Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO in desktop app depends on Electron bug #8247

Closed
dbkr opened this issue Jan 24, 2019 · 12 comments · Fixed by element-hq/element-desktop#37
Closed

SSO in desktop app depends on Electron bug #8247

dbkr opened this issue Jan 24, 2019 · 12 comments · Fixed by element-hq/element-desktop#37
Assignees
@t3chguy
Labels
A-Electron A-SSO P1 T-Defect

Comments

@dbkr
Copy link
Member

dbkr commented Jan 24, 2019
edited

SSO relies on redirecting the user to the SSO URL. This is problematic in the desktop app as we normally intercept will-navigate to open links in the browser, although it happens that at the moment, electron/electron#8841 breaks will-navigate which means SSO opens in riot itself and therefore works...

Reporting to remember that it will break if that Electron bug gets fixed.
dbkr added a commit to matrix-org/matrix-react-sdk that referenced this issue Jan 24, 2019
@dbkr
Add target="_blank" to links that don't have it
4bcb9f1 
This is now more of a problem in the Electron app because of
electron/electron#8841 but is still
annoying in the webapp if you're taken away from your chat client.

Exception is the SSO link, as commented (issue filed at
element-hq/element-web#8247).

Fixes element-hq/element-web#8226
@dbkr dbkr mentioned this issue Jan 24, 2019
Merged
@ineiti
Copy link

ineiti commented Jun 24, 2019

Another +1 for fixing that bug is that it breaks our implementation of the CAS login, which relies on having access to the storageDB of the user's browser. The idea behind is that we want to offer a passwordless login, so the user data is kept in the browser of the user.

Unfortunately, the browser used in the electron app and the browser in the mobile app are different from the browser the user is using. So even the user has its data stored in the storageDB of his browser, the login-page of both the mobile and the desktop app cannot access this data.

So for our authentication scheme, SSO only works in the web-app, but neither in the mobile, nor in the desktop app.

@t3chguy
Copy link
Member

t3chguy commented Aug 9, 2019

Riot electron seems to open all links using openExternal now so maybe this is fixed

@ineiti
Copy link

ineiti commented Aug 12, 2019

Just tried Version 1.3.2 (1.3.2) both on MacOSX desktop and mobile phone, but this doesn't work. What is the version that should work?

@jryans jryans changed the title SSO in desktop app SSO in desktop app depends on Electron bug Sep 11, 2019
@jryans jryans added this to Raging Inferno 🔥🔥🔥 in Web App Team Feb 28, 2020
@t3chguy
Copy link
Member

t3chguy commented Feb 28, 2020

Electron 8.0.2 fixes this issue and thus breaks our SSO.

@jryans
Copy link
Collaborator

jryans commented Feb 28, 2020

Electron 8.0.2 has fixed the will-navigate issue, so we either need to find a fix or downgrade Electron before release.

@t3chguy t3chguy mentioned this issue Feb 28, 2020
Merged
@jryans
Copy link
Collaborator

jryans commented Feb 28, 2020

We plan to handle this by:

  • adding a riot:// system protocol handler
  • SSO auth would open a browser tab
  • after auth, the browser will callback to a riot:// URL

@ineiti
Copy link

ineiti commented Feb 28, 2020

Would that mean that our SSO, which depends on data stored in the user browser, would finally work?

@t3chguy
Copy link
Member

t3chguy commented Feb 28, 2020

Yup, thats part of the reason why it was picked, other part is so you never have to enter third party credentials into an app which shouldn't ever see them, even if it doesn't actually spy on them

@ineiti
Copy link

ineiti commented Feb 28, 2020

Cool! Looking forward to that - so we'll be able to use https://www.c4dt.org/article/cas-for-omniledger/ also on our mobile devices ;)

@turt2live turt2live added P1 and removed P2 labels Feb 28, 2020
@t3chguy t3chguy self-assigned this Feb 29, 2020
@t3chguy t3chguy moved this from Raging Inferno 🔥🔥🔥 to In Progress in Web App Team Feb 29, 2020
@t3chguy t3chguy mentioned this issue Mar 2, 2020
Merged
@t3chguy
Copy link
Member

t3chguy commented Mar 2, 2020

sso2

Thought I'd share some progress

@t3chguy t3chguy mentioned this issue Mar 2, 2020
Merged
@jryans
Copy link
Collaborator

jryans commented Mar 2, 2020

Removed release-blocker as we've added a workaround for the moment in #12585 for the upcoming release.

