continuwuation/continuwuity
9
24
Fork 20
Code Issues 87 Pull requests 9 Projects Releases 18 Packages 1 Activity Actions

WIP: act as a Matrix OIDC auth provider #810

Draft
lafleur wants to merge 20 commits from lafleur/continuwuity:as-oidc-provider into main
pull from: lafleur/continuwuity:as-oidc-provider
merge into: continuwuation:main
Conversation 22 Commits 20 Files changed 30 +1193 -10

20 commits

Author SHA1 Message Date
nexy7574
aa206e4f90
fix build errors
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Failing after 0s
Details
Checks / Prefligit / prefligit (pull_request) Failing after 23s
Details
2025-07-02 02:02:17 +01:00
Jade Ellis
a71a8e0c6d
fixup! fix OidcResponse: reimplement IntoResponse 2025-07-02 02:02:17 +01:00
lafleur
fbf190b5d9
fix OidcResponse: reimplement IntoResponse 2025-07-02 02:02:17 +01:00
Jade Ellis
766dba889b
chore: fix up 2025-07-02 02:02:16 +01:00
lafleur
0fbe9b95de
oidc: small cosmetics + typos 2025-07-02 02:02:16 +01:00
lafleur
68b6a02f29
remove stale debugging logs 
I don't have the hd space to do debug builds, so I use tracing::info to debug
on release builds. Silly, right ?
 2025-07-02 02:02:16 +01:00
lafleur
dd2d08d3b1
use config.server_name as title in OIDC pages 2025-07-02 02:02:16 +01:00
lafleur
a0f4afe1a9
fix oidc_provider discovery message and docstrings 2025-07-02 02:02:15 +01:00
lafleur
66f37b30a4
typos oidc_provider discovery 2025-07-02 02:02:15 +01:00
lafleur
e705f006cd
fix oidc_provider config section's doc generation 2025-07-02 02:02:15 +01:00
Jade Ellis
1c4b53f516
fix: Don't crash when the client URL doesn't have a domain 
Having a URL with an IP literal, for example, is allowed
 2025-07-02 02:02:15 +01:00
Jade Ellis
30954c7f13
fix: Use correct CSP for login page 2025-07-02 02:02:14 +01:00
Jade Ellis
042657804b
chore: Ignore formatting PR in blame 2025-07-02 02:02:11 +01:00
Jade Ellis
d7b48a0f7c
chore: Fix most clippy issue, format & typos 2025-07-02 02:01:53 +01:00
lafleur
67e5869e43
remove stale dependency oxide-auth-axum 2025-07-02 02:01:52 +01:00
lafleur
fa9b8869b6
feat(oidc_provider) use askama templates 
Implements a custom OidcResponse with CSP headers and oxide-auth processing
compatibility.
 2025-07-02 02:01:50 +01:00
lafleur
3417ac2487
rebase on current main 2025-07-02 02:01:45 +01:00
lafleur
eb4c6f9d13
impl MSC2966: register clients dynamically 2025-07-02 02:01:43 +01:00
lafleur
5ab7b61129
impl MSC2964: OIDC token flow 
# Conflicts:
#	Cargo.lock
 2025-07-02 02:01:40 +01:00
lafleur
db3a2dc468
impl MSC2965: self-advertise as OIDC authentication provider 
MSC2965 proposes to let the homeserver advertise its current OIDC authentication
issuer. These changes let conduwuit advertise itself as the issuer when
[global.auth.enable_oidc_login] is set. It also advertises its account management
endpoint if [global.auth.enable_oidc_account_management] is set.

None of these endpoints are implemented. This commit only implements the bare
advertisement, as requested by the MSC.
 2025-07-02 02:01:31 +01:00