Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: refresh tokens #11699

Merged
merged 64 commits into from Oct 12, 2023
Merged

OIDC: refresh tokens #11699

merged 64 commits into from Oct 12, 2023

Conversation

kerryarchibald
Copy link
Contributor

@kerryarchibald kerryarchibald commented Oct 2, 2023
edited by github-actions bot

Fixes element-hq/element-web#25839
With matrix-org/matrix-js-sdk#3764

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)

Here's what your changelog entry will look like:

✨ Features

@kerryarchibald
test persistCredentials without a pickle key
2607997
@kerryarchibald
Merge branch 'develop' into kerry/25708/test-persist-credentials
3506c06
@kerryarchibald
test setLoggedIn with pickle key
609f790
@kerryarchibald
lint
f3092c7
@kerryarchibald
type error
fad7f33
@kerryarchibald
extract token persisting code into function, persist refresh token
32d5fb0
@kerryarchibald
store has_refresh_token too
e6529f1
@kerryarchibald
pass refreshToken from oidcAuthGrant into credentials
66d57e5
@kerryarchibald
rest restore session with pickle key
b33e347
@kerryarchibald
Merge branch 'kerry/25708/test-persist-credentials' into kerry/25708/…
823ba2e 
…save-refresh-token
@kerryarchibald
retreive stored refresh token and add to credentials
e91bbf4
@kerryarchibald
Merge branch 'develop' into kerry/25708/test-persist-credentials
b7e0603
@kerryarchibald
Merge branch 'kerry/25708/test-persist-credentials' into kerry/25708/…
b8b0c86 
…save-refresh-token
@kerryarchibald
Merge branch 'develop' into kerry/25708/restore-refresh-token
3ed9cc1
@kerryarchibald
extract token decryption into function
221d306
@kerryarchibald
remove TODO
64dbc94
@kerryarchibald
Merge branch 'develop' into kerry/25708/test-persist-credentials
f059642
@kerryarchibald
Merge branch 'kerry/25708/test-persist-credentials' into kerry/25708/…
9272110 
…save-refresh-token
@kerryarchibald
Merge branch 'develop' into kerry/25708/restore-refresh-token
0f5fc31
@kerryarchibald
very messy poc
1708bef
@kerryarchibald
Merge branch 'develop' into kerry/token-refresh-poc
1b76c18
@kerryarchibald
Merge branch 'develop' into kerry/25708/save-refresh-token
d24fbd0
@kerryarchibald
Merge branch 'kerry/25708/save-refresh-token' of https://github.com/m…
880c258 
…atrix-org/matrix-react-sdk into kerry/25708/save-refresh-token
@kerryarchibald
Merge branch 'develop' into kerry/25708/save-refresh-token
65c0734
@kerryarchibald
comments
70ddb4a
@kerryarchibald
Merge branch 'kerry/25708/save-refresh-token' into kerry/25708/restor…
22329b9 
…e-refresh-token
@kerryarchibald
Merge branch 'develop' into kerry/25708/save-refresh-token
56441dc
@kerryarchibald
prettier
af481b2
@kerryarchibald
Merge branch 'kerry/25708/save-refresh-token' into kerry/25708/restor…
976ec8c 
…e-refresh-token
@kerryarchibald
Merge branch 'kerry/25708/restore-refresh-token' into kerry/token-ref…
ae80087 
…resh-poc
@kerryarchibald kerryarchibald marked this pull request as ready for review October 10, 2023 03:06
@kerryarchibald kerryarchibald requested a review from a team as a code owner October 10, 2023 03:06
richvdh
richvdh approved these changes Oct 10, 2023
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few nits and suggestions; generally looks good.

src/utils/oidc/TokenRefresher.ts Outdated Show resolved Hide resolved
src/utils/oidc/TokenRefresher.ts Outdated
Comment on lines 24 to 25
* OidcTokenRefresher that implements token persistence
* Stores tokens in the same was as login flows in Lifecycle
Copy link
Member

@richvdh richvdh Oct 10, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OidcTokenRefresher that implements token persistence Stores tokens in the same was as login flows in Lifecycle

... is not a sentence that makes any sense.