@t3chguy
Copy link
Member

t3chguy commented Mar 2, 2020

image
image

@t3chguy t3chguy moved this from In Progress to In Review in Web App Team Mar 2, 2020
Web App Team automation moved this from In Review to In Test Mar 3, 2020
su-ex added a commit to SchildiChat/element-web that referenced this issue May 10, 2022
@su-ex
Merge tag 'v1.10.12' into sc
815e736 
* Made the location map change the cursor to a pointer so it looks like it's clickable (https ([\element-hq#8451](matrix-org/matrix-react-sdk#8451)). Fixes element-hq#21991. Contributed by @Odyssey346.
* Implement improved spacing for the thread list and timeline ([\element-hq#8337](matrix-org/matrix-react-sdk#8337)). Fixes element-hq#21759. Contributed by @luixxiul.
* LLS: expose way to enable live sharing labs flag from location dialog ([\element-hq#8416](matrix-org/matrix-react-sdk#8416)).
* Fix source text boxes in View Source modal should have full width ([\element-hq#8425](matrix-org/matrix-react-sdk#8425)). Fixes element-hq#21938. Contributed by @EECvision.
* Read Receipts: never show +1, if it’s just 4, show all of them ([\element-hq#8428](matrix-org/matrix-react-sdk#8428)). Fixes element-hq#21935.
* Add opt-in analytics to onboarding tasks ([\element-hq#8409](matrix-org/matrix-react-sdk#8409)). Fixes element-hq#21705.
* Allow user to control if they are signed out of all devices when changing password ([\element-hq#8259](matrix-org/matrix-react-sdk#8259)). Fixes element-hq#2671.
* Implement new Read Receipt design ([\element-hq#8389](matrix-org/matrix-react-sdk#8389)). Fixes element-hq#20574.
* Stick connected video rooms to the top of the room list ([\element-hq#8353](matrix-org/matrix-react-sdk#8353)).
* LLS: fix jumpy maximised map ([\element-hq#8387](matrix-org/matrix-react-sdk#8387)).
* Persist audio and video mute state in video rooms ([\element-hq#8376](matrix-org/matrix-react-sdk#8376)).
* Forcefully disconnect from video rooms on logout and tab close ([\element-hq#8375](matrix-org/matrix-react-sdk#8375)).
* Add local echo of connected devices in video rooms ([\element-hq#8368](matrix-org/matrix-react-sdk#8368)).
* Improve text of account deactivation dialog ([\element-hq#8371](matrix-org/matrix-react-sdk#8371)). Fixes element-hq#17421.
* Live location sharing: own live beacon status on maximised view ([\element-hq#8374](matrix-org/matrix-react-sdk#8374)).
* Show a lobby screen in video rooms ([\element-hq#8287](matrix-org/matrix-react-sdk#8287)).
* Settings toggle to disable Composer Markdown ([\element-hq#8358](matrix-org/matrix-react-sdk#8358)). Fixes element-hq#20321.
* Cache localStorage objects for SettingsStore ([\element-hq#8366](matrix-org/matrix-react-sdk#8366)).
* Bring `View Source` back from behind developer mode ([\element-hq#8369](matrix-org/matrix-react-sdk#8369)). Fixes element-hq#21771.
* Fix Jitsi Meet getting wedged at startup in some cases ([\element-hq#21995](element-hq#21995)).
* Fix camera getting muted when disconnecting from a video room ([\element-hq#21958](element-hq#21958)).
* Fix race conditions around threads ([\element-hq#8448](matrix-org/matrix-react-sdk#8448)). Fixes element-hq#21627.
* Fix reading of cached room device setting values ([\element-hq#8495](matrix-org/matrix-react-sdk#8495)).
* Fix issue with dispatch happening mid-dispatch due to js-sdk emit ([\element-hq#8473](matrix-org/matrix-react-sdk#8473)). Fixes element-hq#22019.
