Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid OIDC redirect URI on desktop #1889

Closed
tonkku107 opened this issue Aug 9, 2024 · 0 comments · Fixed by element-hq/element-web#28096
Closed

Invalid OIDC redirect URI on desktop #1889

tonkku107 opened this issue Aug 9, 2024 · 0 comments · Fixed by element-hq/element-web#28096
Assignees
@t3chguy
Labels
A-SSO O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Critical Prevents work, causes data loss and/or has no workaround S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@tonkku107
Copy link

tonkku107 commented Aug 9, 2024
edited
Loading

Steps to reproduce

  1. Enable feature_oidc_native_flow in config.json
  2. Log out and restart the app
  3. Open the devtools to the network tab
  4. Click log in
  5. Edit the homeserver and choose one running MAS (which ignores missing contacts and host mismatch...)
  6. Observe the dynamic client registration request

Outcome

What did you expect?

Client to be registered successfully

What happened instead?

Client registration fails due to invalid redirect URI and the client falls back to compatibility SSO

Additional details

The redirect URI is io.element.desktop://vector/webapp/, which includes vector as the authority part due to the double slash.
According to Section 7.1 of RFC8252:

Following the requirements of Section 3.2 of [RFC3986], as there is no naming authority for private-use URI scheme redirects, only a single slash ("/") appears after the scheme component. A complete example of a redirect URI utilizing a private-use URI scheme is:

com.example.app:/oauth2redirect/example-provider

The correct redirect URI would be io.element.desktop:/vector/webapp/

Operating system

Arch Linux

Application version

Element version: 1.11.73 Crypto version: Rust SDK 0.7.1 (431263d), Vodozemac 0.6.0

How did you install the app?

https://archlinux.org/packages/extra/x86_64/element-desktop/

Homeserver

Synapse 1.112.0, matrix-authentication-service v0.10.0-rc.0

Will you send logs?

No
@dosubot dosubot bot added A-SSO O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Critical Prevents work, causes data loss and/or has no workaround labels Aug 9, 2024
@t3chguy t3chguy self-assigned this Aug 16, 2024
@t3chguy t3chguy transferred this issue from element-hq/element-web Sep 24, 2024
@dosubot dosubot bot added the S-Major Severely degrades major functionality or product features, with no satisfactory workaround label Sep 24, 2024
t3chguy added a commit to element-hq/element-web that referenced this issue Sep 24, 2024
@t3chguy
Update native OIDC callback url to be RFC8252 compliant
994fcd6 
By switching the double slash for a single one

Fixes element-hq/element-desktop#1889

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
@t3chguy t3chguy mentioned this issue Sep 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@t3chguy t3chguy

Labels
A-SSO O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Critical Prevents work, causes data loss and/or has no workaround S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update native OIDC callback url to be RFC8252 compliant element-hq/element-web
2 participants
@t3chguy @tonkku107