Suggested change
* OidcTokenRefresher that implements token persistence
* Stores tokens in the same was as login flows in Lifecycle
* OidcTokenRefresher that implements token persistence.
*
* Stores tokens in the same way as login flows in Lifecycle.

src/MatrixClientPeg.ts
@@ -123,7 +124,7 @@ export interface IMatrixClientPeg {
*
* @param {IMatrixClientCreds} creds The new credentials to use.
*/
replaceUsingCreds(creds: IMatrixClientCreds): void;
replaceUsingCreds(creds: IMatrixClientCreds, tokenRefreshFunction?: TokenRefreshFunction): void;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

document the new param please

test/Lifecycle-test.ts Outdated Show resolved Hide resolved
test/Lifecycle-test.ts Show resolved Hide resolved
kerryarchibald and others added 2 commits October 11, 2023 16:08
@kerryarchibald @richvdh
Update src/utils/oidc/TokenRefresher.ts
a32ca16 
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
@kerryarchibald @richvdh
use literal value for m.authentication
5370474 
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
@kerryarchibald kerryarchibald added this pull request to the merge queue Oct 11, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 11, 2023
@kerryarchibald kerryarchibald added this pull request to the merge queue Oct 11, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 11, 2023
@kerryarchibald kerryarchibald added this pull request to the merge queue Oct 12, 2023
Merged via the queue into develop with commit 3a025c4 Oct 12, 2023
22 checks passed
@kerryarchibald kerryarchibald deleted the kerry/token-refresh-poc branch October 12, 2023 01:26
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Nov 4, 2023
@Midar
Update chat/element-web to 1.11.47
727a4ec 
Changes in [1.11.47](https://github.com/vector-im/element-web/releases/tag/v1.11.47) (2023-10-24)
=================================================================================================

## 🦖 Deprecations
 * Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes #25733.

## ✨ Features
 * element-hq/element-x-ios/issues/1824 - Convert the apple-app-site-association file to a newer format… ([\#26307](element-hq/element-web#26307)). Contributed by @stefanceriu.
 * Iterate `io.element.late_event` decoration ([\#11760](matrix-org/matrix-react-sdk#11760)). Fixes #26384.
 * Render timeline separator for late event groups ([\#11739](matrix-org/matrix-react-sdk#11739)).
 * OIDC: revoke tokens on logout ([\#11718](matrix-org/matrix-react-sdk#11718)). Fixes #25394. Contributed by @kerryarchibald.
 * Show `io.element.late_event` in MessageTimestamp when known ([\#11733](matrix-org/matrix-react-sdk#11733)).
 * Show all labs flags if developerMode enabled ([\#11746](matrix-org/matrix-react-sdk#11746)). Fixes #24571 and #8498.
 * Use Compound tooltips on MessageTimestamp to improve UX of date time discovery ([\#11732](matrix-org/matrix-react-sdk#11732)). Fixes #25913.
 * Consolidate 4s passphrase input fields and use stable IDs ([\#11743](matrix-org/matrix-react-sdk#11743)). Fixes #26228.
 * Disable upgraderoom command without developer mode enabled ([\#11744](matrix-org/matrix-react-sdk#11744)). Fixes #17620.
 * Avoid rendering app download buttons if disabled in config ([\#11741](matrix-org/matrix-react-sdk#11741)). Fixes #26309.
 * OIDC: refresh tokens ([\#11699](matrix-org/matrix-react-sdk#11699)). Fixes #25839. Contributed by @kerryarchibald.
 * OIDC: register ([\#11727](matrix-org/matrix-react-sdk#11727)). Fixes #25393. Contributed by @kerryarchibald.
 * Use stable get_login_token and remove unstable MSC3882 support ([\#11001](matrix-org/matrix-react-sdk#11001)). Contributed by @hughns.

