letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
6,252 Commits 2 Branches 1 Tag
ffec0020a4e821723bae270d7424fb425afd716c
Commit Graph

134 Commits

Author SHA1 Message Date
Olivier 'reivilibre
2c95c0a9a0 Expose the compat login policy from the policy engine 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
1d2f7fecf8 Add experimental and preliminary policy-driven session limiting when logging in OAuth 2 sessions. (#5221) 2025-11-25 15:24:02 +00:00
Kai A. Hiller
770016ebf7 Merge branch 'main' into keys_dir 2025-11-18 18:12:14 +01:00
Olivier 'reivilibre
c007695e04 (update files after merge) 2025-11-13 15:55:25 +00:00
Olivier 'reivilibre
236de8f071 Merge branch 'main' into rei/policy_driven_session_limit 2025-11-13 15:54:48 +00:00
networkException
23322cfc28 Add upstream_oauth2.providers.[].client_secret_file config option 
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.

See dd040220db
 2025-11-08 16:10:19 +01:00
Quentin Gliech
d0a5a1406b Remove the nullable transformation for the config schema. 2025-11-07 11:08:59 +01:00
Quentin Gliech
56911f25c1 Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9 2025-11-06 17:34:43 +01:00
reivilibre
29ab273e5a Update crates/config/src/sections/experimental.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-06 15:29:54 +00:00
Olivier 'reivilibre
dc535d7451 Add configuration for session limiting 2025-11-06 10:12:14 +00:00
Quentin Gliech
28e573b400 Add a configuration option to make email optional for password registration 2025-10-07 17:28:01 +02:00
Kai A. Hiller
db8555a589 Add secrets.keys_dir config option 2025-09-08 16:02:38 +02:00
Quentin Gliech
bdb44498b8 Automatically derive the kid from the key fingerprint if missing (#4876) 2025-09-02 17:04:35 +02:00
Kai A. Hiller
897d6de572 Switch to JWK Thumbprints 2025-08-20 18:22:21 +02:00
Quentin Gliech
8dd096ce60 Fix a few more clippy lints 2025-08-18 10:45:20 +02:00
Kai A. Hiller
968968bdbb Auto-generate kid if not given 2025-08-08 11:38:45 +02:00
Quentin Gliech
c93b051da4 Merge branch 'main' into secret_file 2025-08-05 15:37:32 +02:00
Quentin Gliech
9d6c357f45 Make MAS use the modern Synapse API by default 2025-08-05 15:03:32 +02:00
Quentin Gliech
f610994a0f Merge branch 'main' into secret_file 2025-08-05 11:17:39 +02:00
Kai A. Hiller
dd040220db Add clients.[].client_secret_file config option 2025-08-04 19:32:39 +02:00
Kai A. Hiller
357420a56f Add matrix.secret_file config option 2025-07-29 19:46:07 +02:00
Quentin Gliech
6ffe95cdc6 Merge branch 'main' into feat/allow_override_user 2025-07-21 17:03:35 +02:00
Quentin Gliech
942287f99b Threaten to switch to using the modern API in a few releases. 2025-07-21 13:15:48 +02:00
mcalinghee
1886e73e40 allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech
85287c5471 Use the new dedicated Synapse API 2025-07-18 16:39:24 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Quentin Gliech
e54664ad6f Upgrade schemars to 0.9 2025-06-12 15:48:24 +02:00
Quentin Gliech
a12b50147a Remove optional features from mas-iana & regenerate 
Also ignores 'TEMPORARY' items in the IANA registry
 2025-06-10 14:25:38 +02:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Hugh Nimmo-Smith
0551b93cae Update schemas 2025-06-06 10:45:23 +01:00
Quentin Gliech
186b5cbdbe Add secrets.encryption_file config option (#4617) 2025-06-05 15:14:55 +02:00
Quentin Gliech
65ec6c187c config: Refactor parsing of secrets section (#4602) 2025-06-05 15:13:00 +02:00
Kai A. Hiller
67874be00f Skip encryption serialization if None 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-04 11:53:43 +02:00
Quentin Gliech
dcef4bcf3f Add config flag to require registration tokens for password registrations 2025-06-03 17:42:53 +02:00
Kai A. Hiller
1d88c875e8 Add secrets.encryption_file config option 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 18:39:19 +02:00
Kai A. Hiller
c448bd69bf Refactor key options in secret config 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Kai A. Hiller
647f415892 Refactor password options in secret config 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Kai A. Hiller
d46f66a056 Add KeyConfig doc comment 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Quentin Gliech
f63b466145 Allow applying unicode normalisation to passwords before hashing 2025-05-30 15:42:32 +02:00
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
Quentin Gliech
4d0bce9382 Make the default scope on upstream providers config openid 2025-05-07 15:34:30 +02:00
Doug
a826b99319 Update the login schema docs. 2025-05-07 10:21:40 +01:00
Doug
b16492a62c Generate the schema (which fixes a typo amongst other things 🤦‍♂️) 2025-05-06 18:03:53 +01:00
Doug
7f91c8948b Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00
Quentin Gliech
aba9ca38e6 Insert client_name when upserting statically registered clients (#4417) 2025-04-30 11:50:49 +02:00
Hugh Nimmo-Smith
57cc89a0c8 WIP support for experimental plan management tab in UI 2025-04-22 13:17:29 +01:00
Quentin Gliech
0792171f91 Move the synapse_idp_id field to the top of the provider section 
This means that when serializing those, it will be at a more obvious place.
 2025-04-18 18:25:46 +02:00
Quentin Gliech
a061db35d7 Make a few password-related options public in the config crate 
It also adds docs to a few of those options
 2025-04-18 18:24:35 +02:00
Adis Veletanlic
e495b66ad1 Run ./misc/update.sh 2025-04-16 13:16:43 +02:00