-
-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update MSC2965 OIDC Discovery implementation #4064
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Help me out here. This is a chunky change, and is going to be time-consuming to review without any context.
What is the actual change in behaviour here, in more detail than "update"? I see the link to the MSC doc, but that in itself is a chunky document, and presumably some of it was previously implemented?
Is it possible to break up the change a bit, to make it easier to review (eg, it looks like one of the changes is to strip out support for m.authentication
? I don't really understand why that's happening, given the MSC still seems to talk about it, but can you pull that out to its own commit or its own PR?)
The MSC moved from advertising the OIDC issuer via |
A few ideas to kick you off:
Those are just a few ideas I found quickly. I'm sure there are others; like I say, I'm finding it hard to follow at the moment so I'm not in the best place to advise. It doesn't matter if some of those commits end up being trivial; it all helps to reduce the amount of state a reviewer has to keep in their head at once. |
I realise a lot of this is marked |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few drive-by comments
@@ -897,75 +871,4 @@ describe("AutoDiscovery", function () { | |||
}), | |||
]); | |||
}); | |||
|
|||
describe("m.authentication", () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I appreciate these tests don't really apply any more, but it worries me to see tests being ripped out without new ones to replace them. Shouldn't we have similar tests for the new endpoint?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a test for the new endpoint now, it landed as its own PR.
As for the rest of it, its just removing code and changing types, given tests have been updated with stubs matching the new types I'd consider that tested
Have split out #4071 - will rebase this PR and split into sane commits afterwards |
…m it Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
… response Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
67e5e90
to
0b07c2c
Compare
|
…chguy/fix/26908 # Conflicts: # spec/unit/oidc/authorize.spec.ts
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
…ported` from OIDC Issuer well-known Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
…x-js-sdk into t3chguy/fix/26908 # Conflicts: # src/oidc/validate.ts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems generally sensible. A nit, and a question.
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was there an answer to my question at #4064 (comment)?
Also would like to see a mention of .well-known/openid-configuration
somewhere in the doc-comments, per #4064 (comment).
LGTM otherwise
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
https://github.com/sandhose/matrix-doc/blob/msc/sandhose/oidc-discovery/proposals/2965-oidc-discovery.md
Switches from
m.authentication
in.well-known/matrix/client
toGET /auth_issuer
API as the MSC has done.Requires #4074
Here's what your changelog entry will look like:
✨ Features