letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
933 Commits 2 Branches 1 Tag
b9eda7c9e89fb4cf61baaa9436c8a87efb193b8c
Commit Graph

69 Commits

Author SHA1 Message Date
Quentin Gliech
b9eda7c9e8 Save the ID token during an upstream authorization 2022-12-05 19:39:51 +01:00
Quentin Gliech
6aca90e4d9 OIDC account linking and login 2022-12-05 19:39:51 +01:00
Quentin Gliech
ae532a05f9 Lookup and save upstream links 2022-12-05 19:39:51 +01:00
Quentin Gliech
28704ab473 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
dependabot[bot]
27365982ee Bump serde from 1.0.147 to 1.0.148 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.147 to 1.0.148.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.147...v1.0.148)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-29 09:10:09 +01:00
dependabot[bot]
87eb1e70ac Bump chrono from 0.4.22 to 0.4.23 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.22 to 0.4.23.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.22...v0.4.23)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-14 12:20:51 +01:00
Quentin Gliech
625f238eee More cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
2bfd22a7df Cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
9c27110993 Stop using Utc::now in templates samples 2022-11-02 18:59:00 +01:00
Quentin Gliech
fb5d6eac25 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
9ad66ed94d Database refactoring 2022-11-02 18:59:00 +01:00
Quentin Gliech
6374ec2b02 Bump remaining dependencies 2022-11-02 14:51:08 +01:00
dependabot[bot]
07df53c1b1 Bump thiserror from 1.0.36 to 1.0.37 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.36 to 1.0.37.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.36...1.0.37)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-29 14:15:07 +02:00
Quentin Gliech
87fd36ca4a Bump Crypto crates 2022-09-27 18:27:52 +02:00
dependabot[bot]
63f5e57412 Bump thiserror from 1.0.34 to 1.0.35 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.34 to 1.0.35.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.34...1.0.35)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-14 08:42:55 +02:00
dependabot[bot]
5f8d3aadca Bump url from 2.3.0 to 2.3.1 
Bumps [url](https://github.com/servo/rust-url) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](https://github.com/servo/rust-url/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: url
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-08 23:18:54 +02:00
dependabot[bot]
4a271eae21 Bump url from 2.2.2 to 2.3.0 
Bumps [url](https://github.com/servo/rust-url) from 2.2.2 to 2.3.0.
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](https://github.com/servo/rust-url/compare/v2.2.2...v2.3.0)

---
updated-dependencies:
- dependency-name: url
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-08 01:20:45 +02:00
dependabot[bot]
dbd72d4a66 Bump thiserror from 1.0.33 to 1.0.34 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.33 to 1.0.34.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.33...1.0.34)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-06 00:17:05 +02:00
Quentin Gliech
57bcedfe58 Make the JWK generic over the parameters 2022-09-02 15:37:46 +02:00
Quentin Gliech
2281ccfcbd Remove support for the token response type 2022-09-02 13:59:10 +02:00
dependabot[bot]
82fa87729c Bump serde from 1.0.143 to 1.0.144 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.143 to 1.0.144.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.143...v1.0.144)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-22 15:22:04 +02:00
dependabot[bot]
0569280dfd Bump chrono from 0.4.20 to 0.4.22 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.20 to 0.4.22.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.20...v0.4.22)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 12:21:07 +02:00
Kévin Commaille
06ebf8a3ef Fix new clippy 0.1.63 warnings 2022-08-12 11:05:21 +02:00
Quentin Gliech
c1adcd6690 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
6a7b12913b Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
dependabot[bot]
9874b5496c Bump chrono from 0.4.19 to 0.4.20 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.19 to 0.4.20.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.19...v0.4.20)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-05 09:48:09 +02:00
dependabot[bot]
dfba96014c Bump serde from 1.0.141 to 1.0.142 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.141 to 1.0.142.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.141...v1.0.142)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 11:30:39 +02:00
dependabot[bot]
d779f2ec0b Bump thiserror from 1.0.31 to 1.0.32 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.31 to 1.0.32.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.31...1.0.32)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 09:21:37 +02:00
Quentin Gliech
4e267f45d8 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
9479ad5ff9 Fix PKCE characters verification rules & add tests 2022-08-03 13:57:31 +02:00
Quentin Gliech
ecbba3967b Update crates/data-model/src/oauth2/authorization_grant.rs 
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
 2022-08-03 13:57:31 +02:00
Quentin Gliech
deceea0c62 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
779ee82fa6 Bump serde_with 2022-08-01 19:38:22 +02:00
Quentin Gliech
21b630e022 Bump Rust dependencies 2022-08-01 17:50:33 +02:00
Quentin Gliech
9abb4798c1 Bump dependencies 2022-07-04 18:27:18 +02:00
Quentin Gliech
722023b7ec Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00
Quentin Gliech
4459c04f6d Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Quentin Gliech
eb08e3f1b6 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
9a989edd79 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
e7e8212ffc Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ac95e35a7a Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
a4ee085664 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
92d3c00db0 Form error state overhaul 
This adds a new FormState structure here to hold the state of an errored
from, including retaining field value and better error codes.

It also adds error recovery for the registration form, and properly
loads the post_login_action context in case of errors.
 2022-05-12 13:35:58 +02:00
Quentin Gliech
a3f332d475 Rewrite the authorization grant logic 2022-05-06 17:12:39 +02:00
Quentin Gliech
5776206570 Rewrite authorization code grant callback logic 2022-05-04 16:36:59 +02:00
dependabot[bot]
dbd1a3afd5 Bump serde from 1.0.136 to 1.0.137 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.136 to 1.0.137.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.136...v1.0.137)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 14:59:21 +02:00
dependabot[bot]
2b7227055c Bump thiserror from 1.0.30 to 1.0.31 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.30 to 1.0.31.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.30...1.0.31)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 12:42:20 +02:00
dependabot[bot]
1c1554a131 Bump crc from 2.1.0 to 3.0.0 
Bumps [crc](https://github.com/mrhooray/crc-rs) from 2.1.0 to 3.0.0.
- [Release notes](https://github.com/mrhooray/crc-rs/releases)
- [Commits](https://github.com/mrhooray/crc-rs/compare/2.1.0...3.0.0)

---
updated-dependencies:
- dependency-name: crc
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 12:08:16 +02:00
Quentin Gliech
a66888e363 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
f243624f45 Move clients to the database 2022-03-08 19:07:46 +01:00