matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-12-05 10:42:14 +03:00
Code Activity
766 Commits 59 Branches 22 Tags
d40e0dc1c8d131b70e1bd5e90c3b52eaeea2a4a2
Commit Graph

56 Commits

Author SHA1 Message Date
Kévin Commaille
51515358f7 Make more enum types accept unknown values 2022-10-17 14:15:35 +02:00
Kévin Commaille
10297d29bb Make Scope use a BTreeSet internally 2022-10-17 14:12:59 +02:00
Kévin Commaille
99f2ca3d57 Derive Clone for http requests structs 
So they don't prevent a Service from implementing Clone.
 2022-10-17 12:47:43 +02:00
Kévin Commaille
954e163936 Fix parsing and deserialization of AuthenticationMethodOrAccessTokenType 2022-09-28 13:43:39 +02:00
Kévin Commaille
80d317f23c Add variants for unknown values on mas-iana types 
Remove the Copy derive and mark enums as non-exhaustive.
 2022-09-28 13:43:39 +02:00
Kévin Commaille
1bbd2c2970 Allow access token types in introspection auth methods 2022-09-27 19:11:32 +02:00
Kévin Commaille
940ab48819 Add types for the Device Authorization flow 2022-09-16 11:47:31 +02:00
Kévin Commaille
fca6cfa393 Use ResponseType that doesn't care about tokens order 2022-09-13 15:15:30 +02:00
Kévin Commaille
c4e495a84a Properly implement Display and FromStr for oauth2-types enums 
Use SerializeDisplay and DeserializeFromStr derives.
Add tests for serialize and deserialize implemntations.
 2022-09-12 15:44:15 +02:00
Kévin Commaille
94ba03a273 Add more variants to GrantType 2022-09-12 11:06:45 +02:00
Kévin Commaille
940965287b Allow to get verified provider metadata with minimal checks 2022-09-07 08:56:10 +02:00
Kévin Commaille
91ce8ff5fe Add Pushed Authorization Request response type 2022-09-05 11:29:17 +02:00
Quentin Gliech
29f1b134ae Make the JWK generic over the parameters 2022-09-02 15:37:46 +02:00
Kévin Commaille
7b281f4c21 Improve docs and spec compliance of oauth2-types requests 2022-09-02 11:25:21 +02:00
Kévin Commaille
bffbf63992 Add a constructor for a basic AuthorizationRequest 2022-09-02 11:25:21 +02:00
Kévin Commaille
7a931925fa Basic improvements to oauth2-types requests 
Make sure all types implement Serialize, Deserialize, Debug and Clone.
Make sure all types can be constructed and all fields can be accessed.
 2022-09-02 11:25:21 +02:00
Kévin Commaille
ee47c821e3 Use an enum for client error codes 
Replace the ClientError constants with From<ClientErrorCode>.
 2022-09-01 17:59:37 +02:00
Kévin Commaille
e202c3dd6d Allow to validate client metadata 
According to OpenID Connect Dynamic Client Registration Spec 1.0.
Introduce VerifiedClientMetadata.
 2022-08-19 13:58:43 +02:00
Kévin Commaille
78f41c7d86 Improve docs for the prompt_values_supported field 2022-08-12 12:19:17 +02:00
Kévin Commaille
5c8b442747 Fix new clippy 0.1.63 warnings 2022-08-12 11:05:21 +02:00
Kévin Commaille
759809b7fd Document field requirements in ProviderMetadata docs 2022-08-11 17:20:17 +02:00
Kévin Commaille
f6fc51a76f Use LanguageTag for lists of locales in ProviderMetadata 2022-08-11 17:20:17 +02:00
Kévin Commaille
222551ad7f Allow to validate provider metadata 
According to the OpenID Connect Discovery 1.0 spec.
Provide the default values for fields when they are defined.
Introduce VerifiedProviderMetadata.
Rename Metadata to ProviderMetadata.
Implement Deserialize for ProviderMetadata.
 2022-08-11 17:20:17 +02:00
Kévin Commaille
c63345fe31 Fix type of metadata pushed authorization request endpoint 2022-08-11 17:20:17 +02:00
Quentin Gliech
c1ed726dc8 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
44b2708f7a Bump serde_with 2022-08-01 19:38:22 +02:00
Quentin Gliech
28ff912029 Simple consent screen and storage 2022-04-29 12:16:39 +02:00
Quentin Gliech
ee05543944 Check some metadata on client registration 2022-04-21 13:34:07 +02:00
Quentin Gliech
5c14611b96 Simple dynamic client registration 2022-04-19 12:23:19 +02:00
Quentin Gliech
d43a8f1a00 Basic Webfinger support 2022-04-08 10:43:48 +02:00
Quentin Gliech
bbcd03fa73 Simplify OAuth2 error types 2022-04-07 10:08:10 +02:00
Quentin Gliech
9cd63f6cf1 Fix tests in oauth2 errors serialization 2022-04-06 17:35:29 +02:00
Quentin Gliech
51160faf48 Axum migration: /oauth2/authorize 2022-04-06 17:35:29 +02:00
Quentin Gliech
35310849c7 Axum migration: /oauth2/token 2022-04-06 17:35:29 +02:00
Quentin Gliech
64900ef1d9 Axum migration: /oauth2/keys.json and /.well-known/openid-configuration 2022-04-06 17:35:29 +02:00
Quentin Gliech
8e9bda654f Support prompt=create 
Allows RPs to ask for account creation

See https://openid.net/specs/openid-connect-prompt-create-1_0.html
 2022-03-14 16:34:10 +01:00
Quentin Gliech
62f633a716 Move clients to the database 2022-03-08 19:07:46 +01:00
Quentin Gliech
a45381828c Loads of docs & enabling more clippy lints 2022-02-01 12:02:32 +01:00
Quentin Gliech
5b9c35a079 Use iana generated types in more places 2022-01-12 12:22:54 +01:00
Quentin Gliech
2844706bb1 Multiple IANA codegen enhancement 
- JWS/JWE algorithms are properly splitted
 - Enums now have a proper description
 - They implement FromStr and Display
 - mas-jose does not reexport mas-iana anymore
 2022-01-12 10:58:27 +01:00
Quentin Gliech
9003eaf0c2 Use new generated enums & query supported signing algs from the keystore 2022-01-11 18:46:26 +01:00
Quentin Gliech
97ab75fb15 Add loads of server metadata in the discovery document 2022-01-11 12:54:26 +01:00
Quentin Gliech
b4f0f0d0be Have all server metadata from the IANA registry 2022-01-11 11:20:17 +01:00
Quentin Gliech
de2e078e18 Match the spec on handling request/registration params 
Raise a (request|request_uri|registration)_unsupported error when one of
those parameters are in an authorization request
 2021-11-22 16:14:25 +01:00
Quentin Gliech
d78f64d077 Support the prompt param in authorization requests 2021-11-22 15:54:52 +01:00
Quentin Gliech
5a4d3f6c94 Generate a scope with a random device ID 2021-11-22 14:06:25 +01:00
Quentin Gliech
6a69ef8456 Fix post-auth redirects & support max_age 
This also displays some context on login and reauth page about the next
step
 2021-11-16 19:16:52 +01:00