OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity
23,054 Commits
842 Branches
671 Tags
284 MiB
Commit Graph

21 Commits (1e571cd66437ea2455c203dafb94c20ba48cdcc1)

Author SHA1 Message Date
Shay 69048f7b48
Add an admin endpoint to allow authorizing server to signal token revocations (#16125) 2023-08-22 14:15:34 +00:00
Mathieu Velten 2d15e39684
MSC3861: allow impersonation by an admin using a query param (#16132) 2023-08-18 15:46:46 +02:00
Erik Johnston 6130afb862
Add response time metrics for introspection requests (#16131) 
See #16119
 2023-08-18 12:16:00 +01:00
Shay 54a51ff6c1
Cache token introspection response from OIDC provider (#16117) 2023-08-17 10:53:10 -07:00
Mathieu Velten dac97642e4
Implements admin API to lock an user (MSC3939) (#15870) 2023-08-10 09:10:55 +00:00
Patrick Cloke c01343de43
Add stricter mypy options (#15694) 
Enable warn_unused_configs, strict_concatenate, disallow_subclassing_any,
and disallow_incomplete_defs.
 2023-05-31 07:18:29 -04:00
Quentin Gliech ceb3dd77db Enforce that an admin token also has the basic Matrix API scope 2023-05-30 09:43:06 -04:00
Quentin Gliech f739bde962 Reject tokens with multiple device scopes 2023-05-30 09:43:06 -04:00
Quentin Gliech 98afc57d59 Make OIDC scope constants 2023-05-30 09:43:06 -04:00
Quentin Gliech 14a5be9c4d Handle errors when introspecting tokens 
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
 2023-05-30 09:43:06 -04:00
Quentin Gliech 4d0231b364 Make AS tokens work & allow ASes to /register 2023-05-30 09:43:06 -04:00
Quentin Gliech c008b44b4f Add an admin token for MAS -> Synapse calls 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith 249f4a338d Refactor config to be an experimental feature 
Also enforce you can't combine it with incompatible config options
 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith 5fe96082d0 Actually enforce guest + return www-authenticate header 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith a1374b5c70 MSC2967: Check access token scope for use as user and add guest support 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith d20669971a Use `name` claim as display name when registering users on the fly. 
This makes is so that the `name` claim got when introspecting the token
is used as the display name when registering a user on the fly.
 2023-05-30 09:43:06 -04:00
Quentin Gliech f9cd549f64 Record the `sub` claims as an external_id 2023-05-30 09:43:06 -04:00
Quentin Gliech 7628dbf4e9 Handle the Synapse admin scope 2023-05-30 09:43:06 -04:00
Quentin Gliech c5cf1b421d Save the scopes in the requester 2023-05-30 09:43:06 -04:00
Quentin Gliech 765244faee Initial MSC3964 support: delegation of auth to OIDC server 2023-05-30 09:43:06 -04:00
Quentin Gliech e2c8458bba Make the api.auth.Auth a Protocol 2023-05-30 09:43:06 -04:00