-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO UIA doesn't work #12692
Comments
Synapse issue: matrix-org/synapse#5667 |
Rough UX after talking with Nad: Button to start SSO, do the SSO stuff, then a confirm dialog saying something like "You've been authed, click to continue". Proper copy/design coming soon. |
@turt2live I've written up copy specific to each journey the user is taking, detailed below. I've also quickly thrown together some UI comps in Figma here to indicate how we should decorate the more destructive actions: https://www.figma.com/file/0x3jONAjbrzNutZnW89h6x/SSO-Auth?node-id=0%3A1 If any of this doesn't make sense, probably best to DM me for us to iterate on together. Account deactivationBefore auth: Use Single Sign On to continueConfirm your account deactivation by using Single Sign On to prove your identity. After auth: Confirm account deactivationAre you sure you want to deactivate your account? This is irreversible. Adding an email addressBefore auth: Use Single Sign On to continueConfirm adding this email address by using Single Sign On to prove your identity. After auth: Confirm adding email addressClick the button below to confirm adding this email address. Adding a phone numberBefore auth: Use Single Sign On to continueConfirm adding this phone number by using Single Sign On to prove your identity. After auth: Confirm adding phone numberClick the button below to confirm adding this phone number. Deleting a deviceBefore auth: Use Single Sign On to continueConfirm deleting this session by using Single Sign On to prove your identity. After auth: Confirm deleting this sessionClick the button below to confirm deleting this session. |
Synapse implementation: matrix-org/synapse#7102 |
Will fix #12028 |
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Apparently we didn't have an issue to track this, so here's a blob of (lightly edited) out of context text from internal discussions:
The list is much smaller than I anticipated. The things we care about are:
The other things the backend team might want is a way to test "fallback auth", which is Riot just opening a page instead of using a native UI for the auth step. In theory this could be a dialog within Riot or just opening a new tab.
At risk of over-explaining it: User-Interactive Authentication (UIA) is a framework for requiring arbitrary steps to be completed before an action can be taken. The spec defines a few possibilities, but the server could request anything (in theory). In practice, we can be reasonably sure which steps (also known as flows in the UIA world) will be offered by the server so we don't need to design for every single eventuality here (yet). We currently support password auth on those endpoints, but the bug is that Mozilla and other SSO users don't have passwords and can't do certain things with their accounts.
The backend team is also currently working on supporting the feature, so the last few stages of it are still somewhat undefined (how we get info from the SSO system into Riot so it can shove it over to the server).
Related issues:
The text was updated successfully, but these errors were encountered: