letro-authentication-service

Author	SHA1	Message	Date
Quentin Gliech	a47dba1b1d	Always ask for consent, never for reauth (#4386 )	2025-04-14 15:51:48 +02:00
Quentin Gliech	73a4007c18	Always ask for consent, never for reauth Now that we have deduplicated clients, we're in this weird situation where authorization grants just… go through. This is because 4 years ago, I designed it to support prompt=consent and prompt=none, but that never ended up being used/mentioned in the MSCs. We also had support for max_age, but that required reauthing, which doesn't work well with upstream providers. So this removes support for prompt=consent\|none and max_age, and makes sure we always go through the consent page. Lots of code deleted, yay!	2025-04-10 19:57:45 +02:00
mcalinghee	2fe4752aa4	add login by email + feature flag	2025-04-10 17:57:58 +02:00
Quentin Gliech	e064c381b6	Admin API for adding and removing upstream oauth links (#4255 )	2025-04-09 13:33:16 +02:00
Quentin Gliech	2c6e2b42a1	compat login: support using client-provided device ID (#4342 )	2025-04-07 08:52:29 +02:00
Quentin Gliech	e9525fff9e	Fix doc comment	2025-04-07 08:31:58 +02:00
Olivier 'reivilibre	1e2af0fd3a	compat login (sso): support using client-provided device_id	2025-04-04 16:25:01 +01:00
Quentin Gliech	8fbd75eb7e	Deduplicate client registrations by hashing the metadata	2025-03-25 15:00:23 +01:00
MTRNord	1ab402c7bf	Link removal storage API From #3245 with changes from review	2025-03-17 18:31:11 +02:00
Quentin Gliech	fd41b719ba	Merge branch 'main' into quenting/dynamic-policy-data	2025-03-14 10:16:16 +01:00
Quentin Gliech	a6992b718c	Config option to allow account self-deactivation	2025-03-12 15:58:54 +01:00
Quentin Gliech	9c35f18d79	Add a `deactivated_at` flag on users	2025-03-11 17:35:13 +01:00
Quentin Gliech	44b6777f1b	Merge remote-tracking branch 'origin/main' into quenting/compat-device-id	2025-03-04 13:33:09 +01:00
Quentin Gliech	098517edd0	storage: store dynamic policy data in the database	2025-02-25 12:26:22 +01:00
Quentin Gliech	b4b2e4c7bb	Fix some old Synapse access tokens not being recognized	2025-02-24 11:12:02 +01:00
Quentin Gliech	56d9c7e63b	Upgrade to Rust 1.85 and edition 2024	2025-02-21 16:15:02 +01:00
Quentin Gliech	a3f22ae5f6	Allow compat session devices to have spaces	2025-02-19 17:55:18 +01:00
Quentin Gliech	b40fcdd712	Experimental feature to timeout inactive sessions	2025-02-12 17:31:21 +01:00
Olivier 'reivilibre	3034819b7d	Introduce optional `human_name` column on `compat_sessions`	2025-02-05 11:36:51 +01:00
Quentin Gliech	ab69351f77	Avoid unnecessary clones in the login_hint parser	2025-01-28 17:25:54 +01:00
reivilibre	87009be7e6	Support compatibility sessions that do not have devices (#3801 ) Co-authored-by: Quentin Gliech <quenting@element.io>	2025-01-27 14:50:31 +00:00
Quentin Gliech	0bca802585	Merge branch 'main' into quenting/optional-email	2025-01-20 11:31:48 +01:00
reivilibre	e6967210cc	Recognise macaroons as access tokens from Synapse (#3797 )	2025-01-17 09:50:13 +00:00
Quentin Gliech	d58e13e2cf	Data model and storage layer for storing user registrations	2025-01-14 16:30:43 +01:00
Quentin Gliech	9db14f6743	Rip out the email verification codes This considers all user_emails as confirmed, and removes the verification code. It will be replaced by a new email authentication code flow	2025-01-14 15:46:45 +01:00
Quentin Gliech	b697a2dfb2	storage: new email authentication codes	2025-01-13 17:00:30 +01:00
Quentin Gliech	077a55fd5d	Remove the primary email address concept	2025-01-13 17:00:30 +01:00
Mathieu Velten	33e1cdbf16	Allow response_mode to be null and if so do not add the query param (#3700 )	2024-12-18 18:18:39 +01:00
Quentin Gliech	f563daf822	Make the issue optional on upstream OAuth 2.0 providers	2024-12-17 13:40:34 +01:00
Mathieu Velten	75ee9a1e58	Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664 )	2024-12-17 11:54:16 +01:00
Quentin Gliech	6bda8b91d0	Allow revoking refresh tokens This lets us track 'revoked' tokens separately from 'consumed' tokens.	2024-12-11 14:15:01 +01:00
Quentin Gliech	42bb83a628	Record when access tokens are first used	2024-12-11 14:15:01 +01:00
Quentin Gliech	b3756e4ae4	Record the next refresh token ID when refreshing This will help us determine whether we had a double-refresh happening	2024-12-11 14:15:01 +01:00
Quentin Gliech	2903ff5e7a	Allow setting an explicit upstream account name (#3600 )	2024-11-29 12:30:18 +01:00
Mathieu Velten	f832666a86	Add fetch_userinfo to upstream SSO provider (#3363 )	2024-11-26 15:01:03 +00:00
Quentin Gliech	05e2572258	Record extra query parameters during upstream callback And make them available in the templates. This is useful to get the user display name for Sign-in with Apple	2024-11-22 08:48:00 +01:00
Quentin Gliech	ec28c30e3c	Allow setting the response_mode on upstream OAuth 2.0 providers	2024-11-22 08:48:00 +01:00
Quentin Gliech	dddd9fe998	Support Sign in with Apple	2024-11-22 08:48:00 +01:00
Tonkku	48d74e773e	Remove mas-matrix dependency on mas-data-model	2024-11-18 11:42:43 +01:00
Tonkku	52edfa61f6	Allow use of `chrono::Utc::now` in the tests Clock cannot be used because of a circular dependency	2024-11-18 11:42:43 +01:00
Tonkku	7a750e6dab	More format For some reason my cargo disagrees with the use line	2024-11-18 11:42:43 +01:00
Tonkku	b09e2faaaa	clippy 📎	2024-11-18 11:42:43 +01:00
Tonkku	376200cf4b	cargo fmt	2024-11-18 11:42:43 +01:00
Tonkku	846a4ee14a	Implement login_hint	2024-11-18 11:42:43 +01:00
Quentin Gliech	0fde63594a	Remove most doctests	2024-10-29 12:37:59 +01:00
Quentin Gliech	e6ddaf098b	Output the registered client metadata in the registration endpoint Fixes #2848	2024-09-20 20:39:04 +02:00
Quentin Gliech	03838bd909	Remove contacts from the data model	2024-09-20 20:39:04 +02:00
Quentin Gliech	9a946c19e7	Remove (C)	2024-09-10 14:28:55 +02:00
Quentin Gliech	9da19e2af0	License headers change	2024-09-05 13:25:42 +02:00
Quentin Gliech	163d7e8c93	admin: model definition for the OAuth 2.0 sessions	2024-08-07 17:41:18 +02:00

1 2 3 4

173 Commits