letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
5,797 Commits 2 Branches 1 Tag
8ca2ade47bdf31e6963234f38341e667df66779b
Commit Graph

212 Commits

Author SHA1 Message Date
Quentin Gliech
a2172a02ba Surface the user guest flag in the admin API 2025-09-15 12:51:00 +02:00
Quentin Gliech
9ab64403dd Simplify handling of login hints 2025-08-18 16:48:21 +02:00
Quentin Gliech
76f9b8657e Remove unnecessary crate-level comment 2025-08-18 16:48:04 +02:00
Quentin Gliech
7253ca69b0 Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email 2025-08-18 16:43:00 +02:00
Quentin Gliech
8dd096ce60 Fix a few more clippy lints 2025-08-18 10:45:20 +02:00
Quentin Gliech
bef50474ab Un-hide a few elidded lifetimes 2025-08-18 10:35:28 +02:00
Quentin Gliech
78933acb3c Collapse a few nested if now that we have if let chains 2025-08-18 10:29:30 +02:00
mcalinghee
8bad68cc34 Merge branch 'main' into feat/login_hint_with_email 2025-08-05 17:02:14 +02:00
Quentin Gliech
4d83fcb25e Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
mcalinghee
1e2bf7f2f3 use of static RNG and MockClock in tests 2025-07-31 12:48:16 +02:00
mcalinghee
a45a1d7f73 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : format 2025-07-31 12:35:56 +02:00
mcalinghee
9fa91b9524 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : correct documentation 2025-07-31 12:34:01 +02:00
mcalinghee
062f5aced7 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model 2025-07-31 11:17:33 +02:00
mcalinghee
70cf833f0d use of login_with_email_allowed at caller level 2025-07-30 15:19:57 +02:00
mcalinghee
0e79ed5268 rename Login:EMAIL to Login::Email + remove use of email prefix 2025-07-30 15:19:57 +02:00
mcalinghee
929c14a6aa display email login_hint when login_with_email_allowed is activated 2025-07-30 15:19:57 +02:00
olivier
ad1e35d651 remove unused function 2025-07-21 10:19:57 +02:00
olivier
64b3b1b2a5 fix rust style 2025-07-21 09:52:24 +02:00
mcalinghee
a0e320b994 rename is_forced to is_forced_or_required 2025-07-21 09:52:24 +02:00
mcalinghee
f78e2c38f5 use of UpstreamOAuthProviderLocalpartPreference 2025-07-21 09:52:24 +02:00
mcalinghee
1886e73e40 allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Quentin Gliech
5b7bf232d6 Record the decoded ID token claims on upstream auth sessions 2025-07-04 16:27:09 +02:00
Quentin Gliech
2fe439529f data-model: make the device emit both stable and unstable scope tokens 2025-06-13 15:42:57 +02:00
Quentin Gliech
52b0a9b2ba Update license headers to match the actual license 2025-06-12 10:32:16 +02:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Hugh Nimmo-Smith
a127136384 Make plan_management_iframe_uri be a String not URL 2025-06-06 10:31:45 +01:00
Quentin Gliech
dcef4bcf3f Add config flag to require registration tokens for password registrations 2025-06-03 17:42:53 +02:00
Quentin Gliech
e28221ac49 Data model and repository for user registration tokens 2025-06-03 17:42:52 +02:00
Hugh Nimmo-Smith
23c91ec06c Lint 2025-05-09 10:58:03 +01:00
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
Quentin Gliech
955bd28590 Don't generate and send a nonce for non-OIDC-compliant auth requests 2025-05-07 15:34:27 +02:00
Doug
7f91c8948b Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00
Quentin Gliech
7ec87b1855 storage: add a user-provided human name to OAuth 2.0 sessions 2025-04-25 16:55:29 +02:00
Quentin Gliech
234de8b737 Save the locale detected when starting an authorization grant 2025-04-25 12:55:22 +02:00
Quentin Gliech
f457bd8d35 Don't parse the user agent unless we need to 2025-04-24 13:13:26 +02:00
Quentin Gliech
dbb68257fc Compile the user-agent regexes once 2025-04-24 12:36:41 +02:00
Hugh Nimmo-Smith
57cc89a0c8 WIP support for experimental plan management tab in UI 2025-04-22 13:17:29 +01:00
Quentin Gliech
a47dba1b1d Always ask for consent, never for reauth (#4386) 2025-04-14 15:51:48 +02:00
Quentin Gliech
73a4007c18 Always ask for consent, never for reauth 
Now that we have deduplicated clients, we're in this weird situation
where authorization grants just… go through.

This is because 4 years ago, I designed it to support prompt=consent and
prompt=none, but that never ended up being used/mentioned in the MSCs.

We also had support for max_age, but that required reauthing, which
doesn't work well with upstream providers.

So this removes support for prompt=consent|none and max_age, and makes
sure we always go through the consent page.

Lots of code deleted, yay!
 2025-04-10 19:57:45 +02:00
mcalinghee
2fe4752aa4 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
e064c381b6 Admin API for adding and removing upstream oauth links (#4255) 2025-04-09 13:33:16 +02:00
Quentin Gliech
2c6e2b42a1 compat login: support using client-provided device ID (#4342) 2025-04-07 08:52:29 +02:00
Quentin Gliech
e9525fff9e Fix doc comment 2025-04-07 08:31:58 +02:00
Olivier 'reivilibre
1e2af0fd3a compat login (sso): support using client-provided device_id 2025-04-04 16:25:01 +01:00
Quentin Gliech
8fbd75eb7e Deduplicate client registrations by hashing the metadata 2025-03-25 15:00:23 +01:00
MTRNord
1ab402c7bf Link removal storage API 
From #3245 with changes from review
 2025-03-17 18:31:11 +02:00
Quentin Gliech
fd41b719ba Merge branch 'main' into quenting/dynamic-policy-data 2025-03-14 10:16:16 +01:00
Quentin Gliech
a6992b718c Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00