Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login Screen Phase 2: support Single Sign On, OIDC #114

Closed
kevinaboos opened this issue Aug 19, 2024 · 2 comments · Fixed by #217
Closed

Login Screen Phase 2: support Single Sign On, OIDC #114

kevinaboos opened this issue Aug 19, 2024 · 2 comments · Fixed by #217
Assignees
@alanpoon
Milestone
Stage 2: full Mat...

Comments

@kevinaboos
Copy link
Member

kevinaboos commented Aug 19, 2024
edited
Loading

This depends on issue #113 and is a follow-up to that issue, which only describes setting up a basic login screen that supports username+password only.

Once a basic username+password login screen is working, we should add SSO login support such that users can login via third-party auth providers like a Google account, Facebook, GitHub, Twitter, Apple, etc.

Fortunately, the Matrix SDK provides many authentication APIs as part of the MatrixAuth type. You can access this type via the client.matrix_auth() function.

Here is the current login flow in the sliding_sync.rs file:

robrix/src/sliding_sync.rs

Lines 79 to 106 in 106033d

// Query the server for supported login types.
let login_kinds = client.matrix_auth().get_login_types().await?;
if !login_kinds.flows.iter().any(|flow| matches!(flow, LoginType::Password(_))) {
bail!("Server does not support username + password login flow.");
}
// Attempt to login using the CLI-provided username & password.
let login_result = client
.matrix_auth()
.login_username(&cli.username, &cli.password)
.initial_device_display_name("robrix-un-pw")
.send()
.await?;
log!("Login result: {login_result:?}");
if client.logged_in() {
log!("Logged in successfully? {:?}", client.logged_in());
enqueue_rooms_list_update(RoomsListUpdate::Status {
status: format!("Logged in as {}. Loading rooms...", &cli.username),
});
Ok((client, _token))
} else {
enqueue_rooms_list_update(RoomsListUpdate::Status {
status: format!("Failed to login as {}: {:?}", &cli.username, login_result),
});
bail!("Failed to login as {}: {login_result:?}", &cli.username)
}

Note that the first step is querying which login types are supported by the server, which you can then iterate over and inspect using the LoginType enum.
@github-project-automation github-project-automation bot moved this to Ready in Robrix Aug 19, 2024
@kevinaboos kevinaboos moved this from Ready to Blocked in Robrix Aug 19, 2024
@kevinaboos kevinaboos moved this from Blocked to Ready in Robrix Oct 12, 2024
@alanpoon
Copy link
Contributor

I am looking at this issue

@alanpoon
Copy link
Contributor

Apparently, we need to have own oidc_provider. If we don't have one, we have to use local http server for redirect url, using this method. https://docs.rs/matrix-sdk/latest/matrix_sdk/matrix_auth/struct.MatrixAuth.html#method.login_sso

@alanpoon alanpoon mentioned this issue Oct 30, 2024
Merged
@kevinaboos kevinaboos moved this from Ready to In progress in Robrix Oct 30, 2024
@alanpoon alanpoon self-assigned this Nov 7, 2024
kevinaboos added a commit that referenced this issue Nov 20, 2024
@kevinaboos
Merge pull request #217 from alanpoon/sso_#114
f636820 
Support login via SSO

Closes #114
@github-project-automation github-project-automation bot moved this from In review to Done in Robrix Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alanpoon alanpoon

Labels
None yet
Projects
Robrix
Status: Done
Milestone
Stage 2: full Matrix functionality
Development

Successfully merging a pull request may close this issue.

Added Sso Login fixes #114 alanpoon/robrix
2 participants
@kevinaboos @alanpoon