Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Fix Native OIDC for Element Desktop #12253

Merged
merged 18 commits into from
Feb 19, 2024
Merged

Fix Native OIDC for Element Desktop #12253

Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
04937bf
Reuse exported common type
t3chguy Feb 15, 2024
f8d2fe8
Improve client metadata used for OIDC dynamic registration
t3chguy Feb 15, 2024
039589b
Fix Native OIDC for Element Desktop by including ssoid in the url_sta…
t3chguy Feb 15, 2024
99a388c
Reuse exported common type
t3chguy Feb 15, 2024
b04f49c
Improve client metadata used for OIDC dynamic registration
t3chguy Feb 15, 2024
ca6a112
Fix typo
t3chguy Feb 16, 2024
507447c
Fix test
t3chguy Feb 16, 2024
f50ccf6
Merge branch 't3chguy/oidc-metadata' into t3chguy/oidc-desktop
t3chguy Feb 16, 2024
c4a257e
Merge branch 'develop' of github.com:matrix-org/matrix-react-sdk into…
t3chguy Feb 16, 2024
28b0cc5
Merge branch 't3chguy/oidc-metadata' of github.com:matrix-org/matrix-…
t3chguy Feb 16, 2024
e0f76d7
Merge remote-tracking branch 'origin/t3chguy/oidc-desktop' into t3chg…
t3chguy Feb 16, 2024
e98bc0b
Merge branch 'develop' into t3chguy/oidc-desktop
t3chguy Feb 16, 2024
7a40f91
Merge remote-tracking branch 'origin/t3chguy/oidc-desktop' into t3chg…
t3chguy Feb 16, 2024
909ce08
Mock PlatformPeg
t3chguy Feb 16, 2024
563fa45
Mock platform
t3chguy Feb 16, 2024
f4898da
Add comment
t3chguy Feb 19, 2024
ef4e544
Improve comment
t3chguy Feb 19, 2024
d13727a
Update src/BasePlatform.ts
t3chguy Feb 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion src/BasePlatform.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ export default abstract class BasePlatform {
return null;
}

protected getSSOCallbackUrl(fragmentAfterLogin = ""): URL {
public getSSOCallbackUrl(fragmentAfterLogin = ""): URL {
const url = new URL(window.location.href);
url.hash = fragmentAfterLogin;
return url;
Expand Down Expand Up @@ -478,4 +478,11 @@ export default abstract class BasePlatform {
policyUri: config.privacy_policy_url,
};
}

/**
* Suffix to append to the `state` parameter of OIDC /auth calls, will be round-tripped to the callback URI
*/
public getOidcClientState(): string {
return "";
t3chguy marked this conversation as resolved.
Show resolved Hide resolved
}
}
2 changes: 1 addition & 1 deletion src/Lifecycle.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -777,7 +777,7 @@ async function createOidcTokenRefresher(credentials: IMatrixClientCreds): Promis
try {
const clientId = getStoredOidcClientId();
const idTokenClaims = getStoredOidcIdTokenClaims();
const redirectUri = window.location.origin;
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;
const deviceId = credentials.deviceId;
if (!deviceId) {
throw new Error("Expected deviceId in user credentials.");
Expand Down
3 changes: 2 additions & 1 deletion src/stores/oidc/OidcClientStore.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import { OidcClient } from "oidc-client-ts";

import { getStoredOidcTokenIssuer, getStoredOidcClientId } from "../../utils/oidc/persistOidcSettings";
import { getDelegatedAuthAccountUrl } from "../../utils/oidc/getDelegatedAuthAccountUrl";
import PlatformPeg from "../../PlatformPeg";

/**
* @experimental
Expand Down Expand Up @@ -139,7 +140,7 @@ export class OidcClientStore {
...metadata,
authority: metadata.issuer,
signingKeys,
redirect_uri: window.location.origin,
redirect_uri: PlatformPeg.get()!.getSSOCallbackUrl().href,
client_id: clientId,
});
} catch (error) {
Expand Down
4 changes: 3 additions & 1 deletion src/utils/oidc/authorize.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import { IdTokenClaims } from "oidc-client-ts";

import { OidcClientError } from "./error";
import PlatformPeg from "../../PlatformPeg";

/**
* Start OIDC authorization code flow
Expand All @@ -39,7 +40,7 @@
identityServerUrl?: string,
isRegistration?: boolean,
): Promise<void> => {
const redirectUri = window.location.origin;
const redirectUri = PlatformPeg.get()!.getSSOCallbackUrl().href;

Check warning on line 43 in src/utils/oidc/authorize.ts

View workflow job for this annotation

GitHub Actions / Jest (2)

RETRY 1: OIDC authorization › startOidcLogin() › navigates to authorization endpoint with correct parameters 

TypeError: Cannot read properties of null (reading 'getSSOCallbackUrl')

    at startOidcLogin (src/utils/oidc/authorize.ts:43:42)
    at Object.<anonymous> (test/utils/oidc/authorize-test.ts:68:33)

Check warning on line 43 in src/utils/oidc/authorize.ts

View workflow job for this annotation

GitHub Actions / Jest (2)

RETRY 2: OIDC authorization › startOidcLogin() › navigates to authorization endpoint with correct parameters 

TypeError: Cannot read properties of null (reading 'getSSOCallbackUrl')

    at startOidcLogin (src/utils/oidc/authorize.ts:43:42)
    at Object.<anonymous> (test/utils/oidc/authorize-test.ts:68:33)

Check failure on line 43 in src/utils/oidc/authorize.ts

View workflow job for this annotation

GitHub Actions / Jest (2)

OIDC authorization › startOidcLogin() › navigates to authorization endpoint with correct parameters 

TypeError: Cannot read properties of null (reading 'getSSOCallbackUrl')

    at startOidcLogin (src/utils/oidc/authorize.ts:43:42)
    at Object.<anonymous> (test/utils/oidc/authorize-test.ts:68:33)

const nonce = randomString(10);

Expand All @@ -53,6 +54,7 @@
identityServerUrl,
nonce,
prompt,
urlState: PlatformPeg.get()?.getOidcClientState(),
});

window.location.href = authorizationUrl;
Expand Down
3 changes: 2 additions & 1 deletion test/stores/oidc/OidcClientStore-test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import { discoverAndValidateAuthenticationConfig } from "matrix-js-sdk/src/oidc/
import { OidcError } from "matrix-js-sdk/src/oidc/error";

import { OidcClientStore } from "../../../src/stores/oidc/OidcClientStore";
import { flushPromises, getMockClientWithEventEmitter } from "../../test-utils";
import { flushPromises, getMockClientWithEventEmitter, mockPlatformPeg } from "../../test-utils";
import { mockOpenIdConfiguration } from "../../test-utils/oidc";

jest.mock("matrix-js-sdk/src/oidc/discovery", () => ({
Expand Down Expand Up @@ -58,6 +58,7 @@ describe("OidcClientStore", () => {
jest.spyOn(logger, "error").mockClear();

fetchMock.get(`${metadata.issuer}.well-known/openid-configuration`, metadata);
mockPlatformPeg();
});

describe("isUserAuthenticatedWithOidc()", () => {
Expand Down
Loading