-
-
Notifications
You must be signed in to change notification settings - Fork 578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC: accept homeserver URL or domain in .well-known
discovery functions
#3426
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks reasonable to me!
The spec only defines the well-known lookup from a server name (really from a Matrix ID) - not from a Homeserver URL. They don't always match, especially when delegation isn't configured. This doesn't seem spec compliant? https://spec.matrix.org/v1.7/client-server-api/#well-known-uri |
s/isn't/is/? As an example, the "homeserver URL" for matrix.org is https://matrix-client.matrix.org, but https://matrix-client.matrix.org/.well-known/matrix/client doesn't exist. |
What I meant is if m.org didn't set up the client well-known file, users would need to enter |
Sure, but when the server name is unavailable we can make an assumption and try our best to discover the configuration. I couldn't find a way to discover the server name from the homeserver url (apart from registering as a guest?) Being unable to discover OIDC config without .well-known is noted on the MSC with the alternative of a new dedicated endpoint suggested.
This is true with the existing implementation. |
This sounds like a major issue, what happens if well-known (and thus OIDC) isn't discovered? User is unable to authenticate? Sounds like an issue with the MSC.
That's because a homeserver URL can actually correspond to multiple server_names (and thus well-knowns). At time of |
Part of element-hq/element-web#25472
Used matrix-org/matrix-react-sdk#11018
Previously, we only lookup
.well-known
during login/registration for homeserver urls without a domain (egmatrix.org
) in an effort to validate them as server names.As part of OIDC support discovery, we need to lookup the client
.well-known
for all homeservers to discoverm.authentication
config on the wk.Extend
findClientWellKnown
functions to accept both domain and url homeservers.Checklist
Here's what your changelog entry will look like:
✨ Features
.well-known
discovery functions (#3426). Contributed by @kerryarchibald.