dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-04-05 07:36:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,022 Commits 73 Branches 83 Tags
740dc01b2ec20af2cffec7f9d2d91efd758175cd
Commit Graph

206 Commits

Author SHA1 Message Date
Quentin Gliech
d0f1cf4971 Allow configuring the connection to the homeserver to be read-only. 2025-03-03 17:24:15 +01:00
Quentin Gliech
6e881d60f2 Document the new username ban/allow policy 2025-03-03 10:35:44 +01:00
Quentin Gliech
674c1a4ada Upgrade OpenTelemetry to 0.28 2025-02-24 10:44:08 +01:00
Quentin Gliech
0ab0f13c7c Match suffixes and prefixes in string constraints 2025-02-17 16:40:10 +01:00
Quentin Gliech
b603b32186 Update the policy documentation 2025-02-17 15:43:25 +01:00
Quentin Gliech
ffb6e2e9be Fix the HTTP status code for the user creation admin endpoint (#4040) 2025-02-14 15:01:58 +01:00
Quentin Gliech
be1da26bd8 Fix the HTTP status code for the user creation admin endpoint 2025-02-14 14:54:22 +01:00
Quentin Gliech
a8b03bbd86 Admin API to add user emails 2025-02-14 14:50:47 +01:00
Quentin Gliech
344794bb0b Admin API to delete user emails 2025-02-14 14:50:46 +01:00
Quentin Gliech
f2ef058283 Experimental feature to automatically expire inactive sessions (#4022) 
Fixes #1875 

This adds an experimental feature which allows expiring sessions that
are inactive for a certain amount of time.

It runs as a scheduled task every 15 minutes, checking for the 'last
activity' on each session type.
It processes sessions by batches of 100 at a time, to avoid overloading
Synapse when syncing back the database.

It expires:

 - all user (browser) sessions
 - all compatibility sessions
 - oauth sessions which are:
   - for a user
   - using a 'dynamic' client (so the sessions started from clients defined
      in the config are excluded)
 2025-02-13 10:33:00 +01:00
Quentin Gliech
25d3dbd07c Simplify the setup documentation introduction (#3994) 2025-02-13 09:08:26 +01:00
Strac Consulting Engineers Pty Ltd
da944ccde7 Update README.md 
Amended issuer.
 2025-02-13 18:03:51 +11:00
Quentin Gliech
7bfb1a155e Add documentation for session timeout configuration 2025-02-12 17:34:23 +01:00
Quentin Gliech
dab640aa51 Allow filtering sessions by client kind (dynamic or static) 2025-02-12 17:31:21 +01:00
Quentin Gliech
935400d87b Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
Quentin Gliech
a7ae36e1ce Allow filtering by subject in the upstream OAuth links admin API 2025-02-12 11:07:11 +01:00
Quentin Gliech
c880a3dbac Admin API to list and get upstream OAuth links 2025-02-12 10:51:31 +01:00
Quentin Gliech
91d4d0ea39 Load Swagger UI earlier 2025-02-11 19:16:59 +01:00
Quentin Gliech
3d36b234f3 Enable operation deep-linking in the admin API docs 2025-02-11 19:06:19 +01:00
Quentin Gliech
9216d547ea Fix the user session admin API docs 2025-02-11 17:09:33 +01:00
Quentin Gliech
3792cd4f3b Admin API to list and get user sessions (#4004) 
Similar to #4002, this adds an admin API to list and get user (browser
cookies) sessions
 2025-02-11 16:38:21 +01:00
Quentin Gliech
2a9fb26265 Admin API to list and get user sessions 2025-02-11 14:24:16 +01:00
Quentin Gliech
c881fb24f5 Fix the definition of the set-password success response in the OpenAPI spec 2025-02-11 13:54:15 +01:00
Quentin Gliech
42841cea3e Admin API to list and get compatibility sessions 2025-02-11 12:01:54 +01:00
Quentin Gliech
36e9d62db3 Admin API to list and get user emails (#4001) 
This adds endpoints to get and list user emails.

I chose to not scope them to users, so listing the emails for a user
means listing emails with a user filter
 2025-02-10 17:24:46 +01:00
Quentin Gliech
7b63b8d191 Update links to policy files (#3982) 2025-02-10 17:23:45 +01:00
Quentin Gliech
7ade439ac3 Admin API to list and get user emails 2025-02-10 17:13:55 +01:00
Strac Consulting Engineers Pty Ltd
ee9eeea648 Update README.md 2025-02-09 13:07:31 +11:00
Will Lewis
76cdbc0ef0 Add reference to worker page 2025-02-07 13:57:28 +00:00
Will Lewis
20ee39af20 Add documentation to account for all cli mas options and standardise format 2025-02-07 13:38:36 +00:00
Travis Ralston
485e742ee4 Update links to policy files 2025-02-06 15:41:55 -07:00
Quentin Gliech
fbbbf5b8fd Merge pull request #3790 from Stogas/patch-1 
Add 'introspection_endpoint' to homeserver config example
 2025-01-28 10:10:27 +01:00
Quentin Gliech
a8e7749a07 Clarify why one would override the introspection_endpoint 2025-01-28 10:02:06 +01:00
reivilibre
e5b6e1e8c2 Add pre-migration checks to syn2mas (#3805) 
This matches or exceeds `advisor.mts` from the old tool.

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 18:01:46 +00:00
Quentin Gliech
ef077d0e51 Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
0513f198d8 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Ovidijus Balkauskas
713bdeca75 Add 'introspection_endpoint' to homeserver config example 
This value was previously undocumented, but helpful in our case to access MAS within the same K8s cluster

Signed-off-by: Ovidijus Balkauskas <570945@gmail.com>
 2025-01-13 14:10:34 +02:00
Quentin Gliech
6ba8554bc7 Document the response_mode parameter 2025-01-06 11:59:53 +01:00
Quentin Gliech
cd078cb567 Document the new usptream OAuth 2.0 configuration options 2025-01-06 11:59:53 +01:00
ChurchOfTheSubgenius
1434429b6c Include example SSO config for Rauthy. (#3725) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-12-19 15:26:02 +00:00
Quentin Gliech
a97d2daa3d Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
80903ed629 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
reivilibre
93ddaeefc3 Add documentation against using database transaction poolers (#3617) 2024-12-05 11:28:22 +00:00
Quentin Gliech
2e3b8bdd86 Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
56edcb4e52 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Phan Trung Thanh
a0c2ce67ba Update configuration.md to include a missing parameter 2024-11-26 13:17:52 +01:00
Quentin Gliech
93bbfabf8e Document how to set up Sign-in with Apple 2024-11-22 08:48:00 +01:00
Quentin Gliech
6efe8bf45a Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
ab4f438464 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
hatch01
ba6d69b4a4 fix sso exemple config for authelia 2024-11-18 08:47:38 +01:00