-
Notifications
You must be signed in to change notification settings - Fork 418
MSC3824: OAuth 2.0 API aware clients #3824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 2 commits
Commits
Show all changes
37 commits
Select commit
Hold shift + click to select a range
138f00b
Add an optional query parameter to SSO redirect
hughns 5cba2ff
MSC3824
hughns ca78691
Update proposals/3824-sso-redirect-action.md
hughns 3a67748
Add supported actions per auth type
hughns 1b10fa9
Add GET /_matrix/client/v3/register alternative
hughns 0cd72c6
Rework proposal to be about OIDC aware clients
hughns 8adb0ff
Rename proposal file
hughns e98fc13
Use _ formatted flag name
hughns ccf6b1b
Fixes to Homeserver and Client requirements list
hughns 13e7f44
RECOMMENDED: label SSO button as "Continue"
hughns 262b395
Use unstable prefix for action query param
hughns c2ab31f
Reference to MSC3861
hughns 5bee189
Update proposals/3824-oidc-aware-clients.md
hughns 0eea9ae
Style
hughns eec93e1
Reorganise requiremetns
hughns 54b3e85
Add 3pid and session management requirements
hughns a7ecdfd
Update account management/web UI link parameters for consistency with…
hughns 4188601
Update to reference OAuth 2.0 API in spec and MSC4191
hughns 7da4d88
Add note about session_end vs org.matrix.session_end
hughns d14579c
Update proposals/3824-oidc-aware-clients.md
hughns 595b003
Add note on where action=login|register value might come from
hughns 295f73f
Clarify what was meant by "compatibility layer"
hughns 26710d1
Add requirement about deactivating account
hughns d5408a2
Use org.matrix.device_delete from MSC4191 not org.matrix.session_end
hughns b06fefd
Update proposals/3824-oidc-aware-clients.md
hughns 38cdbd8
Cleanup
hughns efc0af9
Feedback from review
hughns 4a27609
Linewrap
hughns 2910041
DItto
hughns c2465f1
Links
hughns 33cb64a
Link to m.login.sso
hughns ce34bcc
Attempt to clarify purpose/intent of MSC
hughns aa4c930
Fix links
hughns 44ccc6c
Spelling
hughns 761252b
Clarify that server discovery is needed + that the whole thing is opt…
hughns 42ebdbb
Clarify that m.login.password is only required where homeserver previ…
hughns 85a70c4
Apply suggestions from code review
hughns File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # MSC3824: Login/register indication on SSO redirect | ||
|
|
||
| At present a homeserver cannot tell if a request for `GET /_matrix/client/v3/login/sso/redirect` is intended to be used to sign in an existing user or register a new user. | ||
|
|
||
| In the context of [MSC2964](https://github.com/matrix-org/matrix-doc/pull/2965) the homeserver needs to know the intent so that the correct UI can be shown to the user. | ||
|
|
||
| ## Proposal | ||
|
|
||
| Add an optional query parameter `action` to `GET /_matrix/client/v3/login/sso/redirect` with meaning: | ||
|
|
||
| - `login` - the SSO redirect is for the purposes of signing an existing user in | ||
| - `register` - the SSO redirect is for the purpose of registering a new user account | ||
|
|
||
| ## Potential issues | ||
|
|
||
| None. | ||
|
|
||
| ## Alternatives | ||
|
|
||
| A `prompt` parameter with values [`create`](https://openid.net/specs/openid-connect-prompt-create-1_0.html#rfc.section.4) and [`login`](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) exists in OIDC for use on the authorized endpoint. However, our use case is different and it might cause confusion to overload these terms. | ||
|
|
||
| ## Security considerations | ||
|
|
||
| None relevant. | ||
|
|
||
| ## Unstable prefix | ||
|
|
||
| Not applicable. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.