* Match MSC behaviour for threads when disabled (thread-aware mode) ([\element-hq#8476](matrix-org/matrix-react-sdk#8476)). Fixes element-hq#22033.
* Specify position of DisambiguatedProfile inside a thread on bubble message layout ([\element-hq#8452](matrix-org/matrix-react-sdk#8452)). Fixes element-hq#21998. Contributed by @luixxiul.
* Location sharing: do not trackuserlocation in location picker ([\element-hq#8466](matrix-org/matrix-react-sdk#8466)). Fixes element-hq#22013.
* fix text and map indent in thread view ([\element-hq#8462](matrix-org/matrix-react-sdk#8462)). Fixes element-hq#21997.
* Live location sharing: don't group beacon info with room creation summary ([\element-hq#8468](matrix-org/matrix-react-sdk#8468)).
* Don't linkify code blocks ([\element-hq#7859](matrix-org/matrix-react-sdk#7859)). Fixes element-hq#9613.
* read receipts: improve tooltips to show names of users ([\element-hq#8438](matrix-org/matrix-react-sdk#8438)). Fixes element-hq#21940.
* Fix poll overflowing a reply tile on bubble message layout ([\element-hq#8459](matrix-org/matrix-react-sdk#8459)). Fixes element-hq#22005. Contributed by @luixxiul.
* Fix text link buttons on UserInfo panel ([\element-hq#8247](matrix-org/matrix-react-sdk#8247)). Fixes element-hq#21702. Contributed by @luixxiul.
* Clear local storage settings handler cache on logout ([\element-hq#8454](matrix-org/matrix-react-sdk#8454)). Fixes element-hq#21994.
* Fix jump to bottom button being always displayed in non-overflowing timelines ([\element-hq#8460](matrix-org/matrix-react-sdk#8460)). Fixes element-hq#22003.
* fix timeline search with empty text box should do nothing ([\element-hq#8262](matrix-org/matrix-react-sdk#8262)). Fixes element-hq#21714. Contributed by @EECvision.
* Fixes "space panel kebab menu is rendered out of view on sub spaces"  ([\element-hq#8350](matrix-org/matrix-react-sdk#8350)). Contributed by @yaya-usman.
* Add margin to the location map inside ThreadView ([\element-hq#8442](matrix-org/matrix-react-sdk#8442)). Fixes element-hq#21982. Contributed by @luixxiul.
* Patch: "Reloading the registration page should warn about data loss" ([\element-hq#8377](matrix-org/matrix-react-sdk#8377)). Contributed by @yaya-usman.
* Live location sharing: fix safari timestamps pt 2 ([\element-hq#8443](matrix-org/matrix-react-sdk#8443)).
* Fix issue with thread notification state ignoring initial events ([\element-hq#8417](matrix-org/matrix-react-sdk#8417)). Fixes element-hq#21927.
* Fix event text overflow on bubble message layout ([\element-hq#8391](matrix-org/matrix-react-sdk#8391)). Fixes element-hq#21882. Contributed by @luixxiul.
* Disable the message action bar when hovering over the 1px border between threads on the list ([\element-hq#8429](matrix-org/matrix-react-sdk#8429)). Fixes element-hq#21955. Contributed by @luixxiul.
* correctly align read receipts to state events in bubble layout ([\element-hq#8419](matrix-org/matrix-react-sdk#8419)). Fixes element-hq#21899.
* Fix issue with underfilled timelines when barren of content ([\element-hq#8432](matrix-org/matrix-react-sdk#8432)). Fixes element-hq#21930.
* Fix baseline misalignment of thread panel summary by deduplication ([\element-hq#8413](matrix-org/matrix-react-sdk#8413)).
* Fix editing of non-html replies ([\element-hq#8418](matrix-org/matrix-react-sdk#8418)). Fixes element-hq#21928.
* Read Receipts "Fall from the Sky" ([\element-hq#8414](matrix-org/matrix-react-sdk#8414)). Fixes element-hq#21888.
