Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: Make authorization request #25574

Closed
Tracked by #25392
kerryarchibald opened this issue Jun 13, 2023 · 0 comments · Fixed by matrix-org/matrix-react-sdk#11096
Closed
Tracked by #25392

OIDC: Make authorization request #25574

kerryarchibald opened this issue Jun 13, 2023 · 0 comments · Fixed by matrix-org/matrix-react-sdk#11096
Assignees
@kerryarchibald
Labels
A-Authentication A-OIDC T-Enhancement Z-Labs

Comments

@kerryarchibald
Copy link
Contributor

kerryarchibald commented Jun 13, 2023
edited
Loading

3.1.1. Authorization Code Flow Steps
The Authorization Code Flow goes through the following steps.

  1. Client prepares an Authentication Request containing the desired request parameters.
  2. Client sends the request to the Authorization Server.
  3. Authorization Server Authenticates the End-User.
  4. Authorization Server obtains End-User Consent/Authorization.
  5. Authorization Server sends the End-User back to the Client with an Authorization Code.
  6. Client requests a response using the Authorization Code at the Token Endpoint.
  7. Client receives a response that contains an ID Token and Access Token in the response body.
  8. Client validates the ID token and retrieves the End-User's Subject Identifier.

https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth

This task addresses steps 1-5

There are three scopes that you need to request access to:

  • openid - standard OIDC scope
  • urn:matrix:org.matrix.msc2967.client:api:* - gives full access to Client Server API. See MSC2967: API scopes for details of future scopes
  • urn:matrix:org.matrix.msc2967.client:device:<generated device ID> - e.g. urn:matrix:org.matrix.msc2967.client:device:ABCDEFGHIJKL

So, a complete scope would be:

openid urn:matrix:org.matrix.msc2967.client:api:* urn:matrix:org.matrix.msc2967.client:device:ABCDEFGHIJKL

