Shay
|
54a51ff6c1
|
Cache token introspection response from OIDC provider (#16117)
|
2023-08-17 10:53:10 -07:00 |
Quentin Gliech
|
ceb3dd77db
|
Enforce that an admin token also has the basic Matrix API scope
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
f739bde962
|
Reject tokens with multiple device scopes
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
14a5be9c4d
|
Handle errors when introspecting tokens
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
e343125b38
|
Disable incompatible Admin API endpoints
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
4d0231b364
|
Make AS tokens work & allow ASes to /register
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
249f4a338d
|
Refactor config to be an experimental feature
Also enforce you can't combine it with incompatible config options
|
2023-05-30 09:43:06 -04:00 |
Quentin Gliech
|
31691d6151
|
Disable account related endpoints when using OAuth delegation
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
5fe96082d0
|
Actually enforce guest + return www-authenticate header
|
2023-05-30 09:43:06 -04:00 |
Hugh Nimmo-Smith
|
28a9663bdf
|
Initial tests for OAuth delegation
|
2023-05-30 09:43:06 -04:00 |