letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
a059f32f167461e4ea49074bbbef3d65d4b36f90
Commit Graph

139 Commits

Author SHA1 Message Date
Quentin Gliech
5efd963707 Merge remote-tracking branch 'origin/main' into quenting/upstream-oauth/skip-interactive 2025-12-03 10:48:31 +01:00
Quentin Gliech
1b77b5ce4b Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins (#5295) 2025-12-03 10:39:05 +01:00
Quentin Gliech
a56482cf60 Merge branch 'quenting/upstream-oauth/better-conflict-options' into quenting/upstream-oauth/skip-interactive 2025-11-28 18:08:09 +01:00
Quentin Gliech
d38662e395 Option to skip confirmation when registering through an upstream OAuth provider 2025-11-28 15:51:43 +01:00
Quentin Gliech
f97f56ed11 Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins 2025-11-28 10:53:28 +01:00
Olivier 'reivilibre
2c95c0a9a0 Expose the compat login policy from the policy engine 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
1d2f7fecf8 Add experimental and preliminary policy-driven session limiting when logging in OAuth 2 sessions. (#5221) 2025-11-25 15:24:02 +00:00
Kai A. Hiller
770016ebf7 Merge branch 'main' into keys_dir 2025-11-18 18:12:14 +01:00
Olivier 'reivilibre
c007695e04 (update files after merge) 2025-11-13 15:55:25 +00:00
Olivier 'reivilibre
236de8f071 Merge branch 'main' into rei/policy_driven_session_limit 2025-11-13 15:54:48 +00:00
networkException
23322cfc28 Add upstream_oauth2.providers.[].client_secret_file config option 
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.

See dd040220db
 2025-11-08 16:10:19 +01:00
Quentin Gliech
d0a5a1406b Remove the nullable transformation for the config schema. 2025-11-07 11:08:59 +01:00
Quentin Gliech
56911f25c1 Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9 2025-11-06 17:34:43 +01:00
reivilibre
29ab273e5a Update crates/config/src/sections/experimental.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-06 15:29:54 +00:00
Olivier 'reivilibre
dc535d7451 Add configuration for session limiting 2025-11-06 10:12:14 +00:00
Quentin Gliech
28e573b400 Add a configuration option to make email optional for password registration 2025-10-07 17:28:01 +02:00
Kai A. Hiller
db8555a589 Add secrets.keys_dir config option 2025-09-08 16:02:38 +02:00
Quentin Gliech
bdb44498b8 Automatically derive the kid from the key fingerprint if missing (#4876) 2025-09-02 17:04:35 +02:00
Kai A. Hiller
897d6de572 Switch to JWK Thumbprints 2025-08-20 18:22:21 +02:00
Quentin Gliech
8dd096ce60 Fix a few more clippy lints 2025-08-18 10:45:20 +02:00
Kai A. Hiller
968968bdbb Auto-generate kid if not given 2025-08-08 11:38:45 +02:00
Quentin Gliech
c93b051da4 Merge branch 'main' into secret_file 2025-08-05 15:37:32 +02:00
Quentin Gliech
9d6c357f45 Make MAS use the modern Synapse API by default 2025-08-05 15:03:32 +02:00
Quentin Gliech
f610994a0f Merge branch 'main' into secret_file 2025-08-05 11:17:39 +02:00
Kai A. Hiller
dd040220db Add clients.[].client_secret_file config option 2025-08-04 19:32:39 +02:00
Kai A. Hiller
357420a56f Add matrix.secret_file config option 2025-07-29 19:46:07 +02:00
Quentin Gliech
6ffe95cdc6 Merge branch 'main' into feat/allow_override_user 2025-07-21 17:03:35 +02:00
Quentin Gliech
942287f99b Threaten to switch to using the modern API in a few releases. 2025-07-21 13:15:48 +02:00
mcalinghee
1886e73e40 allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech
85287c5471 Use the new dedicated Synapse API 2025-07-18 16:39:24 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Quentin Gliech
e54664ad6f Upgrade schemars to 0.9 2025-06-12 15:48:24 +02:00
Quentin Gliech
a12b50147a Remove optional features from mas-iana & regenerate 
Also ignores 'TEMPORARY' items in the IANA registry
 2025-06-10 14:25:38 +02:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Hugh Nimmo-Smith
0551b93cae Update schemas 2025-06-06 10:45:23 +01:00
Quentin Gliech
186b5cbdbe Add secrets.encryption_file config option (#4617) 2025-06-05 15:14:55 +02:00
Quentin Gliech
65ec6c187c config: Refactor parsing of secrets section (#4602) 2025-06-05 15:13:00 +02:00
Kai A. Hiller
67874be00f Skip encryption serialization if None 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-04 11:53:43 +02:00
Quentin Gliech
dcef4bcf3f Add config flag to require registration tokens for password registrations 2025-06-03 17:42:53 +02:00
Kai A. Hiller
1d88c875e8 Add secrets.encryption_file config option 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 18:39:19 +02:00
Kai A. Hiller
c448bd69bf Refactor key options in secret config 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Kai A. Hiller
647f415892 Refactor password options in secret config 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Kai A. Hiller
d46f66a056 Add KeyConfig doc comment 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Quentin Gliech
f63b466145 Allow applying unicode normalisation to passwords before hashing 2025-05-30 15:42:32 +02:00
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
Quentin Gliech
4d0bce9382 Make the default scope on upstream providers config openid 2025-05-07 15:34:30 +02:00
Doug
a826b99319 Update the login schema docs. 2025-05-07 10:21:40 +01:00
Doug
b16492a62c Generate the schema (which fixes a typo amongst other things 🤦‍♂️) 2025-05-06 18:03:53 +01:00
Doug
7f91c8948b Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00