dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-28 07:14:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,174 Commits 73 Branches 88 Tags
2fd052d43d620d6e8afbe4090ed0156ab38b1cfa
Commit Graph

61 Commits

Author SHA1 Message Date
Quentin Gliech ea873577aa Fix many clippy warnings 
This is because the tracing-attributes update made clippy look at those
again. I've removed the `too_many_lines` lint, as it's not really useful
and we ignore it most of the time anyway.
 2025-07-30 14:49:38 +02:00
Quentin Gliech c61d38c5b7 Fix spec compliance of upstream OAuth 2.0 client auth methods 
We were sending the `client_id` in all cases, but the spec says it
should only be sent for the `none` and `client_secret_post` methods.
 2025-07-24 11:16:00 +02:00
Quentin Gliech 3d96dc9d47 Update license headers to match the actual license 2025-06-12 10:32:16 +02:00
Quentin Gliech 470cc26747 cargo fmt 2025-05-07 18:51:51 +02:00
Quentin Gliech def20930bf Explain why nonce is optional now 
Co-authored-by: reivilibre <oliverw@element.io>
 2025-05-07 18:50:38 +02:00
Quentin Gliech 5d58d9df7c Don't generate and send a nonce for non-OIDC-compliant auth requests 2025-05-07 15:34:27 +02:00
Quentin Gliech 6dfd60be35 Don't always insert the openid scope in upstream OAuth 2.0 requests 2025-05-07 15:25:50 +02:00
Quentin Gliech 3d2b67a0b2 Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
Quentin Gliech a97d2daa3d Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Quentin Gliech 2c01b439bd Make the id_token optional on upstream OAuth 2.0 providers 
This makes it possible to use non-OIDC providers as upstream OAuth 2.0 providers, like GitHub.
 2024-11-29 10:31:50 +01:00
Quentin Gliech 6efe8bf45a Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech ab4f438464 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
Quentin Gliech d438a23e07 Replace http_service with http_client 2024-10-28 13:46:38 +01:00
Quentin Gliech 69684bb1e0 Handle error responses from the OAuth 2.0 provider better 2024-10-28 13:46:38 +01:00
Quentin Gliech 611a914086 Remove the Matrix scope-related code in oidc-client 2024-10-28 13:46:38 +01:00
Quentin Gliech 2adf129a6b Delete more unused oidc-client code 2024-10-28 13:46:38 +01:00
Quentin Gliech 14948c35cb Replace all the manual HTTP clients with reqwest 2024-10-28 13:46:38 +01:00
Quentin Gliech b3b9a872d6 Replace HTTP client in oidc-client with reqwest 2024-10-28 13:46:38 +01:00
Quentin Gliech 52b90692be WIP: switch to reqwest 2024-10-28 13:46:38 +01:00
Quentin Gliech 847ccf8bb4 Move the remaining mentions of matrix-org to element-hq 2024-09-10 14:28:55 +02:00
Quentin Gliech ed4b6c42a7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech f6bb100c0a License headers change 2024-09-05 13:25:42 +02:00
Quentin Gliech dcb9bdeecf Remove the client features from mas-oidc-client and replace it in tests 2024-07-05 10:07:40 +02:00
Kévin Commaille fa0dec737b Use headers API 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-05-30 10:52:53 +02:00
Kévin Commaille 683516bb66 Allow parameters in UserInfo endpoint's response's content-type 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-05-30 10:52:53 +02:00
Quentin Gliech 3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Kévin Commaille d3d11594f3 Create the AccountManagementError enum 
Otherwise it forces dependant crates to add serde_urlencoded as a dependency
just to be able to forward the error type.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-04-02 16:26:24 +02:00
Kévin Commaille 4eeedbef31 Add account management URL for clients 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-03-19 15:05:27 +01:00
Kévin Commaille 099eabd137 Put match variant behind feature flag 
Without the keystore feature, this variant is not available.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-03-19 12:25:35 +01:00
Quentin Gliech 61a69f5af4 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Kévin Commaille 39a6132ea8 Do not expose error type from mas-keystore in mas-oidc-client 
The mas-keystore crate is an optional dependency so
setting "default-features" to false
results in a compilation error.

Since the enum is exhaustive, the corresponding error variant
cannot be behind a cargo feature.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2024-03-18 12:12:23 +01:00
Quentin Gliech 6eb6209bd8 Use rustls-platform-verifier for cert validation 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
 2024-03-06 14:03:59 +01:00
Quentin Gliech 2c9b8a446d Bump Clippy to 1.75 and Rust to 1.76 2024-02-27 16:58:43 +01:00
Quentin Gliech aeca03a120 Upgrade rustls 2024-02-02 11:45:20 +01:00
Quentin Gliech a0f5f3c642 Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech 364093f12f Allow overriding usptream OAuth2 providers endpoints 
Also have a way to disable OIDC discovery when all the endpoints are known.
 2023-11-17 16:18:39 +01:00
Kévin Commaille bbd0956f2d Put code challenge methods in AuthorizationRequestData 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille dbdeea4a10 Run rustfmt nightly 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille ba4ba75f73 Merge data structs and use builder pattern 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille c67a00ddd6 Add support for all authorization request parameters 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille 7c2e691175 Add client-side support for software statement, ID and version 
According to RFC7591

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:20:22 +02:00
Kévin Commaille 281eea5df5 Add tests for Matrix API scope tokens 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:19:22 +02:00
Kévin Commaille c0fca29ae7 Add type support for Matrix CS API guest scope 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:19:22 +02:00
Kévin Commaille af37b61675 Add tests for generating URL 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:14:04 +02:00
Kévin Commaille ba7d17f25c Add client-side support for RP-Initiated logout 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-08 18:14:04 +02:00
Quentin Gliech 68db56c2a2 Reimplementation of a postgres-backed storage with a shared PG listener 2023-07-17 19:04:06 +02:00
Quentin Gliech 76653f9638 Better frontend assets handling and move the react app to /account/ (#1324) 
This makes the Vite assets handling better, namely:

 - make it possible to include any vite assets in the templates
 - include the right `<link rel="preload">` tags for assets
 - include Subresource Integrity hashes
 - pre-compress assets and remove on-the-fly compression by the Rust server
 - build the CSS used by templates through Vite

It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
 2023-07-06 15:30:26 +02:00
Quentin Gliech 4f8b87fbfe Apply cargo fmt following changes in nightly rustfmt 
rustfmt now formats `let … else { … }` expressions
 2023-07-03 14:50:59 +02:00
Kévin Commaille fab5d166f3 oidc-client: Derive Clone for ClientCredentials 2023-02-27 17:11:18 +01:00
Quentin Gliech 792d3c793b Convert many match/if expressions to let-else 2023-02-01 10:37:04 +01:00