Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Move the OpenID apis to /_matrix/openid #2843

Closed
turt2live opened this issue Feb 1, 2018 · 6 comments
Closed

Move the OpenID apis to /_matrix/openid #2843

turt2live opened this issue Feb 1, 2018 · 6 comments
Labels
A-Spec-Compliance places where synapse does not conform to the spec z-feature (Deprecated Label) z-p3 (Deprecated Label)

Comments

@turt2live
Copy link
Member

turt2live commented Feb 1, 2018
edited
Loading

When there's no federation listener, things can't use OpenID. The endpoints (specifically /_matrix/federation/v1/openid/userinfo) should always be available so that applications can make use of them. This would allow integration managers to work with synapse/riot without having federation enabled on a server.

This could be made a configuration option if people are concerned about having the endpoint exposed.

Current endpoints:

  • /_matrix/client/{version}/user/{user_id}/openid/request_token
  • /_matrix/federation/{version}/openid/userinfo
@turt2live turt2live mentioned this issue Feb 1, 2018
Closed
@ara4n
Copy link
Member

ara4n commented Feb 1, 2018
edited
Loading

good point. there are various APIs which aren't for HS<->HS but IS->HS (3pid binding callbacks) or AS->HS (openid) which have got stuck in _matrix/federation for no good reason, and should be moved into a different namespace. This is arguably a spec bug?

@turt2live
Copy link
Member Author

I'm not sure what the new namespace would be to be honest. OpenID spans the client and federation apis (token requests are through the client api and the app then uses the federation endpoint).

The best current fit I can think of would be to put OpenID in the identity namespace, however identity servers aren't exactly intended for this.

The API is currently not specced, as per matrix-org/matrix-spec-proposals#857

@ara4n ara4n added z-feature (Deprecated Label) z-p3 (Deprecated Label) A-Spec-Compliance places where synapse does not conform to the spec labels Feb 6, 2018
@ara4n
Copy link
Member

ara4n commented Feb 6, 2018

i vote we move this into its own namespace and we file a spec bug to do so.

@turt2live
Copy link
Member Author

Reported as matrix-org/matrix-spec-proposals#1115

Going to repurpose this issue for "move the apis".

@turt2live turt2live changed the title Optionally/always have the OpenID APIs available Move the OpenID apis to /_matrix/openid Feb 6, 2018
@letmp
Copy link

letmp commented Nov 29, 2018

In your readme is written "install Dimension on the same server as your homeserver, only exposing federation to localhost."

I have done that and always get:
error [matrix] Error calling /_matrix/federation/v1/openid/userinfo
error [matrix] tunneling socket could not be established, statusCode=403

Has this something to do with this ticket? Or is something wrong in my configs for matrix-synapse / matrix-dimension ?

@turt2live
Copy link
Member Author

I somehow missed this when I closed matrix-org/matrix-spec-proposals#1115.

TLDR is that moving the endpoints doesn't really make sense. Synapse can support the OpenID endpoints with a dedicated listener (#4420) without supporting the whole range of federation APIs. If we move namespaces, we'd probably have to figure out discovery again and that doesn't really make sense. Given the name of the spec is the "server to server API", and this is very much server to server, I've convinced myself we shouldn't move it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-Spec-Compliance places where synapse does not conform to the spec z-feature (Deprecated Label) z-p3 (Deprecated Label)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turt2live @ara4n @letmp