87 Commits

Author SHA1 Message Date
Quentin Gliech e913ddbc9e docs: explain the new database statistics in log lines 2026-06-22 14:43:05 +02:00
Quentin Gliech f328d2f62f Rephrase slightly the request log documentation 2026-06-18 16:36:05 +02:00
Quentin Gliech 393b42ed6e docs: document the request log line
Add a reference page describing the `http.server.response` log line and its
fields (method, status, requester, client address, GraphQL operation, request
id, trace id, …), aimed at administrators feeding the logs into a SIEM, with a
table of well-known operations and how to classify them (login, logout, token
issuance, …).
2026-06-18 13:43:59 +02:00
Quentin Gliech eb0ef6380c Merge branch 'main' into quenting/upstream-pass-parameters 2026-06-17 14:54:37 +02:00
Quentin Gliech db58127117 Merge branch 'main' into patch-1 2026-06-10 10:11:00 +02:00
Quentin Gliech 3025708520 Add a configuration option to disable device code auto-fill 2026-05-28 13:30:25 +02:00
Quentin Gliech 11d68cc8c9 Merge branch 'main' into quenting/upstream-pass-parameters 2026-05-20 10:14:00 +02:00
Quentin Gliech 6b8decf609 Document MiniJinja templating for additional_authorization_parameters
Updates the field doc-comment to describe the new templating semantics
and adds a deprecation note on `forward_login_hint` pointing to the
recommended replacement. Regenerates the JSON schema.

The runtime behavior (template rendering, forward_login_hint
soft-deprecation) is wired up in follow-up commits.
2026-05-13 17:44:15 +02:00
c-bg 47aa94c465 fix typo: client_secret_jwk-> client_secret_jwt 2026-05-05 11:40:53 +02:00
Hugh Nimmo-Smith 53e6d05f40 Add oauth.device_code_grant_enabled configuration option 2026-04-07 11:13:56 +01:00
beposec e3a0ec75b2 Update command to list admin users in CLI docs
There was a wrong example in the Codeblock.
2026-03-27 18:20:13 +01:00
Olivier 'reivilibre 20c68d4e76 Explain the purpose of signing keys in the config documentation. (#5286) 2025-12-03 13:02:04 +00:00
Olivier 'reivilibre 262e235c75 Convert use case list to bullet points and note the niche private_key_jwt method 2025-12-02 12:22:33 +00:00
Quentin Gliech df14076dd0 Merge branch 'quenting/upstream-oauth/better-conflict-options' into quenting/upstream-oauth/skip-interactive 2025-11-28 18:08:09 +01:00
Quentin Gliech 47d411f641 Option to skip confirmation when registering through an upstream OAuth provider 2025-11-28 15:51:43 +01:00
Quentin Gliech f0d84a4b47 Document the new conflict options 2025-11-28 11:57:46 +01:00
Quentin Gliech 7587637943 Add Shibboleth sample configuration to SSO documentation (#5294) 2025-11-27 18:02:28 +01:00
copilot-swe-agent[bot] af15767135 Remove deprecated set_email_verification option from docs
Co-authored-by: sandhose <1549952+sandhose@users.noreply.github.com>
2025-11-27 15:47:37 +00:00
Olivier 'reivilibre f662b0b132 drive-by: Singing -> Signing 2025-11-25 17:06:38 +00:00
Olivier 'reivilibre 039cb09815 Add a little bit of explanation to the documentation about keys 2025-11-25 17:06:38 +00:00
Olivier 'reivilibre a89eb28a37 cli docs: Fix --usage-limit and --unlimited 2025-11-25 12:05:32 +00:00
reivilibre 4753aa811b templates check: Add --stabilise flag to make renders reproducible (#5214) 2025-11-24 16:16:11 +00:00
Kai A. Hiller a93fa72477 Merge branch 'main' into keys_dir 2025-11-18 18:12:14 +01:00
networkException b5a0834faa Add upstream_oauth2.providers.[].client_secret_file config option
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.

See a7e7c3caa1
2025-11-08 16:10:19 +01:00
Olivier 'reivilibre 4793f534e6 Add rest of documentation on templates check 2025-10-30 16:33:50 +00:00
Olivier 'reivilibre eba9c5e1e1 document new options on templates check 2025-10-30 15:14:49 +00:00
teutat3s 163357a85e docs: add missing --reactivate option 2025-10-17 19:39:34 +02:00
Quentin Gliech e4844968d3 Add a configuration option to make email optional for password registration 2025-10-07 17:28:01 +02:00
Quentin Gliech 815ce17cc5 Simple CLI commands to manage server admins 2025-09-16 12:42:32 +02:00
Kai A. Hiller 6a28950d8e Add secrets.keys_dir config option 2025-09-08 16:02:38 +02:00
Quentin Gliech 6eac7ed2d7 Automatically derive the kid from the key fingerprint if missing (#4876) 2025-09-02 17:04:35 +02:00
Patrick Maier cf997048e4 Add missing branding config to docs (#4577) 2025-08-15 12:22:07 +02:00
Kai A. Hiller 1b7b43b559 Auto-generate kid if not given 2025-08-08 11:38:45 +02:00
Quentin Gliech 884c66891a Merge branch 'main' into secret_file 2025-08-05 11:17:39 +02:00
Quentin Gliech c6ae5c7557 Add clients.[].client_secret_file config option (#4857) 2025-08-05 11:17:00 +02:00
Kai A. Hiller a7e7c3caa1 Add clients.[].client_secret_file config option 2025-08-04 19:32:39 +02:00
Quentin Gliech 7e018a06aa Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
Kai A. Hiller d4a318a8ae Add matrix.secret_file config option 2025-07-29 19:46:07 +02:00
Quentin Gliech 97cd5d86ba docs: Remove requirement for arbitrary KIDs (#4807) 2025-07-23 12:38:47 +02:00
Kai A. Hiller 858b388eec KIDs must be stable across restarts 2025-07-23 12:31:38 +02:00
Kai A. Hiller da94650706 Fix wording 2025-07-23 09:43:43 +02:00
Kai A. Hiller 2ecc502b05 Adapt markdown formatting 2025-07-23 09:39:52 +02:00
Kai A. Hiller 5587dd37e3 docs: Remove requirement for arbitrary KIDs 2025-07-21 18:37:03 +02:00
mcalinghee 98912f4ada allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech 3bc3db1527 Add documentation for backchannel logout 2025-07-04 16:27:10 +02:00
Quentin Gliech d27f7e3cd9 Mention the stable scopes in the doc, remove the guest scope 2025-06-13 15:56:13 +02:00
Quentin Gliech 50b41a6613 Add secrets.encryption_file config option (#4617) 2025-06-05 15:14:55 +02:00
Kai A. Hiller 187838802d Update encryption secret warning in docs 2025-06-04 14:50:54 +02:00
Kai A. Hiller fbee4bfe8c Document secrets.encryption_file
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
2025-06-04 11:42:51 +02:00
Quentin Gliech 5d13691acd CLI tool to issue user registration tokens 2025-06-03 17:42:55 +02:00