letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
b2e5a467a12da5ea070122f82a37337ffe73cc38
Commit Graph

338 Commits

Author SHA1 Message Date
Andrew Ferrazzutti
e0c56cc1a8 Documentation: update links to policy files 2025-09-03 15:08:21 -04:00
Quentin Gliech
bdb44498b8 Automatically derive the kid from the key fingerprint if missing (#4876) 2025-09-02 17:04:35 +02:00
Quentin Gliech
6e3d2e79f1 Merge branch 'main' into quenting/stable-docs 2025-09-02 14:11:40 +02:00
Kai A. Hiller
897d6de572 Switch to JWK Thumbprints 2025-08-20 18:22:21 +02:00
Andrew Morgan
a956f0aa56 Minor grammatical fixes to access-token.md (#4917) 2025-08-19 17:00:04 +01:00
Andrew Morgan
d4cb509e0c Minor grammatical fixes to access-token.md 2025-08-19 12:18:27 +01:00
Andrew Morgan
fa424562d3 Link directly to Localazy branching page in release docs 
To make it quicker to get to the right page.
 2025-08-19 12:14:22 +01:00
Quentin Gliech
65cac5ba46 Docs: Run local tests via cargo-nextest (#4873) 2025-08-18 15:51:21 +02:00
Quentin Gliech
93809b7a09 Apply suggestion from @sandhose 2025-08-18 15:44:23 +02:00
Quentin Gliech
4f33544eb7 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-18 13:44:10 +02:00
Quentin Gliech
d3e3a6fe14 Document Synapse integration with the stable feature 2025-08-18 13:38:35 +02:00
Quentin Gliech
8dd096ce60 Fix a few more clippy lints 2025-08-18 10:45:20 +02:00
Patrick Maier
e4e2d266b1 Add missing branding config to docs (#4577) 2025-08-15 12:22:07 +02:00
Quentin Gliech
199926b1b7 Include simple script to generate an access token 2025-08-12 16:58:00 +02:00
Kai A. Hiller
968968bdbb Auto-generate kid if not given 2025-08-08 11:38:45 +02:00
Jason Robinson
658ce57ed5 Docs: Run local tests via cargo-nextest 
Mention this specifically in contributing.md since CI also uses this test runner. My attempt to use `cargo test` failed due to PG connection pooling. In any case, unless there are reasons not to, we should keep close to mirroring what we do in CI.
 2025-08-07 13:33:59 +03:00
Quentin Gliech
c93b051da4 Merge branch 'main' into secret_file 2025-08-05 15:37:32 +02:00
Quentin Gliech
9d6c357f45 Make MAS use the modern Synapse API by default 2025-08-05 15:03:32 +02:00
Quentin Gliech
f610994a0f Merge branch 'main' into secret_file 2025-08-05 11:17:39 +02:00
Quentin Gliech
a503856b7a Add clients.[].client_secret_file config option (#4857) 2025-08-05 11:17:00 +02:00
Kai A. Hiller
dd040220db Add clients.[].client_secret_file config option 2025-08-04 19:32:39 +02:00
Quentin Gliech
4d83fcb25e Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
Kai A. Hiller
357420a56f Add matrix.secret_file config option 2025-07-29 19:46:07 +02:00
Quentin Gliech
0c32681e26 docs: Remove requirement for arbitrary KIDs (#4807) 2025-07-23 12:38:47 +02:00
Kai A. Hiller
d066259a31 KIDs must be stable across restarts 2025-07-23 12:31:38 +02:00
Kai A. Hiller
6612a90e4b Fix wording 2025-07-23 09:43:43 +02:00
Kai A. Hiller
0fb4a195a2 Adapt markdown formatting 2025-07-23 09:39:52 +02:00
Kai A. Hiller
c16384d2f3 docs: Remove requirement for arbitrary KIDs 2025-07-21 18:37:03 +02:00
Quentin Gliech
6ffe95cdc6 Merge branch 'main' into feat/allow_override_user 2025-07-21 17:03:35 +02:00
Quentin Gliech
942287f99b Threaten to switch to using the modern API in a few releases. 2025-07-21 13:15:48 +02:00
mcalinghee
1886e73e40 allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech
85287c5471 Use the new dedicated Synapse API 2025-07-18 16:39:24 +02:00
Quentin Gliech
0878505429 Allow skipping GDPR-erasure when deactivating a user through the admin API (#4744) 2025-07-17 09:15:25 +02:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
63bb786b5d Update schema 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
23a87a02d2 Negate erase option and make optional 
This makes it more intuitive for an empty request body to be equivalent
to the option being set to false.
 2025-07-14 01:02:51 -04:00
Andrew Ferrazzutti
02898021fd Merge with 'main' 2025-07-11 09:50:38 -04:00
Andrew Ferrazzutti
88f5df36d4 Force optional request body for JSON schema 2025-07-10 13:26:58 -04:00
Johannes Marbach
8de2870ea2 Fix link title 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 2025-07-10 11:31:59 +02:00
Andrew Morgan
ed36787714 Docs: fix link to build GitHub Actions workflow 2025-07-08 12:43:19 +01:00
Andrew Ferrazzutti
f8b4dcc6c2 Require "erase" key in deactivation request body 
If body is absent, treat "erase" as true.
If body is present, require "erase" to be present in the body.
 2025-07-04 14:30:42 -04:00
Quentin Gliech
b2ca7d5f9e Add documentation for backchannel logout 2025-07-04 16:27:10 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Andrew Ferrazzutti
58cd2ba993 Add "erase" option to REST deactivate request body 
This allows using the endpoint to deactivate a user without deleting it.

TODO: make the request body optional.
 2025-07-03 13:22:17 -04:00
Quentin Gliech
a390e61b08 Update the admin API doc to use stable scope in the example 2025-06-13 15:57:53 +02:00
Quentin Gliech
dc6ba0f400 Mention the stable scopes in the doc, remove the guest scope 2025-06-13 15:56:13 +02:00
Quentin Gliech
a5f3b8278c README, contribution and release documentation (#4675) 2025-06-12 09:17:22 +02:00