Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(oidc): Use the GET /auth_metadata Matrix endpoint #4673

Merged
merged 8 commits into from
Feb 18, 2025
Merged

refactor(oidc): Use the GET /auth_metadata Matrix endpoint #4673

merged 8 commits into from
Feb 18, 2025
+263 −206

Conversation

zecakeh
Copy link
Collaborator

@zecakeh zecakeh commented Feb 15, 2025

This is the method to get the server metadata in the latest draft of MSC2965.

We still keep the old behavior with GET /auth_issuer as fallback for now because it has wider server support.

There are some pre-main commit cleanups to simplify the main commit. This can be reviewed commit by commit.

The changes were tested with the oidc_cli example on beta.matrix.org.

Closes #4550.

@zecakeh zecakeh requested a review from a team as a code owner February 15, 2025 15:54
@zecakeh zecakeh requested review from Hywan and removed request for a team February 15, 2025 15:54
@codecov Codecov
Copy link

codecov bot commented Feb 15, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 67.56757% with 12 lines in your changes missing coverage. Please review.

Project coverage is 85.84%. Comparing base (2671769) to head (e122a72).
Report is 20 commits behind head on main.

Files with missing lines Patch % Lines
...trix-sdk/src/authentication/oidc/backend/server.rs 69.56% 7 Missing ⚠️
crates/matrix-sdk/src/authentication/oidc/mod.rs 66.66% 4 Missing ⚠️
...ates/matrix-sdk/src/authentication/qrcode/login.rs 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4673      +/-   ##
==========================================
+ Coverage   85.83%   85.84%   +0.01%     
==========================================
  Files         292      292              
  Lines       33758    33765       +7     
==========================================
+ Hits        28976    28986      +10     
+ Misses       4782     4779       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zecakeh
chore: Upgrade Ruma
d5ce753 
Necessary to get the new `/auth_metadata` endpoint.

Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
refactor(oidc): Do not allow to provide custom issuer
9a77c2e 
The authorization server metadata is now supposed to be fetched directly
from the homeserver, so it's not possible to use a custom issuer.

Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
refactor(oidc): Fix error variant name
cdc5354 
This name reflects its purpose better. We also remove one use of it where it cannot happen.

Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
refactor(oidc): Use the auth_metadata Matrix endpoint
8417c97 
This is the method to get the server metadata in the latest draft of
MSC2965.

We still keep the old behavior as fallback for now because it has wider
server support.

Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
test(oidc): Add test for provider metadata
7d5c84d 
Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
chore(oidc): Add changelog for auth_metadata endpoint
b116e5b 
Signed-off-by: Kévin Commaille <[email protected]>
@poljar poljar requested review from poljar and removed request for Hywan February 18, 2025 10:32
poljar
poljar approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@poljar poljar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for keeping the old way around. Hopefully we'll be able to remove it relatively quickly.

Could you just get rid of the merge conflict?

@zecakeh
Copy link
Collaborator Author

zecakeh commented Feb 18, 2025

Done, I also added a tiny commit because I realized that I forgot to remove an unused error variant.

@poljar poljar enabled auto-merge (rebase) February 18, 2025 16:06
auto-merge was automatically disabled February 18, 2025 16:23

Rebase failed

@zecakeh
Copy link
Collaborator Author

zecakeh commented Feb 18, 2025

I wonder why rebase keeps failing after I merge the main branch. Maybe I should just rebase instead ?

@bnjbvr
Copy link
Member

bnjbvr commented Feb 18, 2025

When a PR is marked as rebase-and-merge when CI passes, it's usually conflicting with merge commits, because a merge commits makes rebase somewhat harder, if not impossible. In this case, switching to squash-and-merge would resolve it; would you like me to press the button, or would you like to rewrite the history so it doesn't include a merge commit?

@zecakeh
Copy link
Collaborator Author

zecakeh commented Feb 18, 2025

Sure, you can squash and merge, thanks!

@bnjbvr bnjbvr merged commit 2eb2ae7 into matrix-org:main Feb 18, 2025
43 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poljar poljar poljar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update support of MSC2965 OAuth 2.0 Authorization Server Metadata discovery
3 participants
@zecakeh @bnjbvr @poljar