Matthias/conduit

Fork 0

Support SSO and OpenID Connect authentication #134

New issue

Open

opened 2021-08-30 10:27:46 +00:00 by olanod · 15 comments

olanod commented

2021-08-30 10:27:46 +00:00

(Migrated from gitlab.com)

Synapse has a page on how to configure their implementation with different providers that might come handy when deciding on a future implementation for conduit https://matrix-org.github.io/synapse/v1.39/openid.html

One of the many ways to sign in to a matrix home server that brings lots of usability improvements in my opinion is OIDC. One could use an existing trusted authentication provider such as social login or even a self-hosted solution that uses WebAuthN for the best usability, security and privacy. Synapse has a page on how to configure their implementation with different providers that might come handy when deciding on a future implementation for conduit https://matrix-org.github.io/synapse/v1.39/openid.html

👀 2 🚀 1

olanod commented

2021-08-30 10:27:59 +00:00

(Migrated from gitlab.com)

changed the description

azmeuk commented

2021-09-06 15:29:46 +00:00

(Migrated from gitlab.com)

mentioned in issue #154

jfowl commented

2022-02-20 09:36:39 +00:00

(Migrated from gitlab.com)

changed title from SSO and OpenID Connect to {+Support +}SSO and OpenID Connect{+ authentication+}

changed title from **SSO and OpenID Connect** to **{+Support +}SSO and OpenID Connect{+ authentication+}**

olanod commented

2022-04-04 10:10:01 +00:00

(Migrated from gitlab.com)

Came across https://github.com/matrix-org/matrix-authentication-service a WIP Rust auth server in the Matrix organization, seems like the core team might want to push for an OIDC flow as the standard way of authentication https://github.com/matrix-org/matrix-spec-proposals/pull/2964

ghost1 commented

2022-11-25 23:29:46 +00:00

(Migrated from gitlab.com)

Is this still being worked on?

linarphy commented

2023-02-26 01:17:33 +00:00

(Migrated from gitlab.com)

same question here, I'm really interested on this feature.

kerber.jg commented

2023-03-10 22:53:13 +00:00

(Migrated from gitlab.com)

As far as I understand, and as mentioned by @olanod, this is currently waiting on official Matrix spec for OIDC adoption, which is still (actively!) in development

https://github.com/sandhose/synapse/tree/quenting/oauth-delegation

As far as I understand, and as mentioned by @olanod, this is currently waiting on official Matrix spec for OIDC adoption, which is still (actively!) in development https://github.com/sandhose/synapse/tree/quenting/oauth-delegation

Thatoo commented

2023-08-16 06:42:09 +00:00

(Migrated from gitlab.com)

mentioned in issue #103

erlend-sh commented

2023-08-16 06:59:23 +00:00

(Migrated from gitlab.com)

Was started in !80 by @bbigras

matrix-rust-sdk also just merged OIDC authentication API: https://github.com/matrix-org/matrix-rust-sdk/pull/1019

It now supports login with OIDC: https://github.com/matrix-org/matrix-rust-sdk/issues/859

Was started in !80 by @bbigras matrix-rust-sdk also just merged OIDC authentication API: https://github.com/matrix-org/matrix-rust-sdk/pull/1019 It now supports login with OIDC: https://github.com/matrix-org/matrix-rust-sdk/issues/859

Thatoo commented

2023-08-16 09:01:13 +00:00

(Migrated from gitlab.com)

Indeed, it has just been merged into matrix-org/matrix-rust-sdk:main so next release of the matrix rust sdk will include an OIDC authentication API.

bbigras commented

2023-08-16 13:43:26 +00:00

(Migrated from gitlab.com)

mentioned in merge request !80

erlend-sh commented

2023-09-01 18:47:41 +00:00

(Migrated from gitlab.com)

In another big milestone, Matrix’ own lightweight OAuth provider just tagged its very first release: https://github.com/matrix-org/matrix-authentication-service/releases/tag/v0.1.0

From https://areweoidcyet.com/ :

What’s this matrix-authentication-service that I’ve heard about?

matrix-authentication-service is a new OpenID Provider that we have been working on that will be used for much of the migration support outlined above.

