letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
1,938 Commits 2 Branches 1 Tag
96fd597fef3e9dd514b44d8dcebffcdb00a6ffc0
Commit Graph

93 Commits

Author SHA1 Message Date
Quentin Gliech
b9eda7c9e8 Save the ID token during an upstream authorization 2022-12-05 19:39:51 +01:00
Quentin Gliech
6aca90e4d9 OIDC account linking and login 2022-12-05 19:39:51 +01:00
Quentin Gliech
ae532a05f9 Lookup and save upstream links 2022-12-05 19:39:51 +01:00
Quentin Gliech
28704ab473 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
Quentin Gliech
625f238eee More cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
2bfd22a7df Cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
9c27110993 Stop using Utc::now in templates samples 2022-11-02 18:59:00 +01:00
Quentin Gliech
fb5d6eac25 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
9ad66ed94d Database refactoring 2022-11-02 18:59:00 +01:00
Quentin Gliech
57bcedfe58 Make the JWK generic over the parameters 2022-09-02 15:37:46 +02:00
Quentin Gliech
2281ccfcbd Remove support for the token response type 2022-09-02 13:59:10 +02:00
Kévin Commaille
06ebf8a3ef Fix new clippy 0.1.63 warnings 2022-08-12 11:05:21 +02:00
Quentin Gliech
c1adcd6690 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
6a7b12913b Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
Quentin Gliech
4e267f45d8 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
9479ad5ff9 Fix PKCE characters verification rules & add tests 2022-08-03 13:57:31 +02:00
Quentin Gliech
ecbba3967b Update crates/data-model/src/oauth2/authorization_grant.rs 
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
 2022-08-03 13:57:31 +02:00
Quentin Gliech
deceea0c62 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
722023b7ec Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00
Quentin Gliech
4459c04f6d Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Quentin Gliech
eb08e3f1b6 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
9a989edd79 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
e7e8212ffc Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ac95e35a7a Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
a4ee085664 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
92d3c00db0 Form error state overhaul 
This adds a new FormState structure here to hold the state of an errored
from, including retaining field value and better error codes.

It also adds error recovery for the registration form, and properly
loads the post_login_action context in case of errors.
 2022-05-12 13:35:58 +02:00
Quentin Gliech
a3f332d475 Rewrite the authorization grant logic 2022-05-06 17:12:39 +02:00
Quentin Gliech
5776206570 Rewrite authorization code grant callback logic 2022-05-04 16:36:59 +02:00
Quentin Gliech
a66888e363 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
f243624f45 Move clients to the database 2022-03-08 19:07:46 +01:00
Quentin Gliech
ccf17d1551 Loads of docs & enabling more clippy lints 2022-02-01 12:02:32 +01:00
Quentin Gliech
abc341e7ab Database model to save user email verification codes 2022-01-21 17:41:11 +01:00
Quentin Gliech
4384594fc2 Email management UI 
Also simplify a bunch of query strings
 2022-01-18 18:16:56 +01:00
Quentin Gliech
1667b5a67f Save user emails in database 2022-01-14 18:42:37 +01:00
Quentin Gliech
9170bf2a3d Use iana generated types in more places 2022-01-12 12:22:54 +01:00
Quentin Gliech
8f723815b9 Split the core crate 2021-12-17 18:04:30 +01:00
Quentin Gliech
5aca3fc24c Move to Rust edition 2021 
Also bump MSRV to 1.56 and use the same clippy lints in every crate
 2021-12-09 22:54:35 +01:00
Quentin Gliech
bb3d6b8089 Fix post-auth redirects & support max_age 
This also displays some context on login and reauth page about the next
step
 2021-11-16 19:16:52 +01:00
Quentin Gliech
4e9d68e9cb Split the data-model in different modules 2021-11-02 12:58:13 +01:00
Quentin Gliech
91e8998589 Refactor authorization grant 
The authorization grant is now properly separated from the OAuth2
session, which helps avoiding a lot of potential database
inconsistencies
 2021-10-25 17:27:19 -04:00
Quentin Gliech
7c6a7d1ad5 Refactor DB interactions for OAuth code and tokens 
This ensures complex types like scopes are properly parsed back from the
database.
 2021-10-19 20:08:08 +02:00
Quentin Gliech
e1c12ce473 Move templates to their own crate 2021-10-18 17:40:25 +02:00
Quentin Gliech
6a41b887d4 WIP: Refactor higher-level data-model to its own crate 2021-10-12 19:03:01 +02:00