-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC2454: Support UI auth for SSO #2454
Conversation
@@ -0,0 +1,266 @@ | |||
# User-Interactive Auth for SSO-backed homeserver |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks cool and very comprehensive, but i’m a bit confused on what bits are actually proposed changes to the spec rather than implementation notes?
I think the bit which is confusing me is:
In theory, any clients that already implement the fallback process for unknown authentication types will work fine without modification.
If clients don’t need changes, why is a spec change needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll work to clarify the proposal section of this, but the short version is to add an m.login.sso
type to the list of possible ui-auth types: https://matrix.org/docs/spec/client_server/r0.6.0#authentication-types.
The quoted sentence is meant to mean "if the client implements the fallback process already for other workflows it will probably work fine here too". I moved that around from Rich's original proposal and likely made it more confusing, sorry about that!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed a couple pieces and tried to clarify the value and changes that this is proposing.
… reference the specification.
Co-Authored-By: Hubert Chathi <hubert@uhoreg.ca>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I wrote most of this, so obviously it lgtm :).
I'd echo @turt2live's comments that we should emphasise that the only new thing here is the first paragraph of the proposal (a new authentication type). The rest is just a demonstration of how it works.
@mscbot fcp merge |
Team member @anoadragon453 has proposed to merge this. The next step is review by the rest of the tagged people: Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for information about what commands tagged team members can give me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few grammar nits/suggestions. I'm not an expert on UIAuth or SSO, but this seems largely sane.
Co-Authored-By: Hubert Chathi <hubert@uhoreg.ca>
🔔 This is now entering its final comment period, as per the review above. 🔔 |
The final comment period, with a disposition to merge, as per the review above, is now complete. |
Spec PR was #2532 |
Merged 🎉 |
Rendered
Based on @richvdh's write up: https://docs.google.com/document/d/1sA9cTKRE93TczvxuHgZ6q1A54xYtDVjmwsRu_K7vbvM