Christoph
|
32fd9bc673
|
Fix possible AttributeError when account-api is called over unix socket (#16404)
Fixes #16396
|
2023-10-09 10:16:07 +01:00 |
Erik Johnston
|
954921736b
|
Refactor `get_user_by_id` (#16316)
|
2023-09-14 12:46:30 +01:00 |
Quentin Gliech
|
1940d990a3
|
Revert MSC3861 introspection cache, admin impersonation and account lock (#16258)
|
2023-09-06 15:19:51 +01:00 |
Shay
|
69048f7b48
|
Add an admin endpoint to allow authorizing server to signal token revocations (#16125)
|
2023-08-22 14:15:34 +00:00 |
Mathieu Velten
|
2d15e39684
|
MSC3861: allow impersonation by an admin using a query param (#16132)
|
2023-08-18 15:46:46 +02:00 |
Erik Johnston
|
6130afb862
|
Add response time metrics for introspection requests (#16131)
See #16119
|
2023-08-18 12:16:00 +01:00 |
Shay
|
54a51ff6c1
|
Cache token introspection response from OIDC provider (#16117)
|
2023-08-17 10:53:10 -07:00 |
Mathieu Velten
|
dac97642e4
|
Implements admin API to lock an user (MSC3939) (#15870)
|
2023-08-10 09:10:55 +00:00 |
Patrick Cloke
|
c01343de43
|
Add stricter mypy options (#15694)
Enable warn_unused_configs, strict_concatenate, disallow_subclassing_any,
and disallow_incomplete_defs.
|
2023-05-31 07:18:29 -04:00 |
Quentin Gliech
|
ceb3dd77db
|
Enforce that an admin token also has the basic Matrix API scope
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
f739bde962
|
Reject tokens with multiple device scopes
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
98afc57d59
|
Make OIDC scope constants
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
14a5be9c4d
|
Handle errors when introspecting tokens
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
4d0231b364
|
Make AS tokens work & allow ASes to /register
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
c008b44b4f
|
Add an admin token for MAS -> Synapse calls
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
249f4a338d
|
Refactor config to be an experimental feature
Also enforce you can't combine it with incompatible config options
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
5fe96082d0
|
Actually enforce guest + return www-authenticate header
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
a1374b5c70
|
MSC2967: Check access token scope for use as user and add guest support
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
d20669971a
|
Use `name` claim as display name when registering users on the fly.
This makes is so that the `name` claim got when introspecting the token
is used as the display name when registering a user on the fly.
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
f9cd549f64
|
Record the `sub` claims as an external_id
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
7628dbf4e9
|
Handle the Synapse admin scope
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
c5cf1b421d
|
Save the scopes in the requester
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
765244faee
|
Initial MSC3964 support: delegation of auth to OIDC server
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
e2c8458bba
|
Make the api.auth.Auth a Protocol
|
2023-05-30 09:43:06 -04:00 |