letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
6421d9d1f516aac78acb6b2b1ace6a486811b4f5
Commit Graph

256 Commits

Author SHA1 Message Date
Quentin Gliech
6421d9d1f5 Add license headers in most files that missed them 2025-06-12 11:01:07 +02:00
Quentin Gliech
52b0a9b2ba Update license headers to match the actual license 2025-06-12 10:32:16 +02:00
Quentin Gliech
69e3001966 Define all the dependencies at the workspace level 2025-06-10 14:25:38 +02:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Hugh Nimmo-Smith
a127136384 Make plan_management_iframe_uri be a String not URL 2025-06-06 10:31:45 +01:00
Quentin Gliech
dcef4bcf3f Add config flag to require registration tokens for password registrations 2025-06-03 17:42:53 +02:00
Quentin Gliech
e28221ac49 Data model and repository for user registration tokens 2025-06-03 17:42:52 +02:00
Hugh Nimmo-Smith
23c91ec06c Lint 2025-05-09 10:58:03 +01:00
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
dependabot[bot]
ddda2abb82 build(deps): bump crc from 3.2.1 to 3.3.0 
Bumps [crc](https://github.com/mrhooray/crc-rs) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/mrhooray/crc-rs/releases)
- [Commits](https://github.com/mrhooray/crc-rs/commits)

---
updated-dependencies:
- dependency-name: crc
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-08 13:55:32 +00:00
Quentin Gliech
955bd28590 Don't generate and send a nonce for non-OIDC-compliant auth requests 2025-05-07 15:34:27 +02:00
Doug
7f91c8948b Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00
Quentin Gliech
7ec87b1855 storage: add a user-provided human name to OAuth 2.0 sessions 2025-04-25 16:55:29 +02:00
Quentin Gliech
234de8b737 Save the locale detected when starting an authorization grant 2025-04-25 12:55:22 +02:00
Quentin Gliech
f457bd8d35 Don't parse the user agent unless we need to 2025-04-24 13:13:26 +02:00
Quentin Gliech
dbb68257fc Compile the user-agent regexes once 2025-04-24 12:36:41 +02:00
Hugh Nimmo-Smith
57cc89a0c8 WIP support for experimental plan management tab in UI 2025-04-22 13:17:29 +01:00
Quentin Gliech
a47dba1b1d Always ask for consent, never for reauth (#4386) 2025-04-14 15:51:48 +02:00
Quentin Gliech
73a4007c18 Always ask for consent, never for reauth 
Now that we have deduplicated clients, we're in this weird situation
where authorization grants just… go through.

This is because 4 years ago, I designed it to support prompt=consent and
prompt=none, but that never ended up being used/mentioned in the MSCs.

We also had support for max_age, but that required reauthing, which
doesn't work well with upstream providers.

So this removes support for prompt=consent|none and max_age, and makes
sure we always go through the consent page.

Lots of code deleted, yay!
 2025-04-10 19:57:45 +02:00
mcalinghee
2fe4752aa4 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
e064c381b6 Admin API for adding and removing upstream oauth links (#4255) 2025-04-09 13:33:16 +02:00
Quentin Gliech
2c6e2b42a1 compat login: support using client-provided device ID (#4342) 2025-04-07 08:52:29 +02:00
Quentin Gliech
e9525fff9e Fix doc comment 2025-04-07 08:31:58 +02:00
Olivier 'reivilibre
1e2af0fd3a compat login (sso): support using client-provided device_id 2025-04-04 16:25:01 +01:00
Quentin Gliech
8fbd75eb7e Deduplicate client registrations by hashing the metadata 2025-03-25 15:00:23 +01:00
MTRNord
1ab402c7bf Link removal storage API 
From #3245 with changes from review
 2025-03-17 18:31:11 +02:00
Quentin Gliech
fd41b719ba Merge branch 'main' into quenting/dynamic-policy-data 2025-03-14 10:16:16 +01:00
Quentin Gliech
a6992b718c Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech
9c35f18d79 Add a deactivated_at flag on users 2025-03-11 17:35:13 +01:00
Quentin Gliech
44b6777f1b Merge remote-tracking branch 'origin/main' into quenting/compat-device-id 2025-03-04 13:33:09 +01:00
Quentin Gliech
098517edd0 storage: store dynamic policy data in the database 2025-02-25 12:26:22 +01:00
Quentin Gliech
b4b2e4c7bb Fix some old Synapse access tokens not being recognized 2025-02-24 11:12:02 +01:00
Quentin Gliech
56d9c7e63b Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
Quentin Gliech
a3f22ae5f6 Allow compat session devices to have spaces 2025-02-19 17:55:18 +01:00
Quentin Gliech
b40fcdd712 Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
Quentin Gliech
cc618fa45d Update most Rust dependencies & disable some unused features 2025-02-06 12:50:50 +01:00
Olivier 'reivilibre
3034819b7d Introduce optional human_name column on compat_sessions 2025-02-05 11:36:51 +01:00
Quentin Gliech
ab69351f77 Avoid unnecessary clones in the login_hint parser 2025-01-28 17:25:54 +01:00
Quentin Gliech
cba1564f4e Utility to extract the localpart from a MXID 2025-01-28 17:25:36 +01:00
reivilibre
87009be7e6 Support compatibility sessions that do not have devices (#3801) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 14:50:31 +00:00
Quentin Gliech
0bca802585 Merge branch 'main' into quenting/optional-email 2025-01-20 11:31:48 +01:00
reivilibre
e6967210cc Recognise macaroons as access tokens from Synapse (#3797) 2025-01-17 09:50:13 +00:00
Quentin Gliech
d58e13e2cf Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
b697a2dfb2 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
077a55fd5d Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
dependabot[bot]
58c10650aa build(deps): bump ruma-common from 0.14.1 to 0.15.0 
Bumps [ruma-common](https://github.com/ruma/ruma) from 0.14.1 to 0.15.0.
- [Release notes](https://github.com/ruma/ruma/releases)
- [Commits](https://github.com/ruma/ruma/compare/ruma-common-0.14.1...ruma-common-0.15.0)

---
updated-dependencies:
- dependency-name: ruma-common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 10:14:06 +01:00