letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
4b073ea079e41671ba0ceb214a0ef0fbfbc389ec
Commit Graph

216 Commits

Author SHA1 Message Date
Samuel Lorch
4b073ea079 Document password scheme secret field for migrations 
Signed-off-by: Samuel Lorch sam@soontm.de
 2025-04-11 11:45:28 +02:00
Kieran Lane
514cde4d7d Disable Verification for Microsoft Azure AD OIDC 
Required to avoid `token_endpoint missing auth signing algorithm values` error.
 2025-03-18 10:44:45 +00:00
Quentin Gliech
fd41b719ba Merge branch 'main' into quenting/dynamic-policy-data 2025-03-14 10:16:16 +01:00
Quentin Gliech
25fd400ffb Change the default value of account_deactivation_allowed to true. 2025-03-13 12:04:57 +01:00
Quentin Gliech
3e77684a8b Add the new configuration option to the configuration reference 2025-03-12 16:02:52 +01:00
Quentin Gliech
a6992b718c Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech
f8d8a82544 Merge remote-tracking branch 'origin/main' into quenting/dynamic-policy-data 2025-03-04 13:28:56 +01:00
Quentin Gliech
588a04b0ba Allow configuring the connection to the homeserver to be read-only. 2025-03-03 17:24:15 +01:00
Quentin Gliech
d8dcef0303 Merge branch 'main' into quenting/dynamic-policy-data 2025-03-03 14:25:05 +01:00
Quentin Gliech
41349c1a96 Document the new username ban/allow policy 2025-03-03 10:35:44 +01:00
Quentin Gliech
518a366ee2 Make the admin API update the local policy data 2025-02-25 16:42:21 +01:00
Quentin Gliech
aec5d80dbd Admin API to get and set policy data 2025-02-25 13:06:44 +01:00
Quentin Gliech
2a202cc6b0 Upgrade OpenTelemetry to 0.28 2025-02-24 10:44:08 +01:00
Quentin Gliech
993342ef58 Match suffixes and prefixes in string constraints 2025-02-17 16:40:10 +01:00
Quentin Gliech
6a373657cb Update the policy documentation 2025-02-17 15:43:25 +01:00
Quentin Gliech
9e81369c60 Fix the HTTP status code for the user creation admin endpoint (#4040) 2025-02-14 15:01:58 +01:00
Quentin Gliech
281ed7bc17 Fix the HTTP status code for the user creation admin endpoint 2025-02-14 14:54:22 +01:00
Quentin Gliech
69a4b28691 Admin API to add user emails 2025-02-14 14:50:47 +01:00
Quentin Gliech
78f30e58dd Admin API to delete user emails 2025-02-14 14:50:46 +01:00
Quentin Gliech
8c98287d65 Experimental feature to automatically expire inactive sessions (#4022) 
Fixes #1875 

This adds an experimental feature which allows expiring sessions that
are inactive for a certain amount of time.

It runs as a scheduled task every 15 minutes, checking for the 'last
activity' on each session type.
It processes sessions by batches of 100 at a time, to avoid overloading
Synapse when syncing back the database.

It expires:

 - all user (browser) sessions
 - all compatibility sessions
 - oauth sessions which are:
   - for a user
   - using a 'dynamic' client (so the sessions started from clients defined
      in the config are excluded)
 2025-02-13 10:33:00 +01:00
Quentin Gliech
1f051a591f Simplify the setup documentation introduction (#3994) 2025-02-13 09:08:26 +01:00
Strac Consulting Engineers Pty Ltd
a9698beb26 Update README.md 
Amended issuer.
 2025-02-13 18:03:51 +11:00
Quentin Gliech
9ce746f975 Add documentation for session timeout configuration 2025-02-12 17:34:23 +01:00
Quentin Gliech
9fea06693b Allow filtering sessions by client kind (dynamic or static) 2025-02-12 17:31:21 +01:00
Quentin Gliech
b40fcdd712 Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
Quentin Gliech
5e9cc91979 Allow filtering by subject in the upstream OAuth links admin API 2025-02-12 11:07:11 +01:00
Quentin Gliech
1f36463e8f Admin API to list and get upstream OAuth links 2025-02-12 10:51:31 +01:00
Quentin Gliech
b9a0eced33 Load Swagger UI earlier 2025-02-11 19:16:59 +01:00
Quentin Gliech
9c515f0e0e Enable operation deep-linking in the admin API docs 2025-02-11 19:06:19 +01:00
Quentin Gliech
a398d8d579 Fix the user session admin API docs 2025-02-11 17:09:33 +01:00
Quentin Gliech
487d1633e2 Admin API to list and get user sessions (#4004) 
Similar to #4002, this adds an admin API to list and get user (browser
cookies) sessions
 2025-02-11 16:38:21 +01:00
Quentin Gliech
c48e063d3a Admin API to list and get user sessions 2025-02-11 14:24:16 +01:00
Quentin Gliech
bf900e7e5a Fix the definition of the set-password success response in the OpenAPI spec 2025-02-11 13:54:15 +01:00
Quentin Gliech
38daf613af Admin API to list and get compatibility sessions 2025-02-11 12:01:54 +01:00
Quentin Gliech
cbd3d8c072 Admin API to list and get user emails (#4001) 
This adds endpoints to get and list user emails.

I chose to not scope them to users, so listing the emails for a user
means listing emails with a user filter
 2025-02-10 17:24:46 +01:00
Quentin Gliech
b366e5d3cf Update links to policy files (#3982) 2025-02-10 17:23:45 +01:00
Quentin Gliech
845f0c274b Admin API to list and get user emails 2025-02-10 17:13:55 +01:00
Strac Consulting Engineers Pty Ltd
d13a101d8c Update README.md 2025-02-09 13:07:31 +11:00
Will Lewis
fff4549494 Add reference to worker page 2025-02-07 13:57:28 +00:00
Will Lewis
b6be29bece Add documentation to account for all cli mas options and standardise format 2025-02-07 13:38:36 +00:00
Travis Ralston
b5981e2bc3 Update links to policy files 2025-02-06 15:41:55 -07:00
Quentin Gliech
7f72ba51f9 Merge pull request #3790 from Stogas/patch-1 
Add 'introspection_endpoint' to homeserver config example
 2025-01-28 10:10:27 +01:00
Quentin Gliech
b54598ed6c Clarify why one would override the introspection_endpoint 2025-01-28 10:02:06 +01:00
reivilibre
163b9e8849 Add pre-migration checks to syn2mas (#3805) 
This matches or exceeds `advisor.mts` from the old tool.

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 18:01:46 +00:00
Quentin Gliech
ea6b80c5ac Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Ovidijus Balkauskas
f197567a03 Add 'introspection_endpoint' to homeserver config example 
This value was previously undocumented, but helpful in our case to access MAS within the same K8s cluster

Signed-off-by: Ovidijus Balkauskas <570945@gmail.com>
 2025-01-13 14:10:34 +02:00
Quentin Gliech
e58f0ad5be Document the response_mode parameter 2025-01-06 11:59:53 +01:00
Quentin Gliech
6756c6ebaf Document the new usptream OAuth 2.0 configuration options 2025-01-06 11:59:53 +01:00
ChurchOfTheSubgenius
4095dd0a64 Include example SSO config for Rauthy. (#3725) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-12-19 15:26:02 +00:00