Resources

AC

  • When oidcNativeFlow is supported at Login, a single 'continue' button is rendered (like oidc-aware flow)
  • On clicking the continue button, a request to the configured authorization endpoint is made
@kerryarchibald kerryarchibald mentioned this issue Jun 13, 2023
Closed
@kerryarchibald kerryarchibald self-assigned this Jun 13, 2023
This was referenced Jun 15, 2023
Closed
Merged
@kerryarchibald kerryarchibald mentioned this issue Jun 22, 2023
Merged
3 tasks
su-ex added a commit to SchildiChat/element-desktop that referenced this issue Feb 24, 2024
@su-ex
Merge tag 'v1.11.36' into sc
bc6f74c 
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes element-hq/element-web#25733.
* OIDC: store initial screen in session storage  ([\#25688](element-hq/element-web#25688)). Fixes element-hq/element-web#25656. Contributed by @kerryarchibald.
* Allow default_server_config as a fallback config ([\#25682](element-hq/element-web#25682)). Contributed by @ShadowRZ.
* OIDC: remove auth params from url after login attempt ([\#25664](element-hq/element-web#25664)). Contributed by @kerryarchibald.
* feat(faq): remove keyboard shortcuts button ([\#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq/element-web#22625. Contributed by @gefgu.
* GYU: Update banner ([\#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq/element-web#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq/element-web#6942.
* OIDC: Log in ([\#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq/element-web#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq/element-web#4457 and element-hq/element-web#8720.
* Autoapprove Element Call oidc requests ([\#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen.
* Expose and pre-populate thread ID in devtools dialog ([\#10953](matrix-org/matrix-react-sdk#10953)).
* Hide URL preview if it will be empty ([\#9029](matrix-org/matrix-react-sdk#9029)).
* Change wording from avatar to profile picture ([\#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\#11197](matrix-org/matrix-react-sdk#11197)).
* Consider more user inputs when calculating zxcvbn score ([\#11180](matrix-org/matrix-react-sdk#11180)).
* GYU: Account Notification Settings ([\#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq/element-web#24567. Contributed by @justjanne.
* Compound Typography pass ([\#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq/element-web#25548.
* OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq/element-web#25574. Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\#3600](matrix-org/matrix-js-sdk#3600)).
* Fix missing metaspace notification badges ([\#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq/element-web#25679.
* Make checkboxes less rounded ([\#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq/element-web#25703.
* Avoid trying to set room account data for pinned events as guest ([\#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq/element-web#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq/element-web#25718.
* Handle newlines in user pills ([\#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq/element-web#10994.
* Limit width of user menu in space panel ([\#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq/element-web#22627.
* Add isLocation to ComposerEvent analytics events ([\#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq/element-web#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq/element-web#25683.
* Apply i18n to strings in the html export ([\#11176](matrix-org/matrix-react-sdk#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\#11160](matrix-org/matrix-react-sdk#11160)).
* Make event info size consistent with state events ([\#11181](matrix-org/matrix-react-sdk#11181)).
* Fix markdown content spacing ([\#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq/element-web#25685.
* Fix font-family definition for emojis ([\#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq/element-web#25686.
* Fix spurious error sending receipt in thread errors ([\#11157](matrix-org/matrix-react-sdk#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq/element-web#25674.
* Only trap escape key for cancel reply if there is a reply ([\#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq/element-web#25640.
* Update linkify to 4.1.1 ([\#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq/element-web#23806.
su-ex added a commit to SchildiChat/element-web that referenced this issue Feb 24, 2024
@su-ex
Merge tag 'v1.11.36' into sc
4a0c85d 
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* Deprecate customisations in favour of Module API ([\element-hq#25736](element-hq#25736)). Fixes element-hq#25733.
* OIDC: store initial screen in session storage  ([\element-hq#25688](element-hq#25688)). Fixes element-hq#25656. Contributed by @kerryarchibald.
* Allow default_server_config as a fallback config ([\element-hq#25682](element-hq#25682)). Contributed by @ShadowRZ.
* OIDC: remove auth params from url after login attempt ([\element-hq#25664](element-hq#25664)). Contributed by @kerryarchibald.
* feat(faq): remove keyboard shortcuts button ([\element-hq#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq#22625. Contributed by @gefgu.
* GYU: Update banner ([\element-hq#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\element-hq#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq#6942.
* OIDC: Log in ([\element-hq#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\element-hq#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq#4457 and element-hq#8720.
* Autoapprove Element Call oidc requests ([\element-hq#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen.
* Expose and pre-populate thread ID in devtools dialog ([\element-hq#10953](matrix-org/matrix-react-sdk#10953)).
* Hide URL preview if it will be empty ([\element-hq#9029](matrix-org/matrix-react-sdk#9029)).
* Change wording from avatar to profile picture ([\element-hq#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\element-hq#11197](matrix-org/matrix-react-sdk#11197)).
* Consider more user inputs when calculating zxcvbn score ([\element-hq#11180](matrix-org/matrix-react-sdk#11180)).
* GYU: Account Notification Settings ([\element-hq#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq#24567. Contributed by @justjanne.
* Compound Typography pass ([\element-hq#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq#25548.
* OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq#25574. Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\element-hq#3600](matrix-org/matrix-js-sdk#3600)).
