Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow explicit configuration of OIDC dynamic registration metadata #27460

Merged
merged 5 commits into from
May 14, 2024
Merged

Allow explicit configuration of OIDC dynamic registration metadata #27460

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
84b6bf9
Merge branch 't3chguy/fix-oidc-native-electron' of https://github.com…
t3chguy May 10, 2024
58e5b39
Allow explicit configuration of OIDC dynamic registration metadata
t3chguy May 10, 2024
9cce1e0
Merge branch 't3chguy/fix-oidc-native-electron' into t3chguy/oidc-config
t3chguy May 10, 2024
706f4c6
Merge branch 'develop' of https://github.com/vector-im/element-web in…
t3chguy May 13, 2024
7a3bc83
Add comment
t3chguy May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions docs/config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,47 @@ When Element is deployed alongside a homeserver with SSO-only login, some option
```
It is most common to use the `immediate` flag instead of `on_welcome_page`.

## Native OIDC

Native OIDC support is currently in labs and is subject to change.

Static OIDC Client IDs are preferred and can be specified under `oidc_static_clients` as a mapping from `issuer` to configuration object containing `client_id`.
Issuer must have a trailing forward slash. As an example:

```json
{
"oidc_static_clients": {
"https://auth.example.com/": {
"client_id": "example-client-id"
}
}
}
```

If a matching static client is not found, the app will attempt to dynamically register a client using metadata specified under `oidc_metadata`.
The app has sane defaults for the metadata properties below but on stricter policy identity providers they may not pass muster, e.g. `contacts` may be required.
The following subproperties are available:

1. `client_uri`: This is the base URI for the OIDC client registration, typically `logo_uri`, `tos_uri`, and `policy_uri` must be either on the same domain or a subdomain of this URI.
2. `logo_uri`: Optional URI for the client logo.
3. `tos_uri`: Optional URI for the client's terms of service.
4. `policy_uri`: Optional URI for the client's privacy policy.
5. `contacts`: Optional list of contact emails for the client.
t3chguy marked this conversation as resolved.
Show resolved Hide resolved

As an example:

```json
{
"oidc_metadata": {
"client_uri": "https://example.com",
"logo_uri": "https://example.com/logo.png",
"tos_uri": "https://example.com/tos",
"policy_uri": "https://example.com/policy",
"contacts": ["support@example.com"]
}
}
```

## VoIP / Jitsi calls

Currently, Element uses Jitsi to offer conference calls in rooms, with an experimental Element Call implementation in the works.
Expand Down
7 changes: 5 additions & 2 deletions src/vector/platform/ElectronPlatform.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,13 +444,16 @@ export default class ElectronPlatform extends VectorBasePlatform {
return (SdkConfig.get() as unknown as Record<string, string>)["web_base_url"] ?? "https://app.element.io";
}

public get defaultOidcClientUri(): string {
// Default to element.io as our scheme `io.element.desktop` is within its scope on default MAS policies
return "https://element.io";
}

public async getOidcClientMetadata(): Promise<OidcRegistrationClientMetadata> {
const baseMetadata = await super.getOidcClientMetadata();
return {
...baseMetadata,
applicationType: "native",
// XXX: This should be overridable in config
clientUri: "https://element.io",
};
}

Expand Down
Loading