v0.6.1

What's Changed

• Translations updates in #2137
• Fix the login template in case no human_name was set on the provider in #2138

Full Changelog: v0.6.0...v0.6.1

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:964945daf8c4dffc02475c8cc27bab99a5984d2b880351ec72671ce7ac8c31d1
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.6.1
  ghcr.io/matrix-org/matrix-authentication-service:0.6
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-ad0c166,ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:6c001b62cde36b27a3ae3094075f3f763d9d1a2790c5478e68350bef5c381849
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.6.1-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.6-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-ad0c166-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:9101a4c8db2e9e721317bc978000efd72b96bc796a819ced368cdb79e9704b52
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.6.1
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.6
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-ad0c166
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.6.0

What's Changed

• Use minijinja templates to map OIDC claims to user attributes in #2075
• Check for existing users ahead of time on upstream OAuth 2.0 registration in #2081
• Allow overriding endpoints & discovery mode for upstream OAuth 2.0 providers in #2121
• Add upstream OAuth 2.0 providers name and branding in #2127

Full Changelog: v0.5.0...v0.6.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:d5460ef39ee78073e7e7e7b17fb3c7210320dbdd555ffb69c1ff9c3e962de103
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.6.0
  ghcr.io/matrix-org/matrix-authentication-service:0.6
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-ec5b4dc
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:3e0983ca797f82890054a2cecbb562f92c5bfb096ada1ced89e2a709962e4469
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.6.0-debug,ghcr.io/matrix-org/matrix-authentication-service:0.6-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-ec5b4dc-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:760898268e58400bc908a5eac59f00349b88849dbca296e9ee06b5f1154a01b7
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.6.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.6
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-ec5b4dc
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.5.0

What's Changed

This version mainly includes visual polish throughout the login and registration flow, as well as updates to the syn2mas migration tool.

Instance branding

Configuration parameters have been added to set an instance privacy policy URI, terms of services URI and a legal imprint, which are included in the footer of all web pages.

The following configuration:

branding:
  policy_uri: https://matrix.org/policy
  tos_uri: https://matrix.org/tos
  imprint: All Rights Reserved. The Super Chat name, logo and device are registered trade marks of BigCorp Ltd.

yields the following footer:

Updates to syn2mas

syn2mas is now published on npm, and as such can be run with:

npx @matrix-org/syn2mas --command=advisor --synapseConfigFie=./homeserver.yaml

Relevant pull requests

• Add instance privacy policy, TOS and imprint, and loads of design cleanups by @sandhose in #2006
• Package and publish syn2mas to npm by @hughns in #2023
• syn2mas: accept ULIDs and UUIDs in arguments for upstream IDP mapping by @sandhose in #2034
• syn2mas: support for deactivated users & use timestamps when generating IDs by @sandhose in #2048
• Fix the login template not rendering on policy error by @sandhose in #2051

Full Changelog: v0.4.1...v0.5.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:6eec22df1af6fc288d17dec05a88b0383a693bbccc4229897a088312549776d5
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.5.0
  ghcr.io/matrix-org/matrix-authentication-service:0.5
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-beb874c
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:fff70a3bc58d4b2f7a871f42db8768ca768907d5d1e8415b1dba746cd43d595c
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.5.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.5-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-beb874c-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:7de303cfc00f54f6b401e4d4190e4d108b2fa25d43d53869bbe576900a72edb1
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.5.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.5
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-beb874c
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.4.1

This is a bugfix release which works around a bug where MAS could not send emails through SMTP servers using StartTLS/TLS.

v0.4.0 release notes

What's Changed

• Skip certificate chain validation when sending emails by @sandhose in #1997

Full Changelog: v0.4.0...v0.4.1

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:e6c052e88e3fbdda5e654d104d5d7823e66868c4234444222d3dcba48d202800
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.4.1
  ghcr.io/matrix-org/matrix-authentication-service:0.4
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-4087dca
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:ab1b7639b7f1d00b7af3c20bd9c0099483a56f1480294d626da089185fcd855e
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.4.1-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.4-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-4087dca-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:cbd611db949a64ddea4e84b5829e0d2cef8fff1d744d654885ea5766bf8a0563
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.4.1
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.4
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-4087dca
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.4.0

Known issues

Using a StartTLS/TLS SMTP server for sending emails doesn't work, because of an issue with certificate validation.
Server are affected if they use the smtp transport in starttls or tls mode. smtp transport in plain mode works as expected.

