letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
108 Commits 2 Branches 1 Tag
befd0a8c2dbd39dbfec9ebd96766b08849dfd3cb
Commit Graph

108 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Quentin Gliech
befd0a8c2d Consume authorization code on use 2021-09-17 18:24:43 +02:00
Quentin Gliech
838d6d9472 Include "state" in authorization request errors 2021-09-17 18:13:30 +02:00
Quentin Gliech
55ca0dc9b3 Better error handling in cookies, session and csrf filters 2021-09-17 18:12:34 +02:00
Quentin Gliech
03bf2f3429 Handle auth errors on the userinfo endpoint 2021-09-17 16:20:10 +02:00
Quentin Gliech
83176dbfed Make the template contexts a bit more clear 2021-09-17 14:30:06 +02:00
Quentin Gliech
bc55420a39 ci: better job dependencies 2021-09-17 12:55:10 +02:00
Quentin Gliech
dc70aa7999 Allow loading multiple configuration files 2021-09-17 12:22:03 +02:00
Quentin Gliech
224ab2bc98 Allow splitting database connection options 2021-09-17 12:03:00 +02:00
Quentin Gliech
0b3fd63748 Ability to run migrations on startup 
Also adds a bunch of logging information on startup
 2021-09-17 11:27:06 +02:00
Quentin Gliech
bc07a0d968 Docker image and CI 2021-09-17 10:40:08 +02:00
Quentin Gliech
bade8cd8bf Embed templates in binary & add command to export them 2021-09-16 23:39:07 +02:00
Quentin Gliech
89d0821ed2 Bump MSRV to 1.54 
clap 4.0.0-beta4 broke <1.54 compatibility
 2021-09-16 15:05:07 +02:00
Quentin Gliech
18513ee604 Fix minor code style issues 2021-09-16 14:54:17 +02:00
Quentin Gliech
7681f5131a Split the service in multiple crates 2021-09-16 14:43:56 +02:00
Quentin Gliech
e74bc12ccd Upgrade dependencies 2021-09-16 12:33:04 +02:00
Quentin Gliech
a8cd3d9413 Fix signing key in tests 2021-09-16 12:23:45 +02:00
Quentin Gliech
589f666bf7 more error handling in token endpoint 
Also adds some OP metadatas to help with conformance
 2021-09-11 00:53:21 +02:00
Quentin Gliech
c39e223032 WIP error management in authorization request 2021-09-10 22:53:21 +02:00
Quentin Gliech
108a974880 disabled bogus clippy lint 2021-09-09 23:27:51 +02:00
Quentin Gliech
ce783de2d1 implement userinfo endpoint 
Also fix some responses to pass more compliance tests
 2021-09-09 23:11:09 +02:00
Quentin Gliech
81d95ef215 Add c_hash, at_hash and nonce claims to id_token 2021-09-09 16:52:08 +02:00
Quentin Gliech
909da01918 Properly block on hashing and signing operations 
This moves those operations on Tokio "blocking" threads, which avoids
that they block the async executor while running. It also makes the
config generation asynchronous with better logging of what is happening.
 2021-09-09 14:15:42 +02:00
Quentin Gliech
5c63b93c92 Basic id_token signing 2021-09-09 13:18:53 +02:00
Quentin Gliech
c5d4c0b83c Implement refresh tokens 2021-08-27 15:27:19 +02:00
Quentin Gliech
9b841b2127 Simple task scheduler to remove old access tokens 2021-08-27 12:06:03 +02:00
Quentin Gliech
6f67ab6570 Simplify client authentication logic 2021-08-26 20:16:38 +02:00
Quentin Gliech
9e97af8438 Recover gracefully from login errors 
Fixes #5
 2021-08-26 18:08:28 +02:00
Quentin Gliech
057b94a44f Simplify saving encrypted cookies 2021-08-26 17:39:33 +02:00
Quentin Gliech
35e6016c40 WIP: handle errors in forms 2021-08-26 11:49:22 +02:00
Quentin Gliech
d240315ab1 Use custom error types for CSRF and login errors 2021-08-26 11:49:22 +02:00
Quentin Gliech
be5fd8e271 Better handle .env file loading error 
Previously it would crash if the file did not exist
 2021-08-26 11:14:49 +02:00
Quentin Gliech
bf988180ae Display the OIDC discovery document on the index 2021-08-15 11:27:00 +00:00
Quentin Gliech
bad765f522 Add registration view 2021-08-15 09:56:28 +00:00
Quentin Gliech
9f4673918d Load environment variables from .env files 
This allows to properly set the OAuth 2.0 Issuer base in the Codespace
 2021-08-15 09:21:15 +00:00
Quentin Gliech
705b18a9f8 Setup GitHub Codespaces 2021-08-14 20:50:07 +00:00
Quentin Gliech
7068c62446 Commit transaction after exchanging the auth code 2021-08-14 14:35:52 +02:00
Quentin Gliech
6fe6371202 ci: Download deps with MSRV 2021-08-14 13:28:03 +02:00
Quentin Gliech
6ccd3b78d6 Set MSRV and let beta & nightly fail in CI 2021-08-14 13:18:08 +02:00
Quentin Gliech
56fa6d3714 Implement code exchange endpoint 
Also implement proper client authentication and fix introspection
endpoint
 2021-08-14 12:31:19 +02:00
Quentin Gliech
76182cf74e Rework warp top-filters to get proper 404 errors 
Before, some had `warp::get().and(warp::path!("foo"))`, which resulted
to a `405 Method not allowed` instead of a 404.

It also uses the `wrap::path!` macro instead of the function to ensure
we're not setting a prefix
 2021-08-13 16:20:09 +02:00
Quentin Gliech
58890b81c3 Implement basic token introspection endpoint 2021-08-13 15:45:51 +02:00
Quentin Gliech
2e33590cef Implement proper access token generation 2021-08-13 14:15:20 +02:00
Quentin Gliech
791726c0ab Acquire DB conns and txns on filter level 
This avoids having the pool everywhere and instead have connections and
transactions as parameters
 2021-08-13 09:38:41 +02:00
Quentin Gliech
c30bb3ffa4 allow completing an oauth2 session after login 2021-08-06 16:57:49 +02:00
Quentin Gliech
fbc492b222 wrap HTML responses with warp::reply::html 
This sets the Content-Type in responses
 2021-08-06 13:57:51 +02:00
Quentin Gliech
a37f542e60 set the response_{modes,types}_supported fields in the discovery document 2021-08-06 13:55:45 +02:00
Quentin Gliech
595e7f4ec8 support the form_post response mode 
also clarify the `register_templates` macro
 2021-08-06 12:17:19 +02:00
Quentin Gliech
1ef0e922c3 Continue implementing the authorization code grant 2021-08-05 23:44:35 +02:00
Quentin Gliech
b27a454919 Document some of the templates related structures 2021-08-05 17:48:41 +02:00
Quentin Gliech
0abc40817d Remove unnecessary boxing of filters 
This might help with error handling, knowing what filter are fallible or not
 2021-08-05 17:46:46 +02:00