-
Notifications
You must be signed in to change notification settings - Fork 401
MSC2965: OAuth 2.0 Authorization Server Metadata discovery #2965
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC2965: OAuth 2.0 Authorization Server Metadata discovery #2965
Conversation
Are any other examples planned? I’m using Ory for several apps that I’d like to also connect together with Matrix. It also strikes me as a conveniently lightweight example for Matrix, which also aligns well with Dendrite since it’s in Go. |
@erlend-sh Good suggestion, thank you - I've added element-hq/oidc-playground#3 to track this. |
Co-authored-by: Richard van der Hoff <[email protected]>
Co-authored-by: Richard van der Hoff <[email protected]>
- `issuer` (for compliance with [RFC8414]) | ||
- `authorization_endpoint` ([MSC2964]) | ||
- `token_endpoint` ([MSC2964]) | ||
- `revocation_endpoint` ([MSC4254]) | ||
- `registration_endpoint` ([MSC2966]) | ||
- `response_types_supported` including the value `code` ([MSC2964]) | ||
- `grant_types_supported` including the values `authorization_code` and `refresh_token` ([MSC2964]) | ||
- `response_modes_supported` including the values `query` and `fragment` ([MSC2964]) | ||
- `code_challenge_methods_supported` including the value `S256` ([MSC2964]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would help with readability if you included a short description (one sentence or so) to describe what each of these fields does, so that we don't need to flip between so many MSCs. Also, if you could include the titles of the MSCs (and RFC), that would be helpful too.
🔔 This is now entering its final comment period, as per the review above. 🔔 |
The final comment period, with a disposition to merge, as per the review above, is now complete. |
…org#4673) This is the method to get the server metadata in the latest draft of [MSC2965](matrix-org/matrix-spec-proposals#2965). We still keep the old behavior with `GET /auth_issuer` as fallback for now because it has wider server support. There are some pre-main commit cleanups to simplify the main commit. This can be reviewed commit by commit. The changes were tested with the oidc_cli example on beta.matrix.org. Closes matrix-org#4550. --------- Signed-off-by: Kévin Commaille <[email protected]>
spec PR: matrix-org/matrix-spec#2147 |
Merged! |
Rendered
Status:
Dependencies:
Clients and homeservers currently implement an older version of this proposal, and need to be updated:
/auth_metadata
endpoint defined in MSC2965. element-hq/synapse#18093/auth_metadata
API matrix-js-sdk#4626SCT:
tickyboxes
checklist