59df55c2f9
Handle auth errors on the userinfo endpoint
2021-09-17 16:20:10 +02:00
463184bbb1
Make the template contexts a bit more clear
2021-09-17 14:30:06 +02:00
7afd82be8f
ci: better job dependencies
2021-09-17 12:55:10 +02:00
3159a9972f
Allow loading multiple configuration files
2021-09-17 12:22:03 +02:00
bd441ceef7
Allow splitting database connection options
2021-09-17 12:03:00 +02:00
789ace84fd
Ability to run migrations on startup
...
Also adds a bunch of logging information on startup
2021-09-17 11:27:06 +02:00
4fbac80898
Docker image and CI
2021-09-17 10:40:08 +02:00
76c69485e9
Embed templates in binary & add command to export them
2021-09-16 23:39:07 +02:00
e44197a2cc
Bump MSRV to 1.54
...
clap 4.0.0-beta4 broke <1.54 compatibility
2021-09-16 15:05:07 +02:00
721b67fe48
Fix minor code style issues
2021-09-16 14:54:17 +02:00
a44e33931c
Split the service in multiple crates
2021-09-16 14:43:56 +02:00
da91564bf9
Upgrade dependencies
2021-09-16 12:33:04 +02:00
41e3945496
Fix signing key in tests
2021-09-16 12:23:45 +02:00
bb11ab7af8
more error handling in token endpoint
...
Also adds some OP metadatas to help with conformance
2021-09-11 00:53:21 +02:00
f8c51f67e8
WIP error management in authorization request
2021-09-10 22:53:21 +02:00
fb421a6139
disabled bogus clippy lint
2021-09-09 23:27:51 +02:00
dad0360ffb
implement userinfo endpoint
...
Also fix some responses to pass more compliance tests
2021-09-09 23:11:09 +02:00
ac6875172f
Add c_hash, at_hash and nonce claims to id_token
2021-09-09 16:52:08 +02:00
5b1abb6a17
Properly block on hashing and signing operations
...
This moves those operations on Tokio "blocking" threads, which avoids
that they block the async executor while running. It also makes the
config generation asynchronous with better logging of what is happening.
2021-09-09 14:15:42 +02:00
afbae31487
Basic id_token signing
2021-09-09 13:18:53 +02:00
63dfd86552
Implement refresh tokens
2021-08-27 15:27:19 +02:00
2a8c38c181
Simple task scheduler to remove old access tokens
2021-08-27 12:06:03 +02:00
c00c962de2
Simplify client authentication logic
2021-08-26 20:16:38 +02:00
c64273afc3
Recover gracefully from login errors
...
Fixes #5
2021-08-26 18:08:28 +02:00
47e79307a6
Simplify saving encrypted cookies
2021-08-26 17:39:33 +02:00
a1d78eae55
WIP: handle errors in forms
2021-08-26 11:49:22 +02:00
705d253322
Use custom error types for CSRF and login errors
2021-08-26 11:49:22 +02:00
5fdd833b26
Better handle .env file loading error
...
Previously it would crash if the file did not exist
2021-08-26 11:14:49 +02:00
c3087ac925
Display the OIDC discovery document on the index
2021-08-15 11:27:00 +00:00
d056c6ef93
Add registration view
2021-08-15 09:56:28 +00:00
bac4125d8c
Load environment variables from .env files
...
This allows to properly set the OAuth 2.0 Issuer base in the Codespace
2021-08-15 09:21:15 +00:00
2361791951
Setup GitHub Codespaces
2021-08-14 20:50:07 +00:00
c4950318dd
Commit transaction after exchanging the auth code
2021-08-14 14:35:52 +02:00
d5d9cfe337
ci: Download deps with MSRV
2021-08-14 13:28:03 +02:00
69035e4fb8
Set MSRV and let beta & nightly fail in CI
2021-08-14 13:18:08 +02:00
b5adc80838
Implement code exchange endpoint
...
Also implement proper client authentication and fix introspection
endpoint
2021-08-14 12:31:19 +02:00
3bdfd68f9d
Rework warp top-filters to get proper 404 errors
...
Before, some had `warp::get().and(warp::path!("foo"))`, which resulted
to a `405 Method not allowed` instead of a 404.
It also uses the `wrap::path!` macro instead of the function to ensure
we're not setting a prefix
2021-08-13 16:20:09 +02:00
787ff192fe
Implement basic token introspection endpoint
2021-08-13 15:45:51 +02:00
0596b65f12
Implement proper access token generation
2021-08-13 14:15:20 +02:00
da13e24789
Acquire DB conns and txns on filter level
...
This avoids having the pool everywhere and instead have connections and
transactions as parameters
2021-08-13 09:38:41 +02:00
4eb1b5d4f8
allow completing an oauth2 session after login
2021-08-06 16:57:49 +02:00
274251ceda
wrap HTML responses with warp::reply::html
...
This sets the Content-Type in responses
2021-08-06 13:57:51 +02:00
66f0605c15
set the response_{modes,types}_supported fields in the discovery document
2021-08-06 13:55:45 +02:00
0e68061f7f
support the form_post response mode
...
also clarify the `register_templates` macro
2021-08-06 12:17:19 +02:00
88c0a80f64
Continue implementing the authorization code grant
2021-08-05 23:44:35 +02:00
bbeef9151d
Document some of the templates related structures
2021-08-05 17:48:41 +02:00
f5333da0d2
Remove unnecessary boxing of filters
...
This might help with error handling, knowing what filter are fallible or not
2021-08-05 17:46:46 +02:00
7a3bcd210d
Strongly-typed templates
2021-08-05 14:43:42 +02:00
dcc84e1083
starting the oauth2 authorization flow
...
also enable compile-time validation of queries
2021-07-31 23:22:41 +02:00
1cfd74dae5
move all IDs in DB to 64bit integers
2021-07-31 15:11:35 +02:00
