matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
1,308 Commits 59 Branches 22 Tags
859c4486bbcb35e5ffb10a9c1cf7a338409d24e6
Commit Graph

240 Commits

Author SHA1 Message Date
Quentin Gliech
9c0ece7512 Do not embed the templates and static files in the binary 2022-11-18 22:37:55 +01:00
Quentin Gliech
834214bcac Do not embed the WASM-compiled policies in the binary 2022-11-18 22:37:55 +01:00
Quentin Gliech
c76a1dd2e7 Bump the latest axum rc 2022-11-18 14:57:22 +01:00
Quentin Gliech
78778648ca Allow fetching more nodes by their IDs 2022-11-18 13:43:01 +01:00
Quentin Gliech
13c7d2772f Move the GraphQL schema to its own crate 2022-11-09 19:17:12 +01:00
Quentin Gliech
c13b0478e6 Initial GraphQL API 2022-11-09 19:17:12 +01:00
Quentin Gliech
eeb442b6d0 Bump rustc to 1.65 2022-11-03 21:56:58 +01:00
Quentin Gliech
ba3379434d Generate a random secret on client registration 2022-11-02 18:59:00 +01:00
Quentin Gliech
8ccc23cc47 Better userinfo error codes 2022-11-02 18:59:00 +01:00
Quentin Gliech
2d2127dcdb More cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
368a9282a1 Cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
b7c50b5403 Pass time and RNG in CSRF verification methods 2022-11-02 18:59:00 +01:00
Quentin Gliech
f1aa42fae4 Disallow Ulid generation without explicit timestamp and rng 2022-11-02 18:59:00 +01:00
Quentin Gliech
559181c2c3 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
5580179537 Better logging of user-related DB operations 
Also fixes a bug where the user would get redirected to the wrong URL
for verifying their email address
 2022-11-02 18:59:00 +01:00
Quentin Gliech
e2142f9cd4 Database refactoring 2022-11-02 18:59:00 +01:00
Kévin Commaille
51515358f7 Make more enum types accept unknown values 2022-10-17 14:15:35 +02:00
Quentin Gliech
fc5c8314b5 Fix handlers tests 2022-10-17 11:39:45 +02:00
Quentin Gliech
84ac87f551 WIP: better listeners 
- listen on UNIX domain sockets
- handle TLS stuff
- allow mounting only some resources
 2022-10-17 11:39:45 +02:00
Quentin Gliech
7fbfb74a5e WIP: better HTTP listeners 2022-10-17 11:39:45 +02:00
Quentin Gliech
93ce5c797c Mount the static assets on /assets 2022-10-17 11:39:45 +02:00
Kévin Commaille
80d317f23c Add variants for unknown values on mas-iana types 
Remove the Copy derive and mark enums as non-exhaustive.
 2022-09-28 13:43:39 +02:00
Kévin Commaille
1bbd2c2970 Allow access token types in introspection auth methods 2022-09-27 19:11:32 +02:00
Kévin Commaille
19721959f8 Export list of supported algorithms from mas-jose 2022-09-16 11:48:06 +02:00
Quentin Gliech
6cff677550 Properly advertise all the supported JWT verification algorithms 2022-09-13 15:19:19 +02:00
Kévin Commaille
fca6cfa393 Use ResponseType that doesn't care about tokens order 2022-09-13 15:15:30 +02:00
Kévin Commaille
0452ac10e6 Move claim hash token function to mas-jose crate 
Change the hash function according to the signature algorithm,
according to the OpendID Connect spec.
 2022-09-06 14:15:05 +02:00
Quentin Gliech
36668d9b91 Move the healthcheck route to the API router 2022-09-06 13:11:54 +02:00
Quentin Gliech
fa47f6e150 Upgrade axum to 0.6.0-rc.1 2022-09-06 13:11:54 +02:00
Quentin Gliech
cc6c6e8bdb Remove the config dependency from the email, templates & handlers crates 2022-09-02 16:01:11 +02:00
Quentin Gliech
1f0e273ac3 JWT response wrapper 
Helps replying with a JWT to a request, with a
`Content-Type: application/jwt` header
 2022-09-02 15:37:46 +02:00
Quentin Gliech
b9e46dfc55 Some cleanups 2022-09-02 15:37:46 +02:00
Quentin Gliech
8c25dc03ce Move the Encrypter from the config to the keystore 2022-09-02 15:37:46 +02:00
Quentin Gliech
e1d50b818e Add a dedicated keystore crate 2022-09-02 15:37:46 +02:00
Quentin Gliech
2c400d4cc1 Get rid of legacy JWKS store 2022-09-02 15:37:46 +02:00
Quentin Gliech
ca125a14c5 WIP: better JOSE 2022-09-02 15:37:46 +02:00
Quentin Gliech
495285162b Remove support for the token response type 2022-09-02 13:59:10 +02:00
Kévin Commaille
7b281f4c21 Improve docs and spec compliance of oauth2-types requests 2022-09-02 11:25:21 +02:00
Kévin Commaille
ee47c821e3 Use an enum for client error codes 
Replace the ClientError constants with From<ClientErrorCode>.
 2022-09-01 17:59:37 +02:00
Kévin Commaille
e202c3dd6d Allow to validate client metadata 
According to OpenID Connect Dynamic Client Registration Spec 1.0.
Introduce VerifiedClientMetadata.
 2022-08-19 13:58:43 +02:00
Kévin Commaille
222551ad7f Allow to validate provider metadata 
According to the OpenID Connect Discovery 1.0 spec.
Provide the default values for fields when they are defined.
Introduce VerifiedProviderMetadata.
Rename Metadata to ProviderMetadata.
Implement Deserialize for ProviderMetadata.
 2022-08-11 17:20:17 +02:00
Quentin Gliech
c1ed726dc8 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
Quentin Gliech
2e2c3d54a6 Test HTTP handlers 2022-08-05 09:48:02 +02:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
ba6a382f2c Authorization grant policy (#288) 
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
 2022-07-21 16:18:59 +00:00
Quentin Gliech
a263330ea5 Stop generating the device ID automatically (#285) 2022-07-21 16:34:55 +01:00
Hugh Nimmo-Smith
0e21f00d17 Return reason for invalid_client_metadata in HTTP response (#298) 2022-07-08 21:11:54 +00:00
Quentin Gliech
4870d1e899 Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00