Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove stale OIDC aware docs and tests #28805

Merged
merged 1 commit into from
Dec 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 1 addition & 21 deletions docs/oidc.md
Original file line number Diff line number Diff line change
@@ -1,29 +1,9 @@
# OIDC and delegated authentication

## Compatibility/OIDC-aware mode

[MSC2965: OIDC provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965)
[MSC3824: OIDC aware clients](https://github.com/matrix-org/matrix-spec-proposals/pull/3824)
This mode uses an SSO flow to gain a `loginToken` from the authentication provider, then continues with SSO login.
Element Web uses [MSC2965: OIDC provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) to discover the configured provider.
Wherever valid MSC2965 configuration is discovered, OIDC-aware login flow will be the only option offered.

## (🧪Experimental) OIDC-native flow

Can be enabled by a config-level-only setting in `config.json`

```json
{
"features": {
"feature_oidc_native_flow": true
}
}
```

See https://areweoidcyet.com/client-implementation-guide/ for implementation details.

Element Web uses [MSC2965: OIDC provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) to discover the configured provider.
Where OIDC native login flow is enabled and valid MSC2965 configuration is discovered, OIDC native login flow will be the only login option offered.
Where a valid MSC2965 configuration is discovered, OIDC native login flow will be the only login option offered.
Element Web will attempt to [dynamically register](https://openid.net/specs/openid-connect-registration-1_0.html) with the configured OP.
Then, authentication will be completed [as described here](https://areweoidcyet.com/client-implementation-guide/).

Expand Down
34 changes: 0 additions & 34 deletions playwright/e2e/oidc/oidc-aware.spec.ts

This file was deleted.

4 changes: 0 additions & 4 deletions playwright/e2e/oidc/oidc-native.spec.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/*

Check failure on line 1 in playwright/e2e/oidc/oidc-native.spec.ts

View workflow job for this annotation

GitHub Actions / Run Tests [Chrome] 3/6

[Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit

1) [Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit Test timeout of 90000ms exceeded.

Check failure on line 1 in playwright/e2e/oidc/oidc-native.spec.ts

View workflow job for this annotation

GitHub Actions / Run Tests [Chrome] 3/6

[Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit

1) [Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit Retry #1 ─────────────────────────────────────────────────────────────────────────────────────── Test timeout of 90000ms exceeded.
Copyright 2024 New Vector Ltd.
Copyright 2023 The Matrix.org Foundation C.I.C.

Expand All @@ -14,18 +14,14 @@
test.skip(isDendrite, "does not yet support MAS");
test.slow(); // trace recording takes a while here

test.use({
labsFlags: ["feature_oidc_native_flow"],
});

test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, mas }) => {
const tokenUri = `http://localhost:${mas.port}/oauth2/token`;
const tokenApiPromise = page.waitForRequest(

Check failure on line 19 in playwright/e2e/oidc/oidc-native.spec.ts

View workflow job for this annotation

GitHub Actions / Run Tests [Chrome] 3/6

[Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit

1) [Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit Error: page.waitForRequest: Test timeout of 90000ms exceeded. 17 | test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, mas }) => { 18 | const tokenUri = `http://localhost:${mas.port}/oauth2/token`; > 19 | const tokenApiPromise = page.waitForRequest( | ^ 20 | (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", 21 | ); 22 | at /home/runner/work/element-web/element-web/playwright/e2e/oidc/oidc-native.spec.ts:19:38

Check failure on line 19 in playwright/e2e/oidc/oidc-native.spec.ts

View workflow job for this annotation

GitHub Actions / Run Tests [Chrome] 3/6

[Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit

1) [Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit Retry #1 ─────────────────────────────────────────────────────────────────────────────────────── Error: page.waitForRequest: Test timeout of 90000ms exceeded. 17 | test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, mas }) => { 18 | const tokenUri = `http://localhost:${mas.port}/oauth2/token`; > 19 | const tokenApiPromise = page.waitForRequest( | ^ 20 | (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", 21 | ); 22 | at /home/runner/work/element-web/element-web/playwright/e2e/oidc/oidc-native.spec.ts:19:38
(request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code",
);

await page.goto("/#/login");
await page.getByRole("button", { name: "Continue" }).click();

Check failure on line 24 in playwright/e2e/oidc/oidc-native.spec.ts

View workflow job for this annotation

GitHub Actions / Run Tests [Chrome] 3/6

[Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit

1) [Chrome] › oidc/oidc-native.spec.ts:17:9 › OIDC Native › can register the oauth2 client and an account @no-firefox @no-webkit Retry #1 ─────────────────────────────────────────────────────────────────────────────────────── Error: locator.click: Test timeout of 90000ms exceeded. Call log: - waiting for getByRole('button', { name: 'Continue' }) 22 | 23 | await page.goto("/#/login"); > 24 | await page.getByRole("button", { name: "Continue" }).click(); | ^ 25 | await registerAccountMas(page, mailhog.api, "alice", "[email protected]", "Pa$sW0rD!"); 26 | 27 | // Eventually, we should end up at the home screen. at /home/runner/work/element-web/element-web/playwright/e2e/oidc/oidc-native.spec.ts:24:62
await registerAccountMas(page, mailhog.api, "alice", "[email protected]", "Pa$sW0rD!");

// Eventually, we should end up at the home screen.
Expand Down
Loading