Support SSO and OpenID Connect authentication #134
Labels
No labels
Android
CS::needs customer feedback
CS::needs follow up
CS::needs on prem installation
CS::waiting
Chrome
Design:: Ready
Design:: in progress
Design::UX
E2EE
Edge
Firefox
GDPR
Iteration 13 IM
Linux
MacOS
Need::Discussion
Need::Steps to reproduce
Need::Upstream fix
Needs:: Planning
Needs::Dev-Team
Needs::More information
Needs::Priority
Needs::Product
Needs::Refinement
Needs::Severity
Priority::1-Critical
Priority::2-Max
Priority::3-Impending
Priority::4-High
Priority::5-Medium
Priority::6-Low
Priority::7-None
Progress::Backlog
Progress::Review
Progress::Started
Progress::Testing
Progress::Triage
Progress::Waiting
Reporter::Sentry
Safari
Target::Community
Target::Customer
Target::Internal
Target::PoC
Target::Security
Team:Customer-Success
Team:Design
Team:Infrastructure
Team:Instant-Messaging
Team:Product
Team:Workflows
Type::Bug
Type::Design
Type::Documentation
Type::Feature
Type::Improvement
Type::Support
Type::Tests
Windows
blocked
blocked-by-spec
cla-signed
conduit
contribution::advanced
contribution::easy
contribution::help needed
from::review
iOS
p::ti-tenant
performance
product::triage
proposal
refactor
release-blocker
s: dart_openapi_codegen
s::Famedly-Patient
s::Org-Directory
s::Passport-Generator
s::Requeuest
s:CRM
s:Famedly-App
s:Famedly-Web
s:Fhiroxide
s:Fhiroxide-cli
s:Fhiroxide-client
s:Fhirs
s:Hedwig
s:LISA
s:Matrix-Dart-SDK
s:Role-Manager
s:Synapse
s:User-Directory
s:WFS-Matrix
s:Workflow Engine
s:dtls
s:famedly-error
s:fcm-shared-isolate
s:matrix-api-lite
s:multiple-tab-detector
s:native-imaging
severity::1
severity::2
severity::3
severity::4
technical-debt
voip
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Matthias/conduit#134
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
One of the many ways to sign in to a matrix home server that brings lots of usability improvements in my opinion is OIDC.
One could use an existing trusted authentication provider such as social login or even a self-hosted solution that uses WebAuthN for the best usability, security and privacy.
Synapse has a page on how to configure their implementation with different providers that might come handy when deciding on a future implementation for conduit https://matrix-org.github.io/synapse/v1.39/openid.html
changed the description
mentioned in issue #154
changed title from SSO and OpenID Connect to {+Support +}SSO and OpenID Connect{+ authentication+}
Came across https://github.com/matrix-org/matrix-authentication-service a WIP Rust auth server in the Matrix organization, seems like the core team might want to push for an OIDC flow as the standard way of authentication https://github.com/matrix-org/matrix-spec-proposals/pull/2964
Is this still being worked on?
same question here, I'm really interested on this feature.
As far as I understand, and as mentioned by @olanod, this is currently waiting on official Matrix spec for OIDC adoption, which is still (actively!) in development
https://github.com/sandhose/synapse/tree/quenting/oauth-delegation
mentioned in issue #103
Was started in !80 by @bbigras
matrix-rust-sdk also just merged OIDC authentication API: https://github.com/matrix-org/matrix-rust-sdk/pull/1019
It now supports login with OIDC: https://github.com/matrix-org/matrix-rust-sdk/issues/859
Indeed, it has just been merged into matrix-org/matrix-rust-sdk:main so next release of the matrix rust sdk will include an OIDC authentication API.
mentioned in merge request !80
In another big milestone, Matrix’ own lightweight OAuth provider just tagged its very first release: https://github.com/matrix-org/matrix-authentication-service/releases/tag/v0.1.0
From https://areweoidcyet.com/ :
Could this service reasonably easily be integrated into Conduit? It is a Rust code base, after all.
I'd also like to mention MR !80, which seems unfinished but may be a good start.
In more auth news:
The Matrix team shared their extended vision for OIDC auth:
https://matrix.org/blog/2023/09/better-auth/
An exciting new identity provider has also emerged in Rust-land:
https://github.com/sebadob/rauthy
This is incredibly useful for sites that wanna manage many types of user accounts under one umbrella, e.g. a combo of Matrix & Mastodon accounts. MAS is designed to interoperate with this type of ‘upstream identity provider’.
Rauthy is committed to being explicitly Matrix-compatible.
The point of OIDC is that it should work independent from the used provider.
And the Rauthy Readme states
Therefore if someone looks for an identity provider written in Rust I'd rather recommend Kanidm, which is around longer and stable.
Anyway, this discussion is clearly offtopic in my opinion.