From 1a434443b9a2d5bdfceeea180fda3414f2e0916e Mon Sep 17 00:00:00 2001 From: Enginecrafter77 Date: Tue, 24 Feb 2026 15:10:44 +0100 Subject: [PATCH] Add option to disable password authorization flow --- src/api/client/session/mod.rs | 2 +- src/core/config/mod.rs | 10 ++++++++++ tuwunel-example.toml | 8 ++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/api/client/session/mod.rs b/src/api/client/session/mod.rs index edc505ff..f8ca21c4 100644 --- a/src/api/client/session/mod.rs +++ b/src/api/client/session/mod.rs @@ -78,7 +78,7 @@ pub(crate) async fn get_login_types_route( | LoginType::Sso(SsoLoginType { identity_providers }) if list_idps && identity_providers.is_empty() => false, - + | LoginType::Password(_) => services.config.login_with_password, | _ => true, }) .collect(), diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index e7caac85..c72d49ce 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -984,6 +984,16 @@ pub struct Config { #[serde(default = "true_fn")] pub login_via_token: bool, + /// Whether to enable login using traditional user/password authorization + /// flow. + /// + /// Set this option to false if you intend to allow logging in only using + /// other mechanisms, such as SSO. + /// + /// default: true + #[serde(default = "true_fn")] + pub login_with_password: bool, + /// Login token expiration/TTL in milliseconds. /// /// These are short-lived tokens for the m.login.token endpoint. diff --git a/tuwunel-example.toml b/tuwunel-example.toml index 9b9b9e18..fa02a7a5 100644 --- a/tuwunel-example.toml +++ b/tuwunel-example.toml @@ -810,6 +810,14 @@ # #login_via_token = true +# Whether to enable login using traditional user/password authorization +# flow. +# +# Set this option to false if you intend to allow logging in only using +# other mechanisms, such as SSO. +# +#login_with_password = true + # Login token expiration/TTL in milliseconds. # # These are short-lived tokens for the m.login.token endpoint.