It is designed to be lightweight enough (using Rust) that it can be embedded within a homeserver process (such as a Synapse).

At this stage you could think of it as a bit like SQLite vs PostgreSQL support in Synapse: Synapse ships with SQLite built-in for quickstart, but you can easily scale out to PostgreSQL where you need to - similarly Synapse will ship with Matrix-Authentication-Service by default, but can scale out to KeyCloak or another provider for additional authentication capabilities.

In another big milestone, Matrix’ own lightweight OAuth provider just tagged its very first release: https://github.com/matrix-org/matrix-authentication-service/releases/tag/v0.1.0 From https://areweoidcyet.com/ : > ### What’s this matrix-authentication-service that I’ve heard about? > > matrix-authentication-service is a new OpenID Provider that we have been working on that will be used for much of the migration support outlined above. > > It is designed to be lightweight enough (using Rust) that it can be embedded within a homeserver process (such as a Synapse). > > At this stage you could think of it as a bit like SQLite vs PostgreSQL support in Synapse: Synapse ships with SQLite built-in for quickstart, but you can easily scale out to PostgreSQL where you need to - similarly Synapse will ship with Matrix-Authentication-Service by default, but can scale out to KeyCloak or another provider for additional authentication capabilities.

solarkraft commented

2023-11-09 12:58:20 +00:00

(Migrated from gitlab.com)

Could this service reasonably easily be integrated into Conduit? It is a Rust code base, after all.

I'd also like to mention MR !80, which seems unfinished but may be a good start.

Could this service reasonably easily be integrated into Conduit? It is a Rust code base, after all. I'd also like to mention MR !80, which seems unfinished but may be a good start.

erlend-sh commented

2023-11-17 12:23:16 +00:00

(Migrated from gitlab.com)

In more auth news:

The Matrix team shared their extended vision for OIDC auth:
https://matrix.org/blog/2023/09/better-auth/

An exciting new identity provider has also emerged in Rust-land:
https://github.com/sebadob/rauthy

This is incredibly useful for sites that wanna manage many types of user accounts under one umbrella, e.g. a combo of Matrix & Mastodon accounts. MAS is designed to interoperate with this type of ‘upstream identity provider’.

Rauthy is committed to being explicitly Matrix-compatible.

In more auth news: The Matrix team shared their extended vision for OIDC auth: https://matrix.org/blog/2023/09/better-auth/ An exciting new identity provider has also emerged in Rust-land: https://github.com/sebadob/rauthy This is incredibly useful for sites that wanna manage many types of user accounts under one umbrella, e.g. a combo of Matrix & Mastodon accounts. MAS is designed to interoperate with this type of ‘upstream identity provider’. Rauthy is committed to being [explicitly Matrix-compatible](https://github.com/sebadob/rauthy/issues/126).

alexanderadam commented

2023-11-17 13:13:52 +00:00

(Migrated from gitlab.com)

The point of OIDC is that it should work independent from the used provider.

And the Rauthy Readme states

This project is currently pre v1.0, which means, even though it is not expected, breaking changes might come with new versions.

Therefore if someone looks for an identity provider written in Rust I'd rather recommend Kanidm, which is around longer and stable.

Anyway, this discussion is clearly offtopic in my opinion.

The point of OIDC is that it should work independent from the used provider. And the Rauthy Readme states > This project is currently pre v1.0, which means, even though it is not expected, breaking changes might come with new versions. Therefore if someone looks for an identity provider written in Rust I'd rather recommend [Kanidm](https://kanidm.github.io/kanidm/stable/intro.html), which is around longer and stable. Anyway, this discussion is clearly offtopic in my opinion.