11 Commits

Author	SHA1	Message	Date
Hugh Nimmo-Smith	ff1db2b538	Bump eslint-plugin-matrix-org to enable @typescript-eslint/consistent-type-imports rule (#4680) ... * Bump eslint-plugin-matrix-org to enable @typescript-eslint/consistent-type-imports rule * Re-lint after merge	2025-02-05 12:15:20 +00:00
Michael Telatynski	c0e30ceca0	Switch OIDC primarily to new /auth_metadata API (#4626)	2025-01-22 13:48:27 +00:00
Liam Diprose	693bb22ba1	Handle when aud OIDC claim is an Array (#4584) ... * Handle when `aud` OIDC claim is an Array The `aud` claim of OIDC id_tokens [can be an array](ce6d694639/src/Claims.ts (L92)) but the existing logic incorrectly assumes `aud` is always a string. This PR adds the necessary check. * Clarify `aud` OIDC claim check * Fix for prettier --------- Co-authored-by: David Baker <dbkr@users.noreply.github.com>	2024-12-16 11:38:34 +00:00
Michael Telatynski	a26fc46ed4	Update MSC2965 OIDC Discovery implementation (#4064)	2024-02-23 16:43:11 +00:00
Michael Telatynski	c27c357688	Validate account_management_uri and account_management_actions_supported from OIDC Issuer well-known (#4074) ... Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>	2024-02-21 14:56:11 +00:00
renovate[bot]	b474439256	Update dependency oidc-client-ts to v3 (#4052) ... * Update dependency oidc-client-ts to v3 * Update jwt-decode so that oidc-client-ts doesn't run its own and thus we can mock Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Merge Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * delint Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Sort package.json Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Ensure oidc-client-ts 3.0.1 to drop crypto-js Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>	2024-02-19 17:20:56 +00:00
Kerry	5df4ebaada	OIDC: Log in (#3554) ... * use oidc-client-ts during oidc discovery * export new type for auth config * deprecate generateAuthorizationUrl in favour of generateOidcAuthorizationUrl * testing util for oidc configurations * test generateOidcAuthorizationUrl * lint * test discovery * dont pass whole client wellknown to oidc validation funcs * add nonce * use oidc-client-ts for oidc response * validate user state and update tests * use oidc-client-ts for code exchange * use oidc-client-ts in completing auth grant * use client userState for homeserver * more comments	2023-07-11 02:20:19 +00:00
Kerry	b8fa030d5d	OIDC: use oidc-client-ts (#3544) ... * use oidc-client-ts during oidc discovery * export new type for auth config * deprecate generateAuthorizationUrl in favour of generateOidcAuthorizationUrl * testing util for oidc configurations * test generateOidcAuthorizationUrl * lint * test discovery * dont pass whole client wellknown to oidc validation funcs * add nonce * use client userState for homeserver	2023-07-09 21:19:32 +00:00
Kerry	09de76bd43	OIDC: validate id token (#3531) ... * validate id token * comments * tidy comments	2023-07-03 21:12:15 +00:00
Kerry	df78d7cf67	OIDC: add dynamic client registration util function (#3481) ... * rename OidcDiscoveryError to OidcError * oidc client registration functions * test registerOidcClient * tidy test file * reexport OidcDiscoveryError for backwards compatibility	2023-06-21 21:55:25 +00:00
Kerry	c66850e897	OIDC: Validate m.authentication configuration (#3419) ... * validate m.authentication, fetch issuer wellknown * move validation functions into separate file * test validateWellKnownAuthentication * test validateOIDCIssuerWellKnown * add authentication cases to autodiscovery tests * test invalid authentication config on wk * improve types * test case for account:false * use hasOwnProperty in validateWellKnownAuthentication * comments * make registration_endpoint optional	2023-06-11 21:32:44 +00:00