Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC3824: OIDC aware clients #3824

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

MSC3824: OIDC aware clients #3824

wants to merge 17 commits into from

Conversation

hughns
Copy link
Member

@hughns hughns commented May 24, 2022
edited
Loading

Rendered

  • Spec is feature complete
  • Reviewed for consistency with MSC3861
  • Implementations believed to be complete enough

Dependencies:

Servers

Clients

@hughns hughns changed the title Add an optional query parameter to SSO redirect MSC3824: Add an optional query parameter to SSO redirect May 24, 2022
@hughns hughns changed the title MSC3824: Add an optional query parameter to SSO redirect MSC3824: Add optional action= query parameter to SSO redirect May 24, 2022
@hughns hughns changed the title MSC3824: Add optional action= query parameter to SSO redirect MSC3824: Login/register indication on SSO redirect May 24, 2022
@uhoreg uhoreg added proposal A matrix spec change proposal client-server Client-Server API needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. kind:maintenance MSC which clarifies/updates existing spec labels May 24, 2022
@hughns

This comment was marked as duplicate.

Sign in to view
@turt2live
Copy link
Member

(implementation nor the MSC have been sufficiently reviewed to remove the label - when someone on the SCT is comfortable with where things are at, they'll remove the label. Personally, I haven't gotten as far as deciding if I'm comfortable with it 😅)

@sandhose
Copy link
Member

sandhose commented May 25, 2022
edited
Loading

I think an important part of this would also be to be able to advertise what actions are available with each login method, e.g.

{
  "flows": [{
    "type": "m.login.password",
    "actions": ["login"],
  }, {
    "type": "m.login.sso",
    "actions": ["login", "register"]
  }]
}

This would allow clients to properly display what's really available for each login method

hughns and others added 2 commits May 25, 2022 11:13
@hughns @richvdh
Update proposals/3824-sso-redirect-action.md
ca78691 
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
@hughns
Add supported actions per auth type
3a67748
@hughns hughns changed the title MSC3824: Login/register indication on SSO redirect MSC3824: Ability to distinguish between login and registration May 30, 2022
@hughns
Copy link
Member Author

hughns commented May 31, 2022
edited
Loading

I've had an initial go at Synapse support in matrix-org/synapse#12924.

Matrix Authentication Service support within it's compatibility layer is in matrix-org/matrix-authentication-service#221

@hughns hughns changed the title MSC3824: Ability to distinguish between login and registration MSC3824: OIDC aware clients Jun 15, 2022
@hughns hughns mentioned this pull request Jun 15, 2022
Closed
4 tasks
@hughns hughns mentioned this pull request Jun 22, 2022
Merged
5 tasks
@hughns hughns mentioned this pull request Jun 22, 2022
Closed
20 tasks
@hughns hughns mentioned this pull request Aug 4, 2022
Draft
@hughns hughns mentioned this pull request Jan 9, 2023
Merged
20 tasks
@hughns
Copy link
Member Author

hughns commented Feb 3, 2023

The Web support has been merged so I think that this is ready for review. Android implementation is done too but not yet merged.

@hughns hughns marked this pull request as ready for review February 3, 2023 09:42
@turt2live turt2live added the matrix-2.0 Required for Matrix 2.0 label Mar 3, 2023
clokep
clokep reviewed May 16, 2023
View reviewed changes
proposals/3824-oidc-aware-clients.md
Comment on lines +46 to +49
Add an optional query parameter `action` to `GET /_matrix/client/v3/login/sso/redirect` and `GET /_matrix/client/v3/login/sso/redirect/{idpId}` with meaning:

- `login` - the SSO redirect is for the purposes of signing an existing user in
- `register` - the SSO redirect is for the purpose of registering a new user account
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'm missing something -- how would the client know whether it is logging in or registering?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The user would have told the client if they already have a Matrix account or not.

For example, by clicking buttons labelled as such.

clokep
clokep reviewed May 16, 2023
View reviewed changes
proposals/3824-oidc-aware-clients.md
For an OIDC enabled homeserver to provide support for *OIDC aware* clients it would:

- support OIDC delegation as per [MSC2964](https://github.com/matrix-org/matrix-spec-proposals/pull/2964) and others
- provide a compatibility layer for `m.login.password` and `m.login.sso` that wraps on to OIDC
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it defined how m.login.password an be wrapped into OIDC? I guess doing the login itself?

clokep
clokep reviewed May 16, 2023
View reviewed changes
proposals/3824-oidc-aware-clients.md
- support OIDC delegation as per [MSC2964](https://github.com/matrix-org/matrix-spec-proposals/pull/2964) and others
- provide a compatibility layer for `m.login.password` and `m.login.sso` that wraps on to OIDC
- indicate that the `m.login.sso` is preferred by setting `delegated_oidc_compatibility` to `true`
- make use of the `action` param on the SSO redirect endpoints
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make use of it to do what?

This was referenced May 17, 2023
Closed
Closed
@hughns @clokep
Update proposals/3824-oidc-aware-clients.md
5bee189 
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
This was referenced Aug 17, 2023
Open
Closed
This was referenced Aug 18, 2023
Closed
Closed
Closed
Closed
This was referenced Aug 21, 2023
Merged
Merged
@pmaier1 pmaier1 mentioned this pull request Sep 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clokep clokep clokep left review comments

@richvdh richvdh richvdh left review comments

Assignees
No one assigned
Labels
client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec matrix-2.0 Required for Matrix 2.0 needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hughns @turt2live @sandhose @clokep @richvdh @uhoreg