Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2026-04-25 10:39:50 -04:00
Code Issues Packages Projects Releases Wiki Activity
9,867 Commits 208 Branches 317 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
bo0tzz
2da2bef777
fix: review notes, new register endpoint 2026-04-23 12:22:27 +02:00
bo0tzz
d50ea005a1
feat: manage link token via cookie instead 2026-04-18 13:46:30 +02:00
bo0tzz
b8c373f0f1
chore: rename linkToken to oauthLinkToken 2026-04-18 13:46:30 +02:00
bo0tzz
b42fdcfca9
fix: review notes 2026-04-18 13:46:29 +02:00
bo0tzz
5731c261eb
fix: require users to authenticate existing Immich account before OAuth linking 2026-04-18 13:46:29 +02:00
sparsh985
55f2b3b6a0
feat(server): add configurable OAuth prompt parameter (#26755) 
* feat(server): add configurable OAuth prompt parameter

Add a `prompt` field to the OAuth system config, allowing admins to
configure the OIDC `prompt` parameter (e.g. `select_account`, `login`,
`consent`). Defaults to empty string (no prompt sent), preserving
backward compatibility.

This is useful for providers like Google where users want to be prompted
to select an account when multiple accounts are signed in.

Discussed in #20762

* chore: regenerate OpenAPI spec and clients for OAuth prompt field

* Adding e2e test cases

* feat: web setting

* feat: docs

---------

Co-authored-by: Jason Rasmussen <jason@rasm.me>
 2026-04-17 21:20:07 +00:00
santanoce
dbf30b77bf
feat(server): added backchannel logout api endpoint (#26235) 
* feat(server): added backchannel logout api endpoint

* test(server): fixed e2e tests

* fix(server): fixed suggested changes by reviewer

* feat(server): created function invalidateOAuth

* fix(server): fixed session.repository.sql

* test(server): added unit tests for backchannelLogout function

* test(server): added e2e tests for oidc backchnnel logout

* docs(server): added documentation on backchannel logout url

* docs(server): fixed typo

* feat(server): minor improvements of the oidc backchannel logout

* test(server): fixed tests after merge with main

* fix(server): fixed e2e test file

* refactor(server): tiny refactor of validateLogoutToken

* chore: cleanup

* fix: tests

* fix: make jwks extractable

---------

Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>
 2026-04-17 18:45:33 +00:00
Timothy Dobras
d046f16860
fix(oauth): normalize email claim to lowercase and trim before account lookup and registration (#26841) 
* fix(oauth): normalize email claim to lowercase before account lookup and registration

* test(auth): add test for OAuth email case normalization

* chore: clean up

---------

Co-authored-by: Jason Rasmussen <jason@rasm.me>
 2026-04-16 15:41:42 +00:00
bo0tzz
3356e81c85
fix!: do not allow insecure oauth requests by default (#27844) 
* fix!: do not allow insecure oauth requests by default

* fix: format

* fix: make open-api

* fix: tests

* nit: casing

* chore: migration to allow insecure if current oauth uses http
 2026-04-16 10:11:58 -04:00
Timon
7d8f843be6
refactor!: migrate class-validator to zod (#26597) 2026-04-14 23:39:03 +02:00
Belnadifia
55513cd59f
feat(server): support IDPs that only send the userinfo in the ID token (#26717) 
Co-authored-by: irouply <irouply@secom.fr>
Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>
 2026-03-13 22:14:45 +01:00
Min Idzelis
6af534fe4c
feat: run maintenance tests in isolation, share containers between all … (#25856) 
* feat: run maintance tests in isolation, share containers between all serial test suites

* refactor: organize files

---------

Co-authored-by: Jason Rasmussen <jason@rasm.me>
 2026-02-10 11:05:06 -05:00