* Make read receipts handle nullable roomMembers correctly ([\element-hq#8410](matrix-org/matrix-react-sdk#8410)). Fixes element-hq#21896.
* Don't form continuations on either side of a thread root ([\element-hq#8408](matrix-org/matrix-react-sdk#8408)). Fixes element-hq#20908.
* Fix centering issue with sticker placeholder ([\element-hq#8404](matrix-org/matrix-react-sdk#8404)). Fixes element-hq#18014 and element-hq#6449.
* Disable download option on <video/> , preferring dedicated download button ([\element-hq#8403](matrix-org/matrix-react-sdk#8403)). Fixes element-hq#21902.
* Fix infinite loop when pinning/unpinning persistent widgets ([\element-hq#8396](matrix-org/matrix-react-sdk#8396)). Fixes element-hq#21864.
* Tweak ReadReceiptGroup to better handle disambiguation ([\element-hq#8402](matrix-org/matrix-react-sdk#8402)). Fixes element-hq#21897.
* stop the bottom edge of buttons getting clipped in devtools ([\element-hq#8400](matrix-org/matrix-react-sdk#8400)).
* Fix issue with threads timelines with few events cropping events ([\element-hq#8392](matrix-org/matrix-react-sdk#8392)). Fixes element-hq#20594.
* Changed font-weight to 400 to support light weight font ([\element-hq#8345](matrix-org/matrix-react-sdk#8345)). Fixes element-hq#21171. Contributed by @goelesha.
* Fix issue with thread panel not updating when it loads on first render ([\element-hq#8382](matrix-org/matrix-react-sdk#8382)). Fixes element-hq#21737.
* fix: "Mention highlight and cursor hover highlight has different corner radius" ([\element-hq#8384](matrix-org/matrix-react-sdk#8384)). Contributed by @yaya-usman.
* Fix regression around haveRendererForEvent for hidden events ([\element-hq#8379](matrix-org/matrix-react-sdk#8379)). Fixes element-hq#21862 and element-hq#21725.
* Fix regression around the room list treeview keyboard a11y ([\element-hq#8385](matrix-org/matrix-react-sdk#8385)). Fixes element-hq#21436.
* Remove float property to let the margin between events appear on bubble message layout ([\element-hq#8373](matrix-org/matrix-react-sdk#8373)). Fixes element-hq#21861. Contributed by @luixxiul.
* Fix race in Registration between server change and flows fetch ([\element-hq#8359](matrix-org/matrix-react-sdk#8359)). Fixes element-hq#21800.
* fix rainbow breaks compound emojis ([\element-hq#8245](matrix-org/matrix-react-sdk#8245)). Fixes element-hq#21371. Contributed by @EECvision.
* Fix RightPanelStore handling first room on app launch wrong ([\element-hq#8370](matrix-org/matrix-react-sdk#8370)). Fixes element-hq#21741.
* Fix UnknownBody error message unalignment ([\element-hq#8346](matrix-org/matrix-react-sdk#8346)). Fixes element-hq#21828. Contributed by @luixxiul.
* Use -webkit-line-clamp for the room header topic overflow ([\element-hq#8367](matrix-org/matrix-react-sdk#8367)). Fixes element-hq#21852. Contributed by @luixxiul.
* Fix issue with ServerInfo crashing the modal ([\element-hq#8364](matrix-org/matrix-react-sdk#8364)).
* Fixes around threads beta in degraded mode ([\element-hq#8319](matrix-org/matrix-react-sdk#8319)). Fixes element-hq#21762.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@t3chguy t3chguy

Labels
A-Electron A-SSO P1 T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

riot-desktop open SSO in browser so user doesn't have to auth twice element-hq/element-desktop
7 participants
@jryans @dbkr @turt2live @ineiti @lampholder @t3chguy @aaronraimist