Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow fetching user claims through the userinfo_endpoint for upstream OAuth 2.0 providers #3363

Merged
merged 5 commits into from
Nov 26, 2024
Merged

Allow fetching user claims through the userinfo_endpoint for upstream OAuth 2.0 providers #3363

merged 5 commits into from
Nov 26, 2024

Conversation

MatMaul
Copy link
Contributor

@MatMaul MatMaul commented Oct 15, 2024

Untested for now so I am keeping it as a draft.

@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch from 1903904 to 4a62a23 Compare October 15, 2024 07:38
@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch 2 times, most recently from c59ee5b to 4a62a23 Compare October 15, 2024 09:39
@sandhose sandhose linked an issue Oct 25, 2024 that may be closed by this pull request
Allow fetching user claims through the userinfo_endpoint on upstream OAuth 2.0 logins #2088
Closed
@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch from 4a62a23 to d4f4c95 Compare October 31, 2024 17:36
@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch from d4f4c95 to 9f3ac54 Compare October 31, 2024 20:08
@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch from 9f3ac54 to 7c73cf6 Compare November 13, 2024 17:19
@MatMaul
Copy link
Contributor Author

MatMaul commented Nov 13, 2024

Could we unleash the CI please :) ?

@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch 2 times, most recently from a4e6e78 to 63e680d Compare November 14, 2024 08:55
@MatMaul MatMaul marked this pull request as ready for review November 14, 2024 08:58
sandhose
sandhose requested changes Nov 21, 2024
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skimming through this, it looks alright, thanks a lot! I think we need to wait for #3521 to land, so that you can rebase on top of it

crates/handlers/src/upstream_oauth2/callback.rs Outdated
lazy_metadata.userinfo_endpoint().await?,
response.access_token.as_str(),
Some(verification_data),
&id_token_map.ok_or(RouteError::MissingIDToken)?,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting, I did not know we were checking that the userinfo returns the same sub & co as the id_token… we probably want to remove that, as we'd like to support non-OIDC providers as well…

I can do that in a later PR though

@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch 3 times, most recently from 0de88fb to 880c7b9 Compare November 25, 2024 14:51
@MatMaul MatMaul changed the title Add user_profile_method to upstream SSO provider Add fetch_userinfo to upstream SSO provider Nov 25, 2024
@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch 2 times, most recently from 35ecaf6 to 1c167ac Compare November 25, 2024 16:19
@MatMaul MatMaul force-pushed the add-userinfo-endpoint branch from 1c167ac to 5d5519f Compare November 25, 2024 16:43
@MatMaul MatMaul requested a review from sandhose November 26, 2024 14:53
sandhose
sandhose approved these changes Nov 26, 2024
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! It just occurred to me that it's missing documentation about the new options here: https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#upstream_oauth2

But I'm fine with doing this in another PR

@sandhose sandhose enabled auto-merge (squash) November 26, 2024 14:56
@sandhose sandhose merged commit 56edcb4 into element-hq:main Nov 26, 2024
18 checks passed
@pierreozoux
Copy link

Well done @MatMaul :)

@sandhose sandhose mentioned this pull request Nov 29, 2024
Closed
@sandhose sandhose changed the title Add fetch_userinfo to upstream SSO provider Allow fetching user claims through the userinfo_endpoint for upstream OAuth 2.0 providers Dec 16, 2024
@sandhose sandhose added A-Upstream-OAuth Related to login via upstream OAuth 2.0 providers T-Enhancement New feature of request labels Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandhose sandhose sandhose approved these changes

Assignees
No one assigned
Labels
A-Upstream-OAuth Related to login via upstream OAuth 2.0 providers T-Enhancement New feature of request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow fetching user claims through the userinfo_endpoint on upstream OAuth 2.0 logins
3 participants
@MatMaul @pierreozoux @sandhose