| Age | Commit message (Collapse) | Author |
|---|
|
Update the look of the documentation.
|
|
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
|
|
Adds a guide for Uptime Kuma for OpenID Connect 1.0.
|
|
Replaces github.com/ory/fosite with authelia.com/providers.oauth2 which is a hard fork of the former and has several major improvements.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This fixes several scenarios and intentions to be in line with our particular security and communication goals.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Optionally adds the signed_metadata value to the OAuth 2.0 Authorization Server Metadata and OpenID Connect Discovery 1.0 documents.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This includes an algorithm suffix to the generated JSON Web Key ID's if they are absent from the configuration. This allows a key to service multiple algorithms without having to manually specify the key_id each time.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Adds several refactored elements to many areas of OpenID Connect 1.0.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Create integration guide for oidc authentication for FreshRSS.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: darkpixelftw <104321110+darkpixelftw@users.noreply.github.com>
|
|
Adjusts the fail2ban information to work with both log types.
Signed-off-by: jeblove <249972068@qq.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Add OIDC PocketBase integration guide.
Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
|
|
Add Grafana role mapping example for OIDC integration.
Signed-off-by: noantiq <39308834+noantiq@users.noreply.github.com>
|
|
This implements user authorization utilizing the OAuth 2.0 bearer scheme (i.e. RFC6750) for both the authorize code grant and client credentials grant. This effectively allows application "passwords" when used with the client credentials grant.
Closes #2023, Closes #188.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
The AUTHELIA_LOG_LEVEL env variable is incorrectly detected as the deprecated version which maps to the `log_level` key instead of the `log.level` key.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Per our standard review process this adjusts the appropriate elements detected during the review.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds additional startup trace logging.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This prevents the reuse of previously used codes being reused within the validity period. This is prevented in a smart way by recording the step multiplied by the period and hashing that value as a string with the HMAC-SHA256 algorithm, with a HMAC key unique to recording these values (auto generated).
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This implements misc fixes as part of one of our betas.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This updates various areas of the documentation.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This regenerates the generated portions of code.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds functionality to the frontend to revoke the Reset Password JWT's.
Closes #136
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This updates various documentaiton elements for the pending changes.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This replaces the JWT method for Identity Verification for most elements with a One-Time Code which has a controllable lifetime. These codes elevate the session for a duration, are less likely to be accidentally clicked, can be revoked, and generally a better experience for users. Users will be able to copy the codes directly from the email or manually type them. This improves the process as the user is very unlikely to input the code into the wrong window, and can't open it in the wrong browser. In addition the process prevents accidental clicking from causing issues.
Closes #3801
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This implements multiple WebAuthn Credential registrations by means of a generic user settings UI.
Closes #275, Closes #4366
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Stephen Kent <smkent@smkent.net>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
* ci: remove container read-only mounts
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
* refactor: linting updates
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
---------
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
|
|
Signed-off-by: Bence Csik <22349790+csikb@users.noreply.github.com>
|
|
* build(deps): update dependency husky to v9
* ci(husky): adjust hooks for v9 convention
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
---------
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: Clay Rosenthal <contact@clayrosenthal.me>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
|
|
The latest breaking change to MinIO adjusts the callback URI. This includes this change.
|
|
As described.
Signed-off-by: Kitof <github@kitof.net>
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: BobDu <i@bobdu.cc>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Added FAQ Q&A to address a specific issue I had when deploying Duo as a second factor.
Signed-off-by: Dirk <erik.a.magn@gmail.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Adds a subpath configuration query parameter to unix sockets and other listeners.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
|
