Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: Validate m.authentication configuration #3419

Merged
merged 15 commits into from
Jun 11, 2023
Merged

OIDC: Validate m.authentication configuration #3419

merged 15 commits into from
Jun 11, 2023

Conversation

kerryarchibald
Copy link
Contributor

@kerryarchibald kerryarchibald commented May 29, 2023
edited by github-actions bot
Loading

For element-hq/element-web#25466

Validates .well-known discovery result to check

  • m.authentication config is valid
  • m.authentication.issuer has valid configuration

Adds m.authentication section to clientConfig

Details in issue

Result is not used in react-sdk yet, but can be tested by entering a server name in the server picker (eg synapse-oidc.lab.element.dev)
Or configuring default_server_config.m.authentication in config.json

"default_server_config": {
        "m.homeserver": {
            "base_url": "https://synapse-oidc.lab.element.dev"
        },
        "org.matrix.msc2965.authentication": {
            "issuer": "https://auth-oidc.lab.element.dev/"
        }

    },

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)

Here's what your changelog entry will look like:

✨ Features

@kerryarchibald kerryarchibald force-pushed the kerry/25466/validate-wellknown-mauthentication branch from 48b0160 to 5f32b3f Compare June 6, 2023 04:54
@kerryarchibald kerryarchibald changed the title [WIP] OIDC: Determine homeserver is OIDC enabled OIDC: Validate m.authentication configuration Jun 6, 2023
@kerryarchibald kerryarchibald marked this pull request as ready for review June 6, 2023 05:17
@kerryarchibald kerryarchibald requested a review from a team as a code owner June 6, 2023 05:17
germain-gg
germain-gg suggested changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@germain-gg germain-gg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Globally looks good, added a few comments that I believe need to be addressed before merging this 👍

src/autodiscovery.ts Show resolved Hide resolved
src/oidc/validate.ts Show resolved Hide resolved
src/oidc/validate.ts Outdated Show resolved Hide resolved
src/oidc/validate.ts Outdated Show resolved Hide resolved
src/oidc/validate.ts Show resolved Hide resolved
@kerryarchibald kerryarchibald requested a review from germain-gg June 8, 2023 02:19
germain-gg
germain-gg approved these changes Jun 9, 2023
View reviewed changes
Copy link
Contributor

@germain-gg germain-gg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, looks good to me!

@kerryarchibald kerryarchibald enabled auto-merge June 11, 2023 21:26
@kerryarchibald kerryarchibald added this pull request to the merge queue Jun 11, 2023
Merged via the queue into develop with commit c66850e Jun 11, 2023
@kerryarchibald kerryarchibald deleted the kerry/25466/validate-wellknown-mauthentication branch June 11, 2023 21:44
@kerryarchibald kerryarchibald mentioned this pull request Jul 3, 2023
Closed
su-ex added a commit to SchildiChat/matrix-js-sdk that referenced this pull request Feb 22, 2024
@su-ex
Merge tag 'v26.1.0' into sc
10fe11f 
* Introduce a new `Crypto.Verifier` interface, and deprecate direct access to `VerificationBase`, `SAS` and `ReciprocateQRCode` ([\matrix-org#3414](matrix-org#3414)).
* Add `rust-crypto#isCrossSigningReady` implementation ([\matrix-org#3462](matrix-org#3462)). Contributed by @florianduros.
* OIDC: Validate `m.authentication` configuration ([\matrix-org#3419](matrix-org#3419)). Contributed by @kerryarchibald.
* ElementR: Add `CryptoApi.getCrossSigningStatus` ([\matrix-org#3452](matrix-org#3452)). Contributed by @florianduros.
* Extend stats summary with call device and user count based on room state ([\matrix-org#3424](matrix-org#3424)). Contributed by @toger5.
* Update MSC3912 implementation to use `with_rel_type` instead of `with_relations` ([\matrix-org#3420](matrix-org#3420)).
* Export thread-related types from SDK ([\matrix-org#3447](matrix-org#3447)). Contributed by @stas-demydiuk.
* Use correct /v3 prefix for /refresh ([\matrix-org#3016](matrix-org#3016)). Contributed by @davidisaaclee.
* Fix thread list being ordered based on all updates ([\matrix-org#3458](matrix-org#3458)). Fixes element-hq/element-web#25522.
* Fix: handle `baseUrl` with trailing slash in `fetch.getUrl` ([\matrix-org#3455](matrix-org#3455)). Fixes element-hq/element-web#25526. Contributed by @kerryarchibald.
* use cli.canSupport to determine intentional mentions support ([\matrix-org#3445](matrix-org#3445)). Fixes element-hq/element-web#25497. Contributed by @kerryarchibald.
* Make sliding sync linearize processing of sync requests ([\matrix-org#3442](matrix-org#3442)).
* Fix edge cases around 2nd order relations and threads ([\matrix-org#3437](matrix-org#3437)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@germain-gg germain-gg germain-gg approved these changes

@t3chguy t3chguy Awaiting requested review from t3chguy t3chguy is a code owner automatically assigned from matrix-org/element-web-reviewers

@florianduros florianduros Awaiting requested review from florianduros florianduros is a code owner automatically assigned from matrix-org/element-web-reviewers

Assignees
No one assigned
Labels
T-Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kerryarchibald @germain-gg