authx

authx copied to clipboard

It looks like the `grant_id` segment was omitted in the resource format description, even though it was present in the matrix. This adds it.

mike-marcacci

There is currently no convenient way to list all the credentials of an authority. I would like to propose exposing `Authority.credentials` over GraphQL.

mike-marcacci

The functions in this utility are often in reasonably hot paths, both in this project and in directly-consuming projects. These were written with a focus on correctness over performance, and...

mike-marcacci

As discovered by @clarson283 the AuthX interface does not automatically skip the authorization window in some cases where it should. In particular, she noticed that requesting the scope `authx:v2.user.......{current_user_id}:r....` would...

mike-marcacci

Add a flag for disabling authentication via an active email authority

1

The email authority has utility as a mechanism for _identification_ in addition to _authentication_. Accordingly, there are use cases that require all the current functionality of this strategy, but also...

mike-marcacci

The refresh token logic is supposed to work as follows: 1. validate the request/refresh token 2. [look for an existing active authorization tied to the grant with the same scopes](https://github.com/the-control-group/authx/blob/e59958ebcdcd158674af084ad13259d9e871b520/packages/authx/src/oauth2.ts#L838-L852)...

mike-marcacci

Currently, the purpose of scopes necessary for OAuth are a bit opaque when displayed to the user. Instead of listing them individually, AuthX should create a new base explanation that...

mike-marcacci

We have reports that, at least in certain cases, the web proxy does not reattempt the auth code flow when its refresh token is invalid, as is the case for...

mike-marcacci

Add actions for reading metadata

1

We should add an action segment to all entities to "read metadata." Metadata would include viewing records (or at least version history), invocation logs, and potentially access logs in the...

mike-marcacci

A big (and growing) part of security is risk prediction and preemption. With AuthX, it is good practice to revoke likely leaked, long-unused, or suspicious authorizations and grant secrets. Of...

mike-marcacci