* Fix missing metaspace notification badges ([\element-hq#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq#25679.
* Make checkboxes less rounded ([\element-hq#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\element-hq#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\element-hq#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq#25703.
* Avoid trying to set room account data for pinned events as guest ([\element-hq#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\element-hq#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\element-hq#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\element-hq#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq#25718.
* Handle newlines in user pills ([\element-hq#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq#10994.
* Limit width of user menu in space panel ([\element-hq#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq#22627.
* Add isLocation to ComposerEvent analytics events ([\element-hq#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\element-hq#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\element-hq#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq#25683.
* Apply i18n to strings in the html export ([\element-hq#11176](matrix-org/matrix-react-sdk#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\element-hq#11160](matrix-org/matrix-react-sdk#11160)).
* Make event info size consistent with state events ([\element-hq#11181](matrix-org/matrix-react-sdk#11181)).
* Fix markdown content spacing ([\element-hq#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq#25685.
* Fix font-family definition for emojis ([\element-hq#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq#25686.
* Fix spurious error sending receipt in thread errors ([\element-hq#11157](matrix-org/matrix-react-sdk#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\element-hq#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq#25674.
* Only trap escape key for cancel reply if there is a reply ([\element-hq#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq#25640.
* Update linkify to 4.1.1 ([\element-hq#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq#23806.
su-ex added a commit to SchildiChat/matrix-react-sdk that referenced this issue Feb 24, 2024
@su-ex
Merge tag 'v3.76.0' into sc
70e1aa3 
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* GYU: Update banner ([\matrix-org#11211](matrix-org#11211)). Fixes element-hq/element-web#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\matrix-org#11213](matrix-org#11213)). Fixes element-hq/element-web#6942.
* OIDC: Log in ([\matrix-org#11199](matrix-org#11199)). Fixes element-hq/element-web#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\matrix-org#11215](matrix-org#11215)). Fixes element-hq/element-web#4457 and element-hq/element-web#8720.
* Autoapprove Element Call oidc requests ([\matrix-org#11209](matrix-org#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\matrix-org#11182](matrix-org#11182)). Contributed by @charlynguyen.
* feat(faq): remove keyboard shortcuts button ([\matrix-org#9342](matrix-org#9342)). Fixes element-hq/element-web#22625. Contributed by @gefgu.
* Expose and pre-populate thread ID in devtools dialog ([\matrix-org#10953](matrix-org#10953)).
* Hide URL preview if it will be empty ([\matrix-org#9029](matrix-org#9029)).
* Change wording from avatar to profile picture ([\matrix-org#7015](matrix-org#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\matrix-org#11197](matrix-org#11197)).
* Consider more user inputs when calculating zxcvbn score ([\matrix-org#11180](matrix-org#11180)).
* GYU: Account Notification Settings ([\matrix-org#11008](matrix-org#11008)). Fixes element-hq/element-web#24567. Contributed by @justjanne.
* Compound Typography pass ([\matrix-org#11103](matrix-org#11103)). Fixes element-hq/element-web#25548.
* OIDC: navigate to authorization endpoint ([\matrix-org#11096](matrix-org#11096)). Fixes element-hq/element-web#25574. Contributed by @kerryarchibald.
* Fix missing metaspace notification badges ([\matrix-org#11269](matrix-org#11269)). Fixes element-hq/element-web#25679.
* Make checkboxes less rounded ([\matrix-org#11224](matrix-org#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\matrix-org#11218](matrix-org#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\matrix-org#11207](matrix-org#11207)). Fixes element-hq/element-web#25703.
* Avoid trying to set room account data for pinned events as guest ([\matrix-org#11216](matrix-org#11216)). Fixes element-hq/element-web#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\matrix-org#11210](matrix-org#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\matrix-org#11131](matrix-org#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\matrix-org#11196](matrix-org#11196)). Fixes element-hq/element-web#25718.
* Handle newlines in user pills ([\matrix-org#11166](matrix-org#11166)). Fixes element-hq/element-web#10994.
* Limit width of user menu in space panel ([\matrix-org#11192](matrix-org#11192)). Fixes element-hq/element-web#22627.
* Add isLocation to ComposerEvent analytics events ([\matrix-org#11187](matrix-org#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\matrix-org#11185](matrix-org#11185)). Fixes element-hq/element-web#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\matrix-org#11178](matrix-org#11178)). Fixes element-hq/element-web#25683.
* Apply i18n to strings in the html export ([\matrix-org#11176](matrix-org#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\matrix-org#11160](matrix-org#11160)).
* Make event info size consistent with state events ([\matrix-org#11181](matrix-org#11181)).
* Fix markdown content spacing ([\matrix-org#11177](matrix-org#11177)). Fixes element-hq/element-web#25685.
* Fix font-family definition for emojis ([\matrix-org#11170](matrix-org#11170)). Fixes element-hq/element-web#25686.
* Fix spurious error sending receipt in thread errors ([\matrix-org#11157](matrix-org#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\matrix-org#11155](matrix-org#11155)). Fixes element-hq/element-web#25674.
* Only trap escape key for cancel reply if there is a reply ([\matrix-org#11140](matrix-org#11140)). Fixes element-hq/element-web#25640.
* Update linkify to 4.1.1 ([\matrix-org#11132](matrix-org#11132)). Fixes element-hq/element-web#23806.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kerryarchibald kerryarchibald

Labels
A-Authentication A-OIDC T-Enhancement Z-Labs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

OIDC: navigate to authorization endpoint matrix-org/matrix-react-sdk
1 participant
@kerryarchibald