Commit Graph

43 Commits

Author SHA1 Message Date
c9d41f2517 Add CORS on token endpoint
All checks were successful
continuous-integration/drone/push Build is passing
2025-02-21 15:51:33 +01:00
1a1a41d5dc Disable client secret check when no secret is specified
All checks were successful
continuous-integration/drone/push Build is passing
2025-02-21 14:58:13 +01:00
d01311abf1 Can initiate code authentication without client secret
All checks were successful
continuous-integration/drone/push Build is passing
2025-02-21 14:49:45 +01:00
a73ad4bf41 Add CORS headers on OpenID configuration endpoint
All checks were successful
continuous-integration/drone/push Build is passing
2025-02-21 11:59:32 +01:00
0e5e2f55c5 Fix HTTPS detection
All checks were successful
continuous-integration/drone/push Build is passing
2024-07-05 22:08:12 +02:00
91ef6c25d5 Can define additional claims on per-client basis
All checks were successful
continuous-integration/drone/push Build is passing
2024-03-31 18:37:08 +02:00
0a5649fcb9 Add implicit authentication flow (#255)
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #255
Co-authored-by: Pierre HUBERT <pierre.git@communiquons.org>
Co-committed-by: Pierre HUBERT <pierre.git@communiquons.org>
2024-03-28 21:13:25 +00:00
cf0e7e1e68 Can enforce 2FA for specific clients 2024-03-27 20:59:29 +01:00
6cc9f4c54c Refactor dependencies to reduce code base size (#111)
All checks were successful
continuous-integration/drone/push Build is passing
Use crates to reduce code base size :

* `actix-remote-ip` to safely determine user IP location
* `light-openid` for the OpenID primitives & as client to handle federation

Reviewed-on: #111
2023-04-29 11:11:24 +00:00
f262e6f183 First issue with Owncloud OIDC client (#110)
All checks were successful
continuous-integration/drone/push Build is passing
OwnCloud 10.12.1 authentication fails with message "Authentication method unknown!"

Reviewed-on: #110
2023-04-28 09:39:52 +00:00
9b18b787a9 Add authentication from upstream providers (#107)
All checks were successful
continuous-integration/drone/push Build is passing
Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...)

Reviewed-on: #107
2023-04-27 10:10:28 +00:00
4f7c56a4b8 Loads clients list only once (#106)
All checks were successful
continuous-integration/drone/push Build is passing
Currently, the list of client is loaded separately for each Actix HTTP handler threads.

In prevision of future improvements, it is worthwhile to load this list only once.

Reviewed-on: #106
2023-04-17 16:49:19 +00:00
6d2e52d632 Add default clients (#105)
All checks were successful
continuous-integration/drone/push Build is passing
* Add the possibility to create client enabled by default when creating new accounts
* Can mark clients are granted for all users, regardless of users accounts grants

Reviewed-on: #105
2023-04-15 10:19:15 +00:00
f2e4826b14 Update to code to Rust 1.67
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-02 10:22:15 +01:00
e35f890241 Update crate base64
All checks were successful
continuous-integration/drone/push Build is passing
2023-01-23 16:38:21 +01:00
d06c0352fc Log all user actions on stdout
All checks were successful
continuous-integration/drone/push Build is passing
2022-11-19 13:38:24 +01:00
bfe65b0216 Add IP location service
All checks were successful
continuous-integration/drone/push Build is passing
2022-11-12 17:02:34 +01:00
af383720b7 Merge factors type for authentication 2022-11-11 12:26:02 +01:00
07542abf8b Update actix_identity
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-22 12:21:38 +02:00
48112dfed7 Make usage of FatalErrorPage more convenient 2022-04-23 20:31:09 +02:00
0e02b63d93 Refuse to deliver token if code_verifier is present without code challenge 2022-04-20 09:52:00 +02:00
94aeefe450 Replace type UserID with a structure 2022-04-19 19:40:36 +02:00
fad92c5930 Deprecate dangerous feature 2022-04-18 17:05:26 +02:00
bce601c550 Adapt OpenID discovery route to cluster configuration 2022-04-16 09:06:59 +02:00
937343c5f9 Add email to id_token 2022-04-15 20:34:07 +02:00
03a4bbb580 Cargo clippy 2022-04-15 20:18:36 +02:00
94c601119a Use JWT token for access token 2022-04-15 20:08:31 +02:00
69bb2816b9 Can disable code_challenge for specific clients 2022-04-15 19:26:17 +02:00
cac461e03d Can bypass code verifier for specific clients 2022-04-15 18:28:53 +02:00
1d21b30b68 Fix bad issuer 2022-04-15 17:30:43 +02:00
e0016b8305 More permissive redirect uris 2022-04-15 17:27:53 +02:00
819210ae86 Userinfo endpoint is working 2022-04-15 17:04:23 +02:00
b867016a71 Start to build userinfo endpoint 2022-04-14 18:39:18 +02:00
45f125a331 Add code challenge support 2022-04-14 18:04:01 +02:00
0b64c88fc6 Normalize error responses 2022-04-14 17:13:07 +02:00
078a913f6a Can request refresh tokens 2022-04-14 17:02:47 +02:00
53a540139c Emit id_token 2022-04-13 19:07:58 +02:00
d69b44528e Add /openid/token route 2022-04-12 20:40:44 +02:00
88e34902c0 cargo clippy 2022-04-09 12:25:56 +02:00
5633aae029 Check if user is authorized to access an application before authenticating him 2022-04-09 12:24:03 +02:00
b10215ae9c Save open id session 2022-04-09 12:18:59 +02:00
c4bc559b4d Check OpenID request parameters 2022-04-09 11:30:23 +02:00
7978706803 Add openid-connecter discovery route 2022-04-08 18:53:57 +02:00