matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
1,675 Commits 59 Branches 22 Tags
b9edbda5e169b09e18ab8bb6b51ac15faed810a3
Commit Graph

152 Commits

Author SHA1 Message Date
Hugh Nimmo-Smith
0e21f00d17 Return reason for invalid_client_metadata in HTTP response (#298) 2022-07-08 21:11:54 +00:00
Quentin Gliech
7c8893e596 Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
071055ad18 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
aab1f49374 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
99ac59bc5d Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00
Quentin Gliech
0fcecfa7fb Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
309c89fc4f Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
c4fa87e457 Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
1aff98bdb3 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
ca7b26cf18 Simplify error handling in user-facing routes 2022-05-10 17:47:38 +02:00
Jonas Platte
0e1b2ea6b1 Remove implied StatusCode::OK 2022-05-10 11:01:24 +02:00
Quentin Gliech
f4353b660e Have a unified URL builder/router 2022-05-10 09:52:48 +02:00
Quentin Gliech
436c0dcb19 Rewrite the authorization grant logic 2022-05-06 17:12:39 +02:00
Quentin Gliech
7a4dbd2910 Rewrite authorization code grant callback logic 2022-05-04 16:36:59 +02:00
Quentin Gliech
3a83c5b3bf Use axum-extra's PrivateCookieJar 2022-04-29 14:56:06 +02:00
Quentin Gliech
9681948aa8 Show consent page on prompt=consent 2022-04-29 14:10:45 +02:00
Quentin Gliech
28ff912029 Simple consent screen and storage 2022-04-29 12:16:39 +02:00
Quentin Gliech
ee05543944 Check some metadata on client registration 2022-04-21 13:34:07 +02:00
Quentin Gliech
25193ebaa5 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
5c14611b96 Simple dynamic client registration 2022-04-19 12:23:19 +02:00
Quentin Gliech
d43a8f1a00 Basic Webfinger support 2022-04-08 10:43:48 +02:00
Quentin Gliech
9a76139bb4 Return proper errors on the OAuth token endpoint 2022-04-06 17:35:29 +02:00
Quentin Gliech
31bc8504c9 Upgrade axum to 0.5 2022-04-06 17:35:29 +02:00
Quentin Gliech
51160faf48 Axum migration: /oauth2/authorize 2022-04-06 17:35:29 +02:00
Quentin Gliech
35310849c7 Axum migration: /oauth2/token 2022-04-06 17:35:29 +02:00
Quentin Gliech
0f7484beee Axum migration: /oauth2/introspection 2022-04-06 17:35:29 +02:00
Quentin Gliech
9dad21475e Axum migration: /oauth2/userinfo & UserAuthorization util 2022-04-06 17:35:29 +02:00
Quentin Gliech
64900ef1d9 Axum migration: /oauth2/keys.json and /.well-known/openid-configuration 2022-04-06 17:35:29 +02:00
Quentin Gliech
8e9bda654f Support prompt=create 
Allows RPs to ask for account creation

See https://openid.net/specs/openid-connect-prompt-create-1_0.html
 2022-03-14 16:34:10 +01:00
Hugh Nimmo-Smith
3d3b14093c fix: allow authorization in Access-Control-Request-Headers (#88) 
* fix: allow authorization in Access-Control-Request-Headers

* chore: fix clippy style

* style: use constant version of Authorization header

* chore: fix code style with cargo fmt

Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-03-11 11:44:23 +00:00
Quentin Gliech
62f633a716 Move clients to the database 2022-03-08 19:07:46 +01:00
Quentin Gliech
8c97c98206 Fix compilation on older rust version 2022-02-28 10:07:32 +01:00
Quentin Gliech
beef393bc8 Support the email scope 2022-02-25 16:19:38 +01:00
Quentin Gliech
cad6d54ddb Reply with proper errors on the OAuth token endpoint 2022-02-25 11:28:23 +01:00
Quentin Gliech
035e2d7829 Implement private_key_jwks client authentication 
This involves a lot of things, including:
 - better VerifyingKeystore trait
 - better errors in the JOSE crate
 - getting rid of async_trait in some JOSE traits
 2022-02-17 15:42:44 +01:00
Quentin Gliech
2df40762a2 Dedicated HTTP server/client crate 
Also have better names for the HTTP routes
 2022-02-10 16:38:16 +01:00
Quentin Gliech
7e24cd0948 Move secrets and oauth2 clients config 2022-02-01 09:34:55 +01:00
Quentin Gliech
c0e5b66ea4 Move public base URL from oauth2 config to http config 2022-02-01 09:34:55 +01:00
Quentin Gliech
6e50921626 Email management UI 
Also simplify a bunch of query strings
 2022-01-18 18:16:56 +01:00
Quentin Gliech
0c2950a160 Remove unnecessary boxing of warp filters 
This was needed because of a compiler regression. Now that we're using
Rust 1.58 there is no benefit to boxing them
 2022-01-18 12:07:29 +01:00
Quentin Gliech
571f484894 Revoke OAuth session on code reuse 2022-01-14 13:20:14 +01:00
Quentin Gliech
5b9c35a079 Use iana generated types in more places 2022-01-12 12:22:54 +01:00
Quentin Gliech
2844706bb1 Multiple IANA codegen enhancement 
- JWS/JWE algorithms are properly splitted
 - Enums now have a proper description
 - They implement FromStr and Display
 - mas-jose does not reexport mas-iana anymore
 2022-01-12 10:58:27 +01:00
Quentin Gliech
9003eaf0c2 Use new generated enums & query supported signing algs from the keystore 2022-01-11 18:46:26 +01:00
Quentin Gliech
97ab75fb15 Add loads of server metadata in the discovery document 2022-01-11 12:54:26 +01:00
Quentin Gliech
b4f0f0d0be Have all server metadata from the IANA registry 2022-01-11 11:20:17 +01:00
Quentin Gliech
a30d4b58f0 Add exp claim in id_tokens 2022-01-10 17:59:57 +01:00
Quentin Gliech
5631300dc3 Claims handling in JOSE library 2022-01-10 17:41:48 +01:00
Quentin Gliech
a965e488e2 Support private_key_jwt client auth 
Which includes having a verifying keystore out of JWKS (and soon out of
a JWKS URI)
 2022-01-05 21:07:18 +01:00
Quentin Gliech
f933ace007 New JWT/JOSE crate 
Still WIP, needs to handle time related claims
 2022-01-04 22:28:00 +01:00