mirror of
https://github.com/element-hq/matrix-authentication-service.git
synced 2026-06-04 21:11:54 +00:00
Quentin Gliech
f2ef058283
Fixes #1875 This adds an experimental feature which allows expiring sessions that are inactive for a certain amount of time. It runs as a scheduled task every 15 minutes, checking for the 'last activity' on each session type. It processes sessions by batches of 100 at a time, to avoid overloading Synapse when syncing back the database. It expires: - all user (browser) sessions - all compatibility sessions - oauth sessions which are: - for a user - using a 'dynamic' client (so the sessions started from clients defined in the config are excluded)
OAuth2.0 + OpenID Connect Provider for Matrix Homeservers
MAS (Matrix Authentication Service) is an OAuth 2.0 and OpenID Provider server for Matrix.
It has been created to support the migration of Matrix to an OpenID Connect (OIDC) based authentication layer as per MSC3861.
See the Documentation for information on installation and use.
You can learn more about Matrix and OIDC at areweoidcyet.com.
Features
- Supported homeservers
- ✅ Synapse
- Authentication methods:
- ✅ Upstream OIDC
- 🚧 Local password
- ‼️ Application Services login (Encrypted bridges)
- Migration support
- ✅ Compatibility layer for legacy Matrix authentication
- ✅ Advisor on migration readiness
- ✅ Import users from Synapse
- ✅ Import password hashes from Synapse
- ✅ Import of external subject IDs for upstream identity providers from Synapse
Upstream Identity Providers
MAS is known to work with the following upstream IdPs via OIDC: