OIDC-awareness #850
Merged
OIDC-awareness #850
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ideally, GTAD/Mustache templates should deal with unstable and stable
("m.*") versions interchangeably (stable preferred, unstable as
a fallback) but that's a bit away if at all possible.
Appends "action=register" to the URL query; see also MSC3824.
Because the supported toolchains only have std::ranges::contains on Linux.
This commit also introduces Connection::getLoginFlow() that returns the entire LoginFlow object by its type (that still doesn't include any extra fields not in the spec but that's for another day).
|
Looks good. I started using it in https://invent.kde.org/network/neochat/-/merge_requests/2106, but it's not entirely working as supposed yet, due to what's apparently a bug in MAS |
TobiasFella
previously approved these changes
Jan 11, 2025
|
While at it - I wonder if it makes sense to change the callback URL path from |
|
Going forward without changing the callback URL; it can be changed separately any time. |
|
Aand this effectively splits |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements matrix-org/matrix-spec-proposals#3824, using the unstable prefix for
delegated_oidc_compatibility. Mainly driven by https://matrix.org/blog/2025/01/06/authentication-changes/. Strictly speaking, adding this new flag toLoginFlowbreaks ABI compatibility because it changes the structure size; so I guess it will have to land in 0.10. The good news is that the current libQuotient code already satisfies the "must" feature set described in MSC3824 so we don't need to race against January, 15.The key change is actually in the last commit: when the mentioned flag is detected,
Connection::supportsPasswordAuth()will return false even if the password flow is still there. You can still check for the password flow by using the newly introducedConnection::getLoginFlow().