## 🐛 Bug Fixes
 * Set max size for Element logo in search warning ([\#11779](matrix-org/matrix-react-sdk#11779)). Fixes #26408.
 * Avoid error when DMing oneself ([\#11754](matrix-org/matrix-react-sdk#11754)). Fixes #7242.
 * Fix: Message shield alignment is not right. ([\#11703](matrix-org/matrix-react-sdk#11703)). Fixes #26142. Contributed by @manancodes.
 * fix logging full event ([\#11755](matrix-org/matrix-react-sdk#11755)). Fixes #26376.
 * OIDC: use delegated auth account URL from `OidcClientStore` ([\#11723](matrix-org/matrix-react-sdk#11723)). Fixes #26305. Contributed by @kerryarchibald.
 * Fix: Members list shield alignment is not right. ([\#11700](matrix-org/matrix-react-sdk#11700)). Fixes #26261. Contributed by @manancodes.
 * Fix: <detail> HTML elements clickable area too wide. ([\#11666](matrix-org/matrix-react-sdk#11666)). Fixes #25454. Contributed by @manancodes.
 * Fix untranslated headings in the devtools dialog ([\#11734](matrix-org/matrix-react-sdk#11734)).
 * Fixes invite dialog alignment and pill color contrast ([\#11722](matrix-org/matrix-react-sdk#11722)). Contributed by @gabrc52.
 * Prevent select element in General settings overflowing in a room with very long room-id ([\#11597](matrix-org/matrix-react-sdk#11597)). Contributed by @ABHIXIT2.
 * Fix: Clicking on members pile does nothing. ([\#11657](matrix-org/matrix-react-sdk#11657)). Fixes #26164. Contributed by @manancodes.
 * Fix: Wierd shadow below room avatar in dark mode. ([\#11678](matrix-org/matrix-react-sdk#11678)). Fixes #26153. Contributed by @manancodes.
 * Fix start_sso / start_cas URLs failing to redirect to a authentication prompt ([\#11681](matrix-org/matrix-react-sdk#11681)). Contributed by @Half-Shot.

Changes in [1.11.46](https://github.com/vector-im/element-web/releases/tag/v1.11.46) (2023-10-10)
=================================================================================================

## ✨ Features
 * Use .well-known to discover a default rendezvous server for use with Sign in with QR ([\#11655](matrix-org/matrix-react-sdk#11655)). Contributed by @hughns.
 * Message layout will update according to the selected style  ([\#10170](matrix-org/matrix-react-sdk#10170)). Fixes #21782. Contributed by @manancodes.
 * Implement MSC4039: Add an MSC for a new Widget API action to upload files into the media repository ([\#11311](matrix-org/matrix-react-sdk#11311)). Contributed by @dhenneke.
 * Render space pills with square corners to match new avatar ([\#11632](matrix-org/matrix-react-sdk#11632)). Fixes #26056.
 * Linkify room topic ([\#11631](matrix-org/matrix-react-sdk#11631)). Fixes #26185.
 * Show knock rooms in the list ([\#11573](matrix-org/matrix-react-sdk#11573)). Contributed by @maheichyk.

## 🐛 Bug Fixes
 * Bump matrix-web-i18n dependency to 3.1.3 ([\#26287](element-hq/element-web#26287))
 * Fix: Avatar shrinks with long names ([\#11698](matrix-org/matrix-react-sdk#11698)). Fixes #26252. Contributed by @manancodes.
 * Update custom translations to support nested fields in structured JSON ([\#11685](matrix-org/matrix-react-sdk#11685)).
 * Fix: Edited message remove button is hard to reach. ([\#11674](matrix-org/matrix-react-sdk#11674)). Fixes #24917. Contributed by @manancodes.
 * Fix: Theme selector radio button not aligned in center with the text ([\#11676](matrix-org/matrix-react-sdk#11676)). Fixes #25460. Contributed by @manancodes.
 * Fix: Unread notification dot aligned ([\#11658](matrix-org/matrix-react-sdk#11658)). Fixes #25285. Contributed by @manancodes.
 * Fix: sync intentional mentions push rules with legacy rules ([\#11667](matrix-org/matrix-react-sdk#11667)). Fixes #26227. Contributed by @kerryarchibald.
 * Revert "Fix regression around FacePile with overflow (#11527)" ([\#11634](matrix-org/matrix-react-sdk#11634)). Fixes #26209.
 * Fix: Alignment Fixed ([\#11648](matrix-org/matrix-react-sdk#11648)). Fixes #26169. Contributed by @manancodes.
 * Fix: onFinished added which closes the menu ([\#11647](matrix-org/matrix-react-sdk#11647)). Fixes #25556. Contributed by @manancodes.
 * Don't start key backups when opening settings ([\#11640](matrix-org/matrix-react-sdk#11640)).
 * Fix add to space avatar text centering ([\#11643](matrix-org/matrix-react-sdk#11643)). Fixes #26154.
 * fix avatar styling in lightbox ([\#11641](matrix-org/matrix-react-sdk#11641)). Fixes #26196.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh approved these changes

@dbkr dbkr Awaiting requested review from dbkr dbkr is a code owner automatically assigned from matrix-org/element-web-reviewers

Assignees
No one assigned
Labels
T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OIDC: Attempt to refresh expired tokens
2 participants
@kerryarchibald @richvdh