-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Cannot use UI auth with JWT login #16508
Comments
This sounds like the incorrect UI authentication information might be being passed by the SDK? (I'm not 100% sure Synapse even supports UI auth when using JWTs, but it must?) I'd be curious what the actual response JSON is in the response to |
i just tried it as plain POST call
and got back:
maybe its a hint, but in synapse database i dont see any session rows in sessions table. When i try password login with matrix id and password, then this works just fine, but table is still empty. |
I think this essentially means that UI auth doesn't work with JWT login. 😢 It should have the |
@clokep can i do something about it? Because i would really like to have E2EE, but we have users elsewhere (keycloak), we use jwt from keycloak for everything else. keys are filled, but auth is not sent it fails exactly here: https://github.com/famedly/matrix-dart-sdk/blob/main/lib/encryption/utils/bootstrap.dart#L474 and https://github.com/famedly/dart_matrix_api_lite/blob/main/lib/src/generated/api.dart#L1715 maybe alteration to add type or something would help? |
It should work fine w/ single sign-on, from your questions about the Dart SDK I assume you're embedding a client into something else? Realistically, I don't see the team prioritizing a fix for this. JWT is non-standard (and seldom used). We would accept a pull request fixing this, however. I think the code near this is incorrect: synapse/synapse/handlers/auth.py Lines 392 to 419 in 62a1a9b
|
Signing and chat itself works. Im using dart sdk to integrate into existing app. The encryption bootstrap init leads to this issue. I can try to make the PR, but im not experienced enough in python to make the change production worthy heh |
I think you want to add something like: if self.hs.config.jwt.jwt_enabled:
ui_auth_types.add(LoginRestServlet.JWT_TYPE) I'd probably suggest hacking that in and seeing if it works? We can certainly help with making it production worthy. :) |
tried creating it as a module and monkey patch the AuthHandler, but to no awail, module cannot find the class name. Tomorrow is another day. |
@clokep so, ive added simply
its still empty EDIT: hardcoded this function and still flows are empty:
and i can see in container that its replaced EDIT: when i use username and password, client sometimes throws upload keys failed, but when i access the same endpoint i get this:
|
This implies to me that the code isn't running, unfortunately. I suspect trying to develop inside the docker container isn't helping. The response for username/password auth looks correct. |
An update: im embarrassed, i copied it to wrong place in dockerfile. I got to a point where i have to complete stage in uia in client. Now i got to the
i guess now i have to modify something else in synapse? |
Probably worth checking the Synapse logs to see if you can figure out where this comes from? I'm not really sure what might be throwing this. |
Description
Hello,
im using dart sdk with JWT token from another auth service and when doing bootstrap i get to this point:
after that i get
flutter: [Matrix] [Bootstrapping] Error setting up cross signing - M_FORBIDDEN: Require additional authentication
based on information i found it seems like its not dart sdk issue.
this issue is probably related to #15779
Steps to reproduce
Homeserver
private synapse
Synapse Version
1.93.0
Installation Method
Docker (matrixdotorg/synapse)
Database
Postgres
Workers
I don't know
Platform
ubuntu
Configuration
Relevant log output
Anything else that would be useful to know?
No response
The text was updated successfully, but these errors were encountered: