matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,030 Commits 59 Branches 22 Tags
8984cc703b2242d39b5e7033f1d8f08b51ebd0c4
Commit Graph

537 Commits

Author SHA1 Message Date
Quentin Gliech
b9e46dfc55 Some cleanups 2022-09-02 15:37:46 +02:00
Quentin Gliech
8c25dc03ce Move the Encrypter from the config to the keystore 2022-09-02 15:37:46 +02:00
Quentin Gliech
e1d50b818e Add a dedicated keystore crate 2022-09-02 15:37:46 +02:00
Quentin Gliech
2c400d4cc1 Get rid of legacy JWKS store 2022-09-02 15:37:46 +02:00
Quentin Gliech
ca125a14c5 WIP: better JOSE 2022-09-02 15:37:46 +02:00
Quentin Gliech
495285162b Remove support for the token response type 2022-09-02 13:59:10 +02:00
Kévin Commaille
7b281f4c21 Improve docs and spec compliance of oauth2-types requests 2022-09-02 11:25:21 +02:00
Kévin Commaille
ee47c821e3 Use an enum for client error codes 
Replace the ClientError constants with From<ClientErrorCode>.
 2022-09-01 17:59:37 +02:00
dependabot[bot]
14ab53ddfc Bump serde_json from 1.0.83 to 1.0.85 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.83 to 1.0.85.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.83...v1.0.85)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-22 15:44:03 +02:00
dependabot[bot]
2eed13639f Bump serde from 1.0.143 to 1.0.144 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.143 to 1.0.144.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.143...v1.0.144)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-22 15:22:04 +02:00
Kévin Commaille
e202c3dd6d Allow to validate client metadata 
According to OpenID Connect Dynamic Client Registration Spec 1.0.
Introduce VerifiedClientMetadata.
 2022-08-19 13:58:43 +02:00
dependabot[bot]
22b1406279 Bump chrono from 0.4.20 to 0.4.22 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.20 to 0.4.22.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.20...v0.4.22)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 12:21:07 +02:00
dependabot[bot]
f0efc2c695 Bump axum-extra from 0.3.6 to 0.3.7 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.6 to 0.3.7.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.6...axum-extra-v0.3.7)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 12:18:16 +02:00
dependabot[bot]
b64812d77c Bump axum from 0.5.13 to 0.5.15 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.13 to 0.5.15.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.13...axum-v0.5.15)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 11:47:07 +02:00
dependabot[bot]
31aa7b6913 Bump anyhow from 1.0.59 to 1.0.62 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.59 to 1.0.62.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.59...1.0.62)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 10:23:21 +02:00
Kévin Commaille
222551ad7f Allow to validate provider metadata 
According to the OpenID Connect Discovery 1.0 spec.
Provide the default values for fields when they are defined.
Introduce VerifiedProviderMetadata.
Rename Metadata to ProviderMetadata.
Implement Deserialize for ProviderMetadata.
 2022-08-11 17:20:17 +02:00
Quentin Gliech
c1ed726dc8 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
dependabot[bot]
2568720106 Bump chrono from 0.4.19 to 0.4.20 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.19 to 0.4.20.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.19...v0.4.20)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-05 09:48:09 +02:00
Quentin Gliech
2e2c3d54a6 Test HTTP handlers 2022-08-05 09:48:02 +02:00
dependabot[bot]
3cfd0f1553 Bump serde from 1.0.141 to 1.0.142 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.141 to 1.0.142.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.141...v1.0.142)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 11:30:39 +02:00
dependabot[bot]
25a7d6cba5 Bump serde_json from 1.0.82 to 1.0.83 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.82 to 1.0.83.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.82...v1.0.83)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 10:43:50 +02:00
dependabot[bot]
2e8f180675 Bump sqlx from 0.6.0 to 0.6.1 
Bumps [sqlx](https://github.com/launchbadge/sqlx) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/launchbadge/sqlx/releases)
- [Changelog](https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchbadge/sqlx/commits)

---
updated-dependencies:
- dependency-name: sqlx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 10:03:39 +02:00
dependabot[bot]
3b56287c99 Bump thiserror from 1.0.31 to 1.0.32 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.31 to 1.0.32.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.31...1.0.32)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 09:21:37 +02:00
dependabot[bot]
b3486cc373 Bump elliptic-curve from 0.12.2 to 0.12.3 
Bumps [elliptic-curve](https://github.com/RustCrypto/traits) from 0.12.2 to 0.12.3.
- [Release notes](https://github.com/RustCrypto/traits/releases)
- [Commits](https://github.com/RustCrypto/traits/compare/elliptic-curve-v0.12.2...elliptic-curve-v0.12.3)

