letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
9266e96b622af040606ea2cb7bb9a514b68cb3b2
Commit Graph

203 Commits

Author SHA1 Message Date
Quentin Gliech
993342ef58 Match suffixes and prefixes in string constraints 2025-02-17 16:40:10 +01:00
Quentin Gliech
6a373657cb Update the policy documentation 2025-02-17 15:43:25 +01:00
Quentin Gliech
9e81369c60 Fix the HTTP status code for the user creation admin endpoint (#4040) 2025-02-14 15:01:58 +01:00
Quentin Gliech
281ed7bc17 Fix the HTTP status code for the user creation admin endpoint 2025-02-14 14:54:22 +01:00
Quentin Gliech
69a4b28691 Admin API to add user emails 2025-02-14 14:50:47 +01:00
Quentin Gliech
78f30e58dd Admin API to delete user emails 2025-02-14 14:50:46 +01:00
Quentin Gliech
8c98287d65 Experimental feature to automatically expire inactive sessions (#4022) 
Fixes #1875 

This adds an experimental feature which allows expiring sessions that
are inactive for a certain amount of time.

It runs as a scheduled task every 15 minutes, checking for the 'last
activity' on each session type.
It processes sessions by batches of 100 at a time, to avoid overloading
Synapse when syncing back the database.

It expires:

 - all user (browser) sessions
 - all compatibility sessions
 - oauth sessions which are:
   - for a user
   - using a 'dynamic' client (so the sessions started from clients defined
      in the config are excluded)
 2025-02-13 10:33:00 +01:00
Quentin Gliech
1f051a591f Simplify the setup documentation introduction (#3994) 2025-02-13 09:08:26 +01:00
Strac Consulting Engineers Pty Ltd
a9698beb26 Update README.md 
Amended issuer.
 2025-02-13 18:03:51 +11:00
Quentin Gliech
9ce746f975 Add documentation for session timeout configuration 2025-02-12 17:34:23 +01:00
Quentin Gliech
9fea06693b Allow filtering sessions by client kind (dynamic or static) 2025-02-12 17:31:21 +01:00
Quentin Gliech
b40fcdd712 Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
Quentin Gliech
5e9cc91979 Allow filtering by subject in the upstream OAuth links admin API 2025-02-12 11:07:11 +01:00
Quentin Gliech
1f36463e8f Admin API to list and get upstream OAuth links 2025-02-12 10:51:31 +01:00
Quentin Gliech
b9a0eced33 Load Swagger UI earlier 2025-02-11 19:16:59 +01:00
Quentin Gliech
9c515f0e0e Enable operation deep-linking in the admin API docs 2025-02-11 19:06:19 +01:00
Quentin Gliech
a398d8d579 Fix the user session admin API docs 2025-02-11 17:09:33 +01:00
Quentin Gliech
487d1633e2 Admin API to list and get user sessions (#4004) 
Similar to #4002, this adds an admin API to list and get user (browser
cookies) sessions
 2025-02-11 16:38:21 +01:00
Quentin Gliech
c48e063d3a Admin API to list and get user sessions 2025-02-11 14:24:16 +01:00
Quentin Gliech
bf900e7e5a Fix the definition of the set-password success response in the OpenAPI spec 2025-02-11 13:54:15 +01:00
Quentin Gliech
38daf613af Admin API to list and get compatibility sessions 2025-02-11 12:01:54 +01:00
Quentin Gliech
cbd3d8c072 Admin API to list and get user emails (#4001) 
This adds endpoints to get and list user emails.

I chose to not scope them to users, so listing the emails for a user
means listing emails with a user filter
 2025-02-10 17:24:46 +01:00
Quentin Gliech
b366e5d3cf Update links to policy files (#3982) 2025-02-10 17:23:45 +01:00
Quentin Gliech
845f0c274b Admin API to list and get user emails 2025-02-10 17:13:55 +01:00
Strac Consulting Engineers Pty Ltd
d13a101d8c Update README.md 2025-02-09 13:07:31 +11:00
Will Lewis
fff4549494 Add reference to worker page 2025-02-07 13:57:28 +00:00
Will Lewis
b6be29bece Add documentation to account for all cli mas options and standardise format 2025-02-07 13:38:36 +00:00
Travis Ralston
b5981e2bc3 Update links to policy files 2025-02-06 15:41:55 -07:00
Quentin Gliech
7f72ba51f9 Merge pull request #3790 from Stogas/patch-1 
Add 'introspection_endpoint' to homeserver config example
 2025-01-28 10:10:27 +01:00
Quentin Gliech
b54598ed6c Clarify why one would override the introspection_endpoint 2025-01-28 10:02:06 +01:00
reivilibre
163b9e8849 Add pre-migration checks to syn2mas (#3805) 
This matches or exceeds `advisor.mts` from the old tool.

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 18:01:46 +00:00
Quentin Gliech
ea6b80c5ac Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Ovidijus Balkauskas
f197567a03 Add 'introspection_endpoint' to homeserver config example 
This value was previously undocumented, but helpful in our case to access MAS within the same K8s cluster

Signed-off-by: Ovidijus Balkauskas <570945@gmail.com>
 2025-01-13 14:10:34 +02:00
Quentin Gliech
e58f0ad5be Document the response_mode parameter 2025-01-06 11:59:53 +01:00
Quentin Gliech
6756c6ebaf Document the new usptream OAuth 2.0 configuration options 2025-01-06 11:59:53 +01:00
ChurchOfTheSubgenius
4095dd0a64 Include example SSO config for Rauthy. (#3725) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-12-19 15:26:02 +00:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
reivilibre
05e90b7c91 Add documentation against using database transaction poolers (#3617) 2024-12-05 11:28:22 +00:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Phan Trung Thanh
3193d6a8c0 Update configuration.md to include a missing parameter 2024-11-26 13:17:52 +01:00
Quentin Gliech
4852649268 Document how to set up Sign-in with Apple 2024-11-22 08:48:00 +01:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
hatch01
8e2e3af418 fix sso exemple config for authelia 2024-11-18 08:47:38 +01:00
Tonkku
92a3b40835 Add note about password schemes to migration docs 2024-11-18 08:46:51 +01:00
Thilo-Alexander Ginkel
eb2529d772 Add SSO sample configuration for Authelia 
Signed-off-by: Thilo-Alexander Ginkel <tg@tgbyte.de>
 2024-10-25 09:00:45 +02:00
morguldir
33fe484311 Fix link to setup docs for the mdbook 
https://rust-lang.github.io/mdBook/format/markdown.html?highlight=readm#links

"Links to README.md will be converted to index.html. This is done since some services like GitHub render README files automatically, but web servers typically expect the root file to be called index.html."
 2024-10-01 14:39:52 +02:00