letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
3,414 Commits 2 Branches 1 Tag
90fb2f03691c514bfe66d5f6d22c9ef41bd48745
Commit Graph

53 Commits

Author SHA1 Message Date
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Quentin Gliech
e39ea44e60 Make the id_token optional on upstream OAuth 2.0 providers 
This makes it possible to use non-OIDC providers as upstream OAuth 2.0 providers, like GitHub.
 2024-11-29 10:31:50 +01:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
Quentin Gliech
cc99fdd3f2 Replace http_service with http_client 2024-10-28 13:46:38 +01:00
Quentin Gliech
38a58e926c Handle error responses from the OAuth 2.0 provider better 2024-10-28 13:46:38 +01:00
Quentin Gliech
d8f2c5648d Remove the Matrix scope-related code in oidc-client 2024-10-28 13:46:38 +01:00
Quentin Gliech
713586d5aa Delete more unused oidc-client code 2024-10-28 13:46:38 +01:00
Quentin Gliech
a88b7efe1e Replace all the manual HTTP clients with reqwest 2024-10-28 13:46:38 +01:00
Quentin Gliech
248e03ac93 Replace HTTP client in oidc-client with reqwest 2024-10-28 13:46:38 +01:00
Quentin Gliech
5b879bd4f4 WIP: switch to reqwest 2024-10-28 13:46:38 +01:00
Quentin Gliech
9e1cd0cdec Move the remaining mentions of matrix-org to element-hq 2024-09-10 14:28:55 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech
9da19e2af0 License headers change 2024-09-05 13:25:42 +02:00
Quentin Gliech
623ae96dce Remove the client features from mas-oidc-client and replace it in tests 2024-07-05 10:07:40 +02:00
Kévin Commaille
43b3b11ea3 Use headers API 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-05-30 10:52:53 +02:00
Kévin Commaille
ce2b629c29 Allow parameters in UserInfo endpoint's response's content-type 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-05-30 10:52:53 +02:00
Quentin Gliech
3e450b50f0 Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Kévin Commaille
b6ac91ab2e Create the AccountManagementError enum 
Otherwise it forces dependant crates to add serde_urlencoded as a dependency
just to be able to forward the error type.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-04-02 16:26:24 +02:00
Kévin Commaille
3303e939ca Add account management URL for clients 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-03-19 15:05:27 +01:00
Kévin Commaille
7912068993 Put match variant behind feature flag 
Without the keystore feature, this variant is not available.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-03-19 12:25:35 +01:00
Quentin Gliech
1627fc6945 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Kévin Commaille
6fac064ebd Do not expose error type from mas-keystore in mas-oidc-client 
The mas-keystore crate is an optional dependency so
setting "default-features" to false
results in a compilation error.

Since the enum is exhaustive, the corresponding error variant
cannot be behind a cargo feature.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-03-18 12:12:23 +01:00
Quentin Gliech
4706d387a0 Use rustls-platform-verifier for cert validation 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
 2024-03-06 14:03:59 +01:00
Quentin Gliech
bafb5e4956 Bump Clippy to 1.75 and Rust to 1.76 2024-02-27 16:58:43 +01:00
Quentin Gliech
b49eadf418 Upgrade rustls 2024-02-02 11:45:20 +01:00
Quentin Gliech
a7ff6b00aa Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech
701e1c6814 Allow overriding usptream OAuth2 providers endpoints 
Also have a way to disable OIDC discovery when all the endpoints are known.
 2023-11-17 16:18:39 +01:00
Kévin Commaille
c6d5a0e531 Put code challenge methods in AuthorizationRequestData 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
088e2b0921 Run rustfmt nightly 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
e615f80da3 Merge data structs and use builder pattern 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
3ccb7b2e29 Add support for all authorization request parameters 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
301a4787e2 Add client-side support for software statement, ID and version 
According to RFC7591

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:20:22 +02:00
Kévin Commaille
a5a4f0fab9 Add tests for Matrix API scope tokens 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:19:22 +02:00
Kévin Commaille
2b25a64f9a Add type support for Matrix CS API guest scope 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:19:22 +02:00
Kévin Commaille
d80c01115c Add tests for generating URL 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:14:04 +02:00
Kévin Commaille
c8196575db Add client-side support for RP-Initiated logout 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:14:04 +02:00
Quentin Gliech
4e74a7102d Reimplementation of a postgres-backed storage with a shared PG listener 2023-07-17 19:04:06 +02:00
Quentin Gliech
82afe9471c Better frontend assets handling and move the react app to /account/ (#1324) 
This makes the Vite assets handling better, namely:

 - make it possible to include any vite assets in the templates
 - include the right `<link rel="preload">` tags for assets
 - include Subresource Integrity hashes
 - pre-compress assets and remove on-the-fly compression by the Rust server
 - build the CSS used by templates through Vite

It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
 2023-07-06 15:30:26 +02:00
Quentin Gliech
8d522f2056 Apply cargo fmt following changes in nightly rustfmt 
rustfmt now formats `let … else { … }` expressions
 2023-07-03 14:50:59 +02:00
Kévin Commaille
00695ee46f oidc-client: Derive Clone for ClientCredentials 2023-02-27 17:11:18 +01:00
Quentin Gliech
b08813f89d Convert many match/if expressions to let-else 2023-02-01 10:37:04 +01:00
Kévin Commaille
db78a5b255 Implement Clone on ClientCredentials 2023-01-26 18:14:59 +01:00
Kévin Commaille
91a53965f8 Revert "Implement Clone on ClientCredentials" 
This reverts commit 1f3fe4fdbc3cd0394c59588272d847185df04076.
 2023-01-26 18:14:59 +01:00
Kévin Commaille
b59fc83919 Implement Clone on ClientCredentials 2023-01-26 18:14:59 +01:00
Quentin Gliech
79d72b9123 ci: Update clippy to 1.66 and fix new warnings 2022-12-16 18:16:18 +01:00
Quentin Gliech
28704ab473 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
Quentin Gliech
44cf4e3d3c Move the BoxCloneSyncService to mas-http 2022-12-05 19:39:51 +01:00
Quentin Gliech
72773d589f Make the OIDC issuer a string instead of a URL 2022-12-02 18:04:07 +01:00
Kévin Commaille
b6c41d61a7 Add OneOrMany contains claim validator 2022-12-01 11:28:07 +01:00