dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-04-26 17:27:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,858 Commits 87 Branches 85 Tags
40cb052d1f4ff667b6c0aedfb6bdbf7dc9447e62
Commit Graph

246 Commits

Author SHA1 Message Date
dependabot[bot]
bc96bae0b2 build(deps): bump crc from 3.2.1 to 3.3.0 
Bumps [crc](https://github.com/mrhooray/crc-rs) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/mrhooray/crc-rs/releases)
- [Commits](https://github.com/mrhooray/crc-rs/commits)

---
updated-dependencies:
- dependency-name: crc
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-08 13:55:32 +00:00
Quentin Gliech
5d58d9df7c Don't generate and send a nonce for non-OIDC-compliant auth requests 2025-05-07 15:34:27 +02:00
Doug
096ce6037d Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00
Quentin Gliech
3b6581ab3d storage: add a user-provided human name to OAuth 2.0 sessions 2025-04-25 16:55:29 +02:00
Quentin Gliech
b708c403e3 Save the locale detected when starting an authorization grant 2025-04-25 12:55:22 +02:00
Quentin Gliech
0cfea60fa0 Don't parse the user agent unless we need to 2025-04-24 13:13:26 +02:00
Quentin Gliech
691c283a1e Compile the user-agent regexes once 2025-04-24 12:36:41 +02:00
Quentin Gliech
bd737342b9 Always ask for consent, never for reauth (#4386) 2025-04-14 15:51:48 +02:00
Quentin Gliech
cf732ac8f0 Always ask for consent, never for reauth 
Now that we have deduplicated clients, we're in this weird situation
where authorization grants just… go through.

This is because 4 years ago, I designed it to support prompt=consent and
prompt=none, but that never ended up being used/mentioned in the MSCs.

We also had support for max_age, but that required reauthing, which
doesn't work well with upstream providers.

So this removes support for prompt=consent|none and max_age, and makes
sure we always go through the consent page.

Lots of code deleted, yay!
 2025-04-10 19:57:45 +02:00
mcalinghee
f2a47f9a88 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
2b81c8a42e Admin API for adding and removing upstream oauth links (#4255) 2025-04-09 13:33:16 +02:00
Quentin Gliech
d310f48a7e compat login: support using client-provided device ID (#4342) 2025-04-07 08:52:29 +02:00
Quentin Gliech
6e375ccfc1 Fix doc comment 2025-04-07 08:31:58 +02:00
Olivier 'reivilibre
1f2eccc645 compat login (sso): support using client-provided device_id 2025-04-04 16:25:01 +01:00
Quentin Gliech
5c13757e1d Deduplicate client registrations by hashing the metadata 2025-03-25 15:00:23 +01:00
MTRNord
850a9ed81b Link removal storage API 
From #3245 with changes from review
 2025-03-17 18:31:11 +02:00
Quentin Gliech
6a37fdfe30 Merge branch 'main' into quenting/dynamic-policy-data 2025-03-14 10:16:16 +01:00
Quentin Gliech
19f1091e56 Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech
6519d6c9ea Add a deactivated_at flag on users 2025-03-11 17:35:13 +01:00
Quentin Gliech
7c9bb73f67 Merge remote-tracking branch 'origin/main' into quenting/compat-device-id 2025-03-04 13:33:09 +01:00
Quentin Gliech
aa3af157a3 storage: store dynamic policy data in the database 2025-02-25 12:26:22 +01:00
Quentin Gliech
d1d95ee69a Fix some old Synapse access tokens not being recognized 2025-02-24 11:12:02 +01:00
Quentin Gliech
3d2b67a0b2 Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
Quentin Gliech
9cdc3b9f37 Allow compat session devices to have spaces 2025-02-19 17:55:18 +01:00
Quentin Gliech
935400d87b Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
Quentin Gliech
33fc45605f Update most Rust dependencies & disable some unused features 2025-02-06 12:50:50 +01:00
Olivier 'reivilibre
1a6932214f Introduce optional human_name column on compat_sessions 2025-02-05 11:36:51 +01:00
Quentin Gliech
463ba2ea50 Avoid unnecessary clones in the login_hint parser 2025-01-28 17:25:54 +01:00
Quentin Gliech
a5c9468f4e Utility to extract the localpart from a MXID 2025-01-28 17:25:36 +01:00
reivilibre
0c26dd859a Support compatibility sessions that do not have devices (#3801) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 14:50:31 +00:00
Quentin Gliech
6092efe949 Merge branch 'main' into quenting/optional-email 2025-01-20 11:31:48 +01:00
reivilibre
21e2c36e89 Recognise macaroons as access tokens from Synapse (#3797) 2025-01-17 09:50:13 +00:00
Quentin Gliech
dbb53160b6 Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
0513f198d8 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
75526ff0c4 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
ee33e9c0fb Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Mathieu Velten
af1282b510 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
a97d2daa3d Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
80903ed629 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
dependabot[bot]
f054ff887b build(deps): bump ruma-common from 0.14.1 to 0.15.0 
Bumps [ruma-common](https://github.com/ruma/ruma) from 0.14.1 to 0.15.0.
- [Release notes](https://github.com/ruma/ruma/releases)
- [Commits](https://github.com/ruma/ruma/compare/ruma-common-0.14.1...ruma-common-0.15.0)

---
updated-dependencies:
- dependency-name: ruma-common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 10:14:06 +01:00
Quentin Gliech
177a0f42bd Allow revoking refresh tokens 
This lets us track 'revoked' tokens separately from 'consumed' tokens.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
23c73cf191 Record when access tokens are first used 2024-12-11 14:15:01 +01:00
Quentin Gliech
56cb293fbb Record the next refresh token ID when refreshing 
This will help us determine whether we had a double-refresh happening
 2024-12-11 14:15:01 +01:00
Quentin Gliech
2e3b8bdd86 Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
56edcb4e52 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
98f13004bc Record extra query parameters during upstream callback 
And make them available in the templates.
This is useful to get the user display name for Sign-in with Apple
 2024-11-22 08:48:00 +01:00
Quentin Gliech
6efe8bf45a Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
ab4f438464 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
dependabot[bot]
9b12442308 build(deps): bump ruma-common from 0.13.0 to 0.14.1 
Bumps [ruma-common](https://github.com/ruma/ruma) from 0.13.0 to 0.14.1.
- [Release notes](https://github.com/ruma/ruma/releases)
- [Commits](https://github.com/ruma/ruma/compare/ruma-common-0.13.0...ruma-common-0.14.1)

---
updated-dependencies:
- dependency-name: ruma-common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-18 15:42:58 +01:00
Tonkku
00432ddba8 Remove mas-matrix dependency on mas-data-model 2024-11-18 11:42:43 +01:00