MSC2965: OAuth 2.0 Authorization Server Metadata discovery #2965

sandhose · 2021-01-14T17:11:39Z

Rendered

Status:

Spec is feature complete
Reviewed for consistency with MSC3861
Implementations believed to be complete enough

Dependencies:

MSC3861: Next-generation auth for Matrix, based on OAuth 2.0/OIDC #3861

Clients and homeservers currently implement an older version of this proposal, and need to be updated:

Synapse/Matrix Authentication Service: Support the new /auth_metadata endpoint defined in MSC2965. element-hq/synapse#18093
matrix-rust-sdk: Update support of MSC2965 OAuth 2.0 Authorization Server Metadata discovery matrix-rust-sdk#4550
Element X Android
Element X iOS
matrix-js-sdk: Switch OIDC primarily to new /auth_metadata API matrix-js-sdk#4626
Element Web

SCT:

tickyboxes
checklist

erlend-sh · 2022-08-09T16:45:25Z

Keycloak in OIDC Playground

Are any other examples planned?

I’m using Ory for several apps that I’d like to also connect together with Matrix. It also strikes me as a conveniently lightweight example for Matrix, which also aligns well with Dendrite since it’s in Go.

hughns · 2022-08-14T20:55:08Z

@erlend-sh Good suggestion, thank you - I've added element-hq/oidc-playground#3 to track this.

proposals/2965-oidc-discovery.md

proposals/2965-auth-metadata.md

Co-authored-by: Richard van der Hoff <[email protected]>

uhoreg · 2025-03-18T20:41:11Z

proposals/2965-auth-metadata.md

+- `issuer` (for compliance with [RFC8414])
+- `authorization_endpoint` ([MSC2964])
+- `token_endpoint` ([MSC2964])
+- `revocation_endpoint` ([MSC4254])
+- `registration_endpoint` ([MSC2966])
+- `response_types_supported` including the value `code` ([MSC2964])
+- `grant_types_supported` including the values `authorization_code` and `refresh_token` ([MSC2964])
+- `response_modes_supported` including the values `query` and `fragment` ([MSC2964])
+- `code_challenge_methods_supported` including the value `S256` ([MSC2964])


It would help with readability if you included a short description (one sentence or so) to describe what each of these fields does, so that we don't need to flip between so many MSCs. Also, if you could include the titles of the MSCs (and RFC), that would be helpful too.

mscbot · 2025-03-24T10:57:25Z

🔔 This is now entering its final comment period, as per the review above. 🔔

mscbot · 2025-03-29T10:57:35Z

The final comment period, with a disposition to merge, as per the review above, is now complete.

…org#4673) This is the method to get the server metadata in the latest draft of [MSC2965](matrix-org/matrix-spec-proposals#2965). We still keep the old behavior with `GET /auth_issuer` as fallback for now because it has wider server support. There are some pre-main commit cleanups to simplify the main commit. This can be reviewed commit by commit. The changes were tested with the oidc_cli example on beta.matrix.org. Closes matrix-org#4550. --------- Signed-off-by: Kévin Commaille <[email protected]>

zecakeh · 2025-05-24T14:25:08Z

spec PR: matrix-org/matrix-spec#2147

richvdh · 2025-06-17T16:47:54Z

spec PR: matrix-org/matrix-spec#2147

Merged!

OIDC discovery MSC

ef474ee

turt2live changed the title ~~MSC2965: [WIP] OIDC Provider discovery~~ [WIP] MSC2965: OIDC Provider discovery Jan 14, 2021

turt2live marked this pull request as draft January 14, 2021 17:27

turt2live added kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal labels Jan 14, 2021

sandhose mentioned this pull request Jan 15, 2021

MSC2964: Usage of OAuth 2.0 authorization code grant and refresh token grant #2964

Merged

9 tasks

turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021

turt2live force-pushed the old_master branch from e895827 to dca99ee Compare August 30, 2021 22:34

hughns added 2 commits May 2, 2022 15:09

Add account field

4d9345c

Add id_token_hint to account management URL

4a24cf6

This was referenced Jun 22, 2022

Implementation of MSC3824 to make the client OIDC-aware matrix-org/matrix-react-sdk#8681

Merged

Implementation of MSC3824 to make the client OIDC-aware element-hq/element-android#6367

Closed

hughns mentioned this pull request Aug 4, 2022

MSC3861: Next-generation auth for Matrix, based on OAuth 2.0/OIDC #3861

Merged

Add reference to MSC3861

f5b54bf

hughns mentioned this pull request Aug 14, 2022

Test Ory as OIDC Provider element-hq/oidc-playground#3

Open

Add missing heading

1cc4976

hughns changed the title ~~[WIP] MSC2965: OIDC Provider discovery~~ MSC2965: OIDC Provider discovery Sep 22, 2022

hughns marked this pull request as ready for review September 22, 2022 16:08

hughns mentioned this pull request Jan 9, 2023

Implementation of MSC3824 to make the client OIDC-aware element-hq/element-android#7920

Merged

20 tasks

Fix reference to MSC3861

6455b1f

turt2live added the matrix-2.0 Required for Matrix 2.0 label Mar 3, 2023

clokep reviewed May 16, 2023

View reviewed changes