matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
1,675 Commits 59 Branches 22 Tags
b9edbda5e169b09e18ab8bb6b51ac15faed810a3
Commit Graph

152 Commits

Author SHA1 Message Date
Quentin Gliech
ca112d45e1 ci: Update clippy to 1.66 and fix new warnings 2022-12-16 18:16:18 +01:00
Hugh Nimmo-Smith
61b14a08b3 Make the introspection endpoint return JSON error responses 2022-12-14 16:33:27 +01:00
Quentin Gliech
0ea9089f7f template: more cleanups 2022-12-08 15:29:15 +01:00
Quentin Gliech
13b1ac7c83 policy: define custom errors and ditch anyhow 2022-12-08 15:29:15 +01:00
Quentin Gliech
68890b7291 handlers: remove most usage of anyhow 2022-12-08 15:29:15 +01:00
Quentin Gliech
a836cc864a storage: unify most of the remaining errors 2022-12-08 15:29:15 +01:00
Quentin Gliech
102571512e storage: unify most oauth2 related errors 2022-12-08 15:29:15 +01:00
Quentin Gliech
b7cad48bbd storage: unify user operations errors 2022-12-08 15:29:15 +01:00
Quentin Gliech
f7f65e314b storage: unify the compat login errors 2022-12-08 15:29:15 +01:00
Quentin Gliech
12ce2a3d04 data-model: simplify the authorization grants and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
92d6f5b087 data-model: simplify the oauth2 clients 2022-12-08 15:29:15 +01:00
Quentin Gliech
feebbd0e97 data-model: simplify users and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
4227fa7a83 Add a global HTTP client factory 2022-12-05 19:39:51 +01:00
Quentin Gliech
95a879585b Make the OIDC issuer a string instead of a URL 2022-12-02 18:04:07 +01:00
Quentin Gliech
0ca4366f75 Use associated error type in claims validator instead of anyhow. 2022-12-01 14:34:19 +01:00
Quentin Gliech
78778648ca Allow fetching more nodes by their IDs 2022-11-18 13:43:01 +01:00
Quentin Gliech
eeb442b6d0 Bump rustc to 1.65 2022-11-03 21:56:58 +01:00
Quentin Gliech
ba3379434d Generate a random secret on client registration 2022-11-02 18:59:00 +01:00
Quentin Gliech
8ccc23cc47 Better userinfo error codes 2022-11-02 18:59:00 +01:00
Quentin Gliech
2d2127dcdb More cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
368a9282a1 Cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
b7c50b5403 Pass time and RNG in CSRF verification methods 2022-11-02 18:59:00 +01:00
Quentin Gliech
f1aa42fae4 Disallow Ulid generation without explicit timestamp and rng 2022-11-02 18:59:00 +01:00
Quentin Gliech
559181c2c3 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
e2142f9cd4 Database refactoring 2022-11-02 18:59:00 +01:00
Kévin Commaille
51515358f7 Make more enum types accept unknown values 2022-10-17 14:15:35 +02:00
Kévin Commaille
80d317f23c Add variants for unknown values on mas-iana types 
Remove the Copy derive and mark enums as non-exhaustive.
 2022-09-28 13:43:39 +02:00
Kévin Commaille
1bbd2c2970 Allow access token types in introspection auth methods 2022-09-27 19:11:32 +02:00
Kévin Commaille
19721959f8 Export list of supported algorithms from mas-jose 2022-09-16 11:48:06 +02:00
Quentin Gliech
6cff677550 Properly advertise all the supported JWT verification algorithms 2022-09-13 15:19:19 +02:00
Kévin Commaille
fca6cfa393 Use ResponseType that doesn't care about tokens order 2022-09-13 15:15:30 +02:00
Kévin Commaille
0452ac10e6 Move claim hash token function to mas-jose crate 
Change the hash function according to the signature algorithm,
according to the OpendID Connect spec.
 2022-09-06 14:15:05 +02:00
Quentin Gliech
fa47f6e150 Upgrade axum to 0.6.0-rc.1 2022-09-06 13:11:54 +02:00
Quentin Gliech
1f0e273ac3 JWT response wrapper 
Helps replying with a JWT to a request, with a
`Content-Type: application/jwt` header
 2022-09-02 15:37:46 +02:00
Quentin Gliech
b9e46dfc55 Some cleanups 2022-09-02 15:37:46 +02:00
Quentin Gliech
8c25dc03ce Move the Encrypter from the config to the keystore 2022-09-02 15:37:46 +02:00
Quentin Gliech
e1d50b818e Add a dedicated keystore crate 2022-09-02 15:37:46 +02:00
Quentin Gliech
2c400d4cc1 Get rid of legacy JWKS store 2022-09-02 15:37:46 +02:00
Quentin Gliech
ca125a14c5 WIP: better JOSE 2022-09-02 15:37:46 +02:00
Quentin Gliech
495285162b Remove support for the token response type 2022-09-02 13:59:10 +02:00
Kévin Commaille
7b281f4c21 Improve docs and spec compliance of oauth2-types requests 2022-09-02 11:25:21 +02:00
Kévin Commaille
ee47c821e3 Use an enum for client error codes 
Replace the ClientError constants with From<ClientErrorCode>.
 2022-09-01 17:59:37 +02:00
Kévin Commaille
e202c3dd6d Allow to validate client metadata 
According to OpenID Connect Dynamic Client Registration Spec 1.0.
Introduce VerifiedClientMetadata.
 2022-08-19 13:58:43 +02:00
Kévin Commaille
222551ad7f Allow to validate provider metadata 
According to the OpenID Connect Discovery 1.0 spec.
Provide the default values for fields when they are defined.
Introduce VerifiedProviderMetadata.
Rename Metadata to ProviderMetadata.
Implement Deserialize for ProviderMetadata.
 2022-08-11 17:20:17 +02:00
Quentin Gliech
c1ed726dc8 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
ba6a382f2c Authorization grant policy (#288) 
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
 2022-07-21 16:18:59 +00:00
Quentin Gliech
a263330ea5 Stop generating the device ID automatically (#285) 2022-07-21 16:34:55 +01:00