---
updated-dependencies:
- dependency-name: elliptic-curve
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-03 19:08:56 +02:00
dependabot[bot]
20f2b5db74 Bump indoc from 1.0.6 to 1.0.7 
Bumps [indoc](https://github.com/dtolnay/indoc) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/dtolnay/indoc/releases)
- [Commits](https://github.com/dtolnay/indoc/compare/1.0.6...1.0.7)

---
updated-dependencies:
- dependency-name: indoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-03 16:29:39 +02:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
e3e659b701 Switch back rsa crate to a published pre-version 2022-08-01 19:41:38 +02:00
Quentin Gliech
44b2708f7a Bump serde_with 2022-08-01 19:38:22 +02:00
Quentin Gliech
d4c718ef4b Bump Rust dependencies 2022-08-01 17:50:33 +02:00
Quentin Gliech
ba6a382f2c Authorization grant policy (#288) 
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
 2022-07-21 16:18:59 +00:00
Quentin Gliech
a263330ea5 Stop generating the device ID automatically (#285) 2022-07-21 16:34:55 +01:00
Hugh Nimmo-Smith
0e21f00d17 Return reason for invalid_client_metadata in HTTP response (#298) 2022-07-08 21:11:54 +00:00
Quentin Gliech
ba90ee2614 Bump dependencies 2022-07-04 18:27:18 +02:00
dependabot[bot]
be3662d7dc Bump lettre from 0.10.0-rc.7 to 0.10.0 
Bumps [lettre](https://github.com/lettre/lettre) from 0.10.0-rc.7 to 0.10.0.
- [Release notes](https://github.com/lettre/lettre/releases)
- [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lettre/lettre/compare/v0.10.0-rc.7...v0.10.0)

---
updated-dependencies:
- dependency-name: lettre
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-04 18:17:07 +02:00
Quentin Gliech
4870d1e899 Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00
dependabot[bot]
52a400eb9e Bump serde_json from 1.0.81 to 1.0.82 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.81 to 1.0.82.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.81...v1.0.82)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 19:12:20 +02:00
dependabot[bot]
43f0336b92 Bump axum from 0.5.9 to 0.5.10 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.9 to 0.5.10.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.9...axum-v0.5.10)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-29 09:35:58 +02:00
Quentin Gliech
821182acd1 Bump dependencies and bumps MSRV to 1.60 2022-06-27 23:37:21 +02:00
Quentin Gliech
27fa4fef4f Bump dependencies 2022-06-27 11:33:21 +02:00
Quentin Gliech
fee9d46dfc Bump sqlx from 0.5.13 to 0.6.0 2022-06-27 11:11:29 +02:00
dependabot[bot]
2ed22a618a Bump anyhow from 1.0.57 to 1.0.58 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.57 to 1.0.58.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.57...1.0.58)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-23 18:33:39 +02:00
Hugh Nimmo-Smith
50af460e22 Use unstable prefix for MSC3824 (#251) 2022-06-19 18:37:50 +00:00
Hugh Nimmo-Smith
9e3f43f1f0 Move from MSC3824 actions to org.matrix.msc3824.delegated_oidc_compatibility flag (#250) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-15 15:49:03 +00:00
Hugh Nimmo-Smith
5632f6ba99 feat: support for MSC3824 action param on SSO redirect (#248) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-14 11:34:56 +00:00
dependabot[bot]
482bfeecc2 Bump axum-extra from 0.3.3 to 0.3.4 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.3 to 0.3.4.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.3...axum-extra-v0.3.4)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 12:39:21 +02:00
dependabot[bot]
3f9863e7d3 Bump tracing from 0.1.34 to 0.1.35 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.34 to 0.1.35.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.34...tracing-0.1.35)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 11:40:21 +02:00
dependabot[bot]
b1a17194b7 Bump axum from 0.5.6 to 0.5.7 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.6...axum-v0.5.7)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 11:40:05 +02:00
dependabot[bot]
a0573feedb Bump tower-http from 0.3.3 to 0.3.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.3.3 to 0.3.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.3.3...tower-http-0.3.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:50 +02:00