Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC2416: Add m.login.jwt authentication type #2416

Open
wants to merge 5 commits into
base: old_master
Choose a base branch
from
Open

MSC2416: Add m.login.jwt authentication type #2416

wants to merge 5 commits into from

Conversation

Sorunome
Copy link
Contributor

Rendered

Soru is interested in providing a synapse implementation for this.

Signed-off-by: Sorunome mail@sorunome.de

@turt2live turt2live added proposal A matrix spec change proposal proposal-in-review labels Jan 18, 2020
@Sorunome Sorunome mentioned this pull request Jan 20, 2020
Closed
@turt2live turt2live self-requested a review March 27, 2020 02:49
@turt2live turt2live added the kind:feature MSC for not-core and not-maintenance stuff label Apr 20, 2020
deepbluev7
deepbluev7 reviewed May 9, 2020
View reviewed changes
proposals/2416-login-token.md Outdated
A `m.login.password` auth provider could be used to log in as someone as a special user. This,
however, feels rather hacky and not the intended purpose of `m.login.password`.

Synapses `m.login.jwt` could be introduced properly in the spec, however, as it seems to be
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I would prefer that, since it lets the server know which token validator to use. Otherwise the HS needs to guess, which type of token it has to validate (from what I can tell). It would also make it easier for clients to know, what login token types are supported.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise the HS needs to guess, which type of token it has to validate (from what I can tell).

it could guess, and on failure try other token validators.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, but while m.login.jwt and m.login.token do follow the same schema, putting them in the same type fails to communicate semantic information. Maybe that isn't an issue in practice, but it would seem like an issue to me as a client dev. How would I know, what token to send to a server? Just try it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, you could just try it out. That being said, the JWT proposed here would be mainly for appservices to use, probably

@Sorunome Sorunome mentioned this pull request Jun 11, 2020
Merged
4 tasks
turt2live
turt2live requested changes Aug 26, 2020
View reviewed changes
Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The m.login.token type was removed from the spec in MSC2611 - this MSC will need to address that.

@richvdh
Copy link
Member

richvdh commented Aug 27, 2020

The m.login.token type was removed from the spec in MSC2611 - this MSC will need to address that.

I think this MSC is talking about login types (ie, the type argument to POST /_matrix/client/r0/login), whereas MSC2611 was about user-interactive authentication types. The two are related but different.

@clokep
Copy link
Member

clokep commented Aug 27, 2020

It is also worth noting that m.login.jwt is now deprecated in Synapse and replaced with org.matrix.login.jwt, which is also documented.

@Sorunome
Copy link
Contributor Author

Sorunome commented Feb 7, 2021

Updated to introduce m.login.jwt now

@Sorunome Sorunome changed the title MSC2416: Enhance m.login.token authentication type MSC2416: Add m.login.jwt authentication type Feb 7, 2021
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
@clokep
Copy link
Member

clokep commented May 24, 2022
edited
Loading

It is also worth noting that m.login.jwt is now deprecated in Synapse and replaced with org.matrix.login.jwt, which is also documented.

Synapse has also dropped support for m.login.jwt finally in v1.59.0 (released on 2022-05-17).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deepbluev7 deepbluev7 deepbluev7 left review comments

@turt2live turt2live turt2live requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Sorunome @richvdh @clokep @turt2live @deepbluev7