letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
3,414 Commits 2 Branches 1 Tag
90fb2f03691c514bfe66d5f6d22c9ef41bd48745
Commit Graph

141 Commits

Author SHA1 Message Date
Quentin Gliech
d58e13e2cf Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
b697a2dfb2 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
077a55fd5d Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
Quentin Gliech
6bda8b91d0 Allow revoking refresh tokens 
This lets us track 'revoked' tokens separately from 'consumed' tokens.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
a26bc6c843 Cleanup revoked tokens instead of expired ones 
If we continue deleting expired tokens, we might not record whether the
token was used or not, and not know what to do in case of
a double-refresh.

Revoked tokens are safe to delete.

This also reduces the frequency of the cleanup job to once an hour.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
42bb83a628 Record when access tokens are first used 2024-12-11 14:15:01 +01:00
Quentin Gliech
b3756e4ae4 Record the next refresh token ID when refreshing 
This will help us determine whether we had a double-refresh happening
 2024-12-11 14:15:01 +01:00
Quentin Gliech
e0aab3740f Remove the schedule_expression from the database & other fixes 2024-12-06 16:24:26 +01:00
Quentin Gliech
fc7dd0ffdf Cron-like recurring jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
a01201f954 Allow scheduling jobs in the future 
Also retries jobs with an exponential backoff.
 2024-12-06 16:24:26 +01:00
Quentin Gliech
7113e0ddf6 Retry failed jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
bd72a57719 Actually consume jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
703bd743d6 Schedule jobs through the new queue 2024-12-06 16:24:26 +01:00
Quentin Gliech
b82483f936 Move the jobs types in the queue module 2024-12-06 16:24:26 +01:00
Quentin Gliech
7bbc867e2a WIP jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
ac991a6572 Use the database time for leader election 2024-12-06 16:24:26 +01:00
Quentin Gliech
312640605d Graceful shutdown 2024-12-06 16:24:26 +01:00
Quentin Gliech
f34ab1089c Make the worker heartbeat take a worker reference 2024-12-06 16:24:26 +01:00
Quentin Gliech
62ccd2b08c New job queue: worker registration and leader election 2024-12-06 16:24:26 +01:00
Quentin Gliech
ee6472178a Upgrade to Rust 1.83.0 and fix new warnings 2024-12-05 17:32:49 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
05e2572258 Record extra query parameters during upstream callback 
And make them available in the templates.
This is useful to get the user display name for Sign-in with Apple
 2024-11-22 08:48:00 +01:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
Tonkku
846a4ee14a Implement login_hint 2024-11-18 11:42:43 +01:00
Quentin Gliech
e6ddaf098b Output the registered client metadata in the registration endpoint 
Fixes #2848
 2024-09-20 20:39:04 +02:00
Quentin Gliech
03838bd909 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech
9da19e2af0 License headers change 2024-09-05 13:25:42 +02:00
Quentin Gliech
bf230df69c Update redirect URIs when syncing clients from the config 
Fixes #3143
 2024-08-30 18:21:33 +02:00
Quentin Gliech
678753c2e1 storage: freeze the error type on BoxRepository 
This avoids having to deal with traits bounds everywhere. It also moves
the `boxed()` method to the PgRepository, because it was unnecessary to
keep it on the `Repository` trait
 2024-07-26 11:36:55 +02:00
Quentin Gliech
1381e92409 Update opentelemetry to 0.24.0 2024-07-25 11:01:43 +02:00
Quentin Gliech
57b3aad1b1 storage: add a filter by last active time on app sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
9a2aa61dc5 storage: add a filter by last active time on OAuth 2.0 sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
92509ed453 storage: add a filter by last active time on compatibility sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
04c85ad9bc storage: add a filter by last active time on browser sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
ff1a6e95c9 Use dynamic filters on app sessions by reusing the OAuth/compat sessions filters 2024-07-16 18:23:23 +02:00
Quentin Gliech
d4c31b094b Add new filters on the OAuth and compat sessions 2024-07-16 18:23:23 +02:00
Quentin Gliech
637358438f Use dynamic filters on browser sessions 2024-07-16 18:23:23 +02:00
Quentin Gliech
e3fe85b1dd Use dynamic filters on users 2024-07-16 18:23:23 +02:00
Quentin Gliech
cf658fde63 Use dynamic filters on user emails 2024-07-16 18:23:23 +02:00
Quentin Gliech
fad0af8fe8 Use dynamic filters on upstream OAuth 2.0 providers 2024-07-16 18:23:23 +02:00
Quentin Gliech
beb77f48d4 Use dynamic filters on upstream OAuth 2.0 links 2024-07-16 18:23:23 +02:00
Quentin Gliech
9aedefee30 Use dynamic filters on OAuth 2.0 sessions 2024-07-16 18:23:23 +02:00
Quentin Gliech
3a1ec6ebb9 Use dynamic filters on compatibility SSO logins 2024-07-16 18:23:23 +02:00