Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Correctly mention previous copyright (#16820) | Erik Johnston | 2024-01-23 | 4 | -0/+4 |
| | | | | | During the migration the automated script to update the copyright headers accidentally got rid of some of the existing copyright lines. Reinstate them. | ||||
* | Merge remote-tracking branch 'gitlab/clokep/license-license' into new_develop | Erik Johnston | 2023-12-13 | 4 | -40/+64 |
|\ | |||||
| * | Update license headers | Patrick Cloke | 2023-11-21 | 4 | -40/+64 |
| | | |||||
* | | Keep track of `user_ips` and `monthly_active_users` when delegating auth ↵ | David Robertson | 2023-11-23 | 3 | -38/+53 |
|/ | | | | | | | | | | | | | (#16672) * Describe `insert_client_ip` * Pull out client_ips and MAU tracking to BaseAuth * Define HAS_AUTHLIB once in tests sick of copypasting * Track ips and token usage when delegating auth * Test that we track MAU and user_ips * Don't track `__oidc_admin` | ||||
* | Fix possible AttributeError when account-api is called over unix socket (#16404) | Christoph | 2023-10-09 | 1 | -1/+1 |
| | | | Fixes #16396 | ||||
* | Refactor `get_user_by_id` (#16316) | Erik Johnston | 2023-09-14 | 2 | -2/+2 |
| | |||||
* | Revert MSC3861 introspection cache, admin impersonation and account lock ↵ | Quentin Gliech | 2023-09-06 | 1 | -85/+6 |
| | | | | (#16258) | ||||
* | Add an admin endpoint to allow authorizing server to signal token ↵ | Shay | 2023-08-22 | 1 | -0/+13 |
| | | | | revocations (#16125) | ||||
* | MSC3861: allow impersonation by an admin using a query param (#16132) | Mathieu Velten | 2023-08-18 | 1 | -3/+22 |
| | |||||
* | Add response time metrics for introspection requests (#16131) | Erik Johnston | 2023-08-18 | 1 | -7/+27 |
| | | | See #16119 | ||||
* | Cache token introspection response from OIDC provider (#16117) | Shay | 2023-08-17 | 1 | -2/+38 |
| | |||||
* | Implements admin API to lock an user (MSC3939) (#15870) | Mathieu Velten | 2023-08-10 | 3 | -1/+28 |
| | |||||
* | Add stricter mypy options (#15694) | Patrick Cloke | 2023-05-31 | 1 | -1/+1 |
| | | | | Enable warn_unused_configs, strict_concatenate, disallow_subclassing_any, and disallow_incomplete_defs. | ||||
* | Enforce that an admin token also has the basic Matrix API scope | Quentin Gliech | 2023-05-30 | 1 | -5/+2 |
| | |||||
* | Reject tokens with multiple device scopes | Quentin Gliech | 2023-05-30 | 1 | -6/+24 |
| | |||||
* | Make OIDC scope constants | Quentin Gliech | 2023-05-30 | 1 | -10/+15 |
| | |||||
* | Handle errors when introspecting tokens | Quentin Gliech | 2023-05-30 | 1 | -5/+37 |
| | | | | | This returns a proper 503 when the introspection endpoint is not working for some reason, which should avoid logging out clients in those cases. | ||||
* | Make AS tokens work & allow ASes to /register | Quentin Gliech | 2023-05-30 | 3 | -83/+88 |
| | |||||
* | Add an admin token for MAS -> Synapse calls | Quentin Gliech | 2023-05-30 | 1 | -0/+15 |
| | |||||
* | Refactor config to be an experimental feature | Hugh Nimmo-Smith | 2023-05-30 | 1 | -25/+28 |
| | | | | Also enforce you can't combine it with incompatible config options | ||||
* | Actually enforce guest + return www-authenticate header | Hugh Nimmo-Smith | 2023-05-30 | 1 | -2/+16 |
| | |||||
* | MSC2967: Check access token scope for use as user and add guest support | Hugh Nimmo-Smith | 2023-05-30 | 1 | -10/+20 |
| | |||||
* | Use `name` claim as display name when registering users on the fly. | Hugh Nimmo-Smith | 2023-05-30 | 1 | -1/+8 |
| | | | | | This makes is so that the `name` claim got when introspecting the token is used as the display name when registering a user on the fly. | ||||
* | Record the `sub` claims as an external_id | Quentin Gliech | 2023-05-30 | 1 | -22/+37 |
| | |||||
* | Handle the Synapse admin scope | Quentin Gliech | 2023-05-30 | 1 | -0/+3 |
| | |||||
* | Save the scopes in the requester | Quentin Gliech | 2023-05-30 | 1 | -0/+1 |
| | |||||
* | Initial MSC3964 support: delegation of auth to OIDC server | Quentin Gliech | 2023-05-30 | 1 | -0/+227 |
| | |||||
* | Make the api.auth.Auth a Protocol | Quentin Gliech | 2023-05-30 | 3 | -0/+817 |