This has been fixed in 0.4.1

Main changes

• syn2mas: config files are now fully checked by @sandhose in #1938
• Wire up i18n for the React frontend by @t3chguy in #1962
• Fix a memory leak by upgrading minijinja in #1971

New Contributors

• @cleverer made their first contribution in #1990

Full Changelog: v0.3.0...v0.4.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:615181dfd73b0a9abf57d9803a94568b86422f68aeb1c468d03e0317d0bf3780
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.4.0
  ghcr.io/matrix-org/matrix-authentication-service:0.4
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-31c81d0
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:6e02e1231629e54fe244fd32aec1d6252dcbf3abe62233521304835f22af21ed
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.4.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.4-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-31c81d0-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:348d54d655509fde630371397f997fe3444cc9c2feef7c42f3a7706ca76c30be
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.4.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.4
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-31c81d0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.3.0

Changes

User activity tracking

The service now tracks when each session was last active, and records the last known IP address if available.

It will try to infer the client IP using the socket address, as well as the X-Forwarded-For header if present.
The latter is only trusted if the request comes from a trusted proxy, which needs to have its IP address in the ranges defined in the http.trusted_proxies configuration option.
By default, the following IP ranges are trusted: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, ::1/128 and fd00::/8.

The last known IP address and activity timestamp are shown on sessions in the web interface.

Translations

The server-side rendered templates are now translatable, and include a French translation.
Locale is inferred from the Accept-Language header, and cannot yet be overridden.

Unified application sessions list

The web interface now shows both compatibility and OIDC-native sessions in a unified session list.

syn2mas migration tool

A first version of the Synapse migration tool is now available. Documentation about the migration process can be found here

Other changes

• Outbound HTTP requests now share the same underlying HTTP client, which should improve performance by reusing connections.
• The service now tries to gracefully shutdown active connections when receiving a SIGTERM or SIGINT signal. Sending a signal again will force the process to exit immediately.
• Fixed a bug where the service would close the connection abruptly because it did not support HTTP/1.1 Keep-Alive, but advertised like it did. This sometime led to Synapse not being able to introspect access tokens through the service.
• Destructive actions in the web interface (like ending a session) now show a confirmation modal.

---

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:bd614c0d29c23b1255479ae079e11d5b6e1c2037de3932196beaa70baa8d31b0
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.3.0
  ghcr.io/matrix-org/matrix-authentication-service:0.3
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-b338bc4
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:7eca7bf2b6a57f24b2c04d1f51412136a46ac9af264ba40d5e02f41f76f03c0e
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.3.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.3-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-b338bc4-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:f80a1ddcde417eb83fbde311332d926d3ce74a15d9ed7f538634a10479cd6dd0
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.3.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.3
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-b338bc4
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.2.0

What's Changed

• Implemented the Client Credentials grant to support headless scenarios such as automation/bots
• Added the createOauth2Session() mutation to the admin API to create access tokens including non-expiry
• Improved consent screen designs
• My Account improvements including showing the client logo on the sessions list and detail

Docker images available at ghcr.io/matrix-org/matrix-authentication-service:0.2.0

v0.1.0

This initial release supports deployment with a single upstream OIDC IdP. Support for local password based authentication is not complete and it is not recommended to use it.

What's Changed

• Support for a single upstream IdP connected via OIDC
• Improved UI screens using Compound design system

Docker images available at ghcr.io/matrix-org/matrix-authentication-service:0.1.0