Quentin Gliech
|
f739bde962
|
Reject tokens with multiple device scopes
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
98afc57d59
|
Make OIDC scope constants
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
14a5be9c4d
|
Handle errors when introspecting tokens
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
4d0231b364
|
Make AS tokens work & allow ASes to /register
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
c008b44b4f
|
Add an admin token for MAS -> Synapse calls
|
2023-05-30 09:43:06 -04:00 |
|
Hugh Nimmo-Smith
|
249f4a338d
|
Refactor config to be an experimental feature
Also enforce you can't combine it with incompatible config options
|
2023-05-30 09:43:06 -04:00 |
|
Hugh Nimmo-Smith
|
5fe96082d0
|
Actually enforce guest + return www-authenticate header
|
2023-05-30 09:43:06 -04:00 |
|
Hugh Nimmo-Smith
|
a1374b5c70
|
MSC2967: Check access token scope for use as user and add guest support
|
2023-05-30 09:43:06 -04:00 |
|
Hugh Nimmo-Smith
|
d20669971a
|
Use name claim as display name when registering users on the fly.
This makes is so that the `name` claim got when introspecting the token
is used as the display name when registering a user on the fly.
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
f9cd549f64
|
Record the sub claims as an external_id
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
7628dbf4e9
|
Handle the Synapse admin scope
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
c5cf1b421d
|
Save the scopes in the requester
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
765244faee
|
Initial MSC3964 support: delegation of auth to OIDC server
|
2023-05-30 09:43:06 -04:00 |
|
Quentin Gliech
|
e2c8458bba
|
Make the api.auth.Auth a Protocol
|
2023-05-30 09:43:06 -04:00 |
|