kévin Commaille
e202c3dd6d Allow to validate client metadata 
According to OpenID Connect Dynamic Client Registration Spec 1.0.
Introduce VerifiedClientMetadata.
 2022-08-19 13:58:43 +02:00
Kévin Commaille
222551ad7f Allow to validate provider metadata 
According to the OpenID Connect Discovery 1.0 spec.
Provide the default values for fields when they are defined.
Introduce VerifiedProviderMetadata.
Rename Metadata to ProviderMetadata.
Implement Deserialize for ProviderMetadata.
 2022-08-11 17:20:17 +02:00
Quentin Gliech
c1ed726dc8 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
Quentin Gliech
2e2c3d54a6 Test HTTP handlers 2022-08-05 09:48:02 +02:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
ba6a382f2c Authorization grant policy (#288) 
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
 2022-07-21 16:18:59 +00:00
Quentin Gliech
a263330ea5 Stop generating the device ID automatically (#285) 2022-07-21 16:34:55 +01:00
Hugh Nimmo-Smith
0e21f00d17 Return reason for invalid_client_metadata in HTTP response (#298) 2022-07-08 21:11:54 +00:00
Quentin Gliech
4870d1e899 Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00
Hugh Nimmo-Smith
50af460e22 Use unstable prefix for MSC3824 (#251) 2022-06-19 18:37:50 +00:00
Hugh Nimmo-Smith
9e3f43f1f0 Move from MSC3824 actions to org.matrix.msc3824.delegated_oidc_compatibility flag (#250) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-15 15:49:03 +00:00
Hugh Nimmo-Smith
5632f6ba99 feat: support for MSC3824 action param on SSO redirect (#248) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-14 11:34:56 +00:00
Quentin Gliech
e694932daf Handle password strength verification through OPA 2022-06-03 16:14:26 +02:00
Quentin Gliech
7c8893e596 Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
071055ad18 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
a2b53f0395 Run OPA policies during registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
aab1f49374 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
e0c4b39482 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
125afd61c0 Make email verification mandatory 2022-06-02 16:18:55 +02:00
Quentin Gliech
89597dbf81 Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith
35fa7c732a Implementation of MSC3824 actions for compat (#221) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-05-31 09:49:52 +00:00
Quentin Gliech
bfc20b6faa Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
Quentin Gliech
f05bd80e14 Advertise m.login.token as compat login method 2022-05-23 10:42:25 +02:00
Quentin Gliech
99ac59bc5d Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00