1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2025-01-20 18:42:33 +00:00
synapse/tests
Eric Eastwood 6a909aade2
Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972)
Consolidate SSO redirects through
`/_matrix/client/v3/login/sso/redirect(/{idpId})`

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1859497330 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). Instead of
needing to intercept multiple endpoints that redirect to the
authorization endpoint, it seems better to just have Synapse consolidate
to a single flow.


### Testing strategy

1. Create a new OAuth application. I'll be using GitHub for example but
there are [many
options](be65a8ec01/docs/openid.md).
Visit https://github.com/settings/developers -> **New OAuth App**
    - Application name: `Synapse local testing`
    - Homepage URL: `http://localhost:8008`
- Authorization callback URL:
`http://localhost:8008/_synapse/client/oidc/callback`
 1. Update your Synapse `homeserver.yaml`
    ```yaml
    server_name: "my.synapse.server"
    public_baseurl: http://localhost:8008/
    listeners:
      - port: 8008
        bind_addresses: [
          #'::1',
          '127.0.0.1'
        ]
        tls: false
        type: http
        x_forwarded: true
        resources:
          - names: [client, federation, metrics]
            compress: false
    
    # SSO login testing
    oidc_providers:
      - idp_id: github
        idp_name: Github
        idp_brand: "github"  # optional: styling hint for clients
        discover: false
        issuer: "https://github.com/"
        client_id: "xxx" # TO BE FILLED
        client_secret: "xxx" # TO BE FILLED
authorization_endpoint: "https://github.com/login/oauth/authorize"
        token_endpoint: "https://github.com/login/oauth/access_token"
        userinfo_endpoint: "https://api.github.com/user"
        scopes: ["read:user"]
        user_mapping_provider:
          config:
            subject_claim: "id"
            localpart_template: "{{ user.login }}"
            display_name_template: "{{ user.name }}"
    ```
1. Start Synapse: `poetry run synapse_homeserver --config-path
homeserver.yaml`
1. Visit
`http://localhost:8008/_synapse/client/pick_idp?redirectUrl=http%3A%2F%2Fexample.com`
 1. Choose GitHub
1. Notice that you're redirected to GitHub to sign in
(`https://github.com/login/oauth/authorize?...`)

Tested locally and works:

1.
`http://localhost:8008/_synapse/client/pick_idp?idp=oidc-github&redirectUrl=http%3A//example.com`
->
1.
`http://localhost:8008/_matrix/client/v3/login/sso/redirect/oidc-github?redirectUrl=http://example.com`
->
1.
`https://github.com/login/oauth/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A8008%2F_synapse%2Fclient%2Foidc%2Fcallback&scope=read%3Auser&state=xxx&nonce=xxx`
2024-11-29 11:26:37 -06:00
..
api Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972) 2024-11-29 11:26:37 -06:00
app Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
appservice Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
config Add config option redis.password_path (#17717) 2024-10-07 09:46:51 +01:00
crypto Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
events Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
federation Fix up logic for delaying sending read receipts over federation. (#17933) 2024-11-25 18:12:33 +00:00
handlers Create one-off scheduled task to delete old OTKs (#17934) 2024-11-19 11:20:48 +00:00
http Fix cancellation tests with new Twisted. (#17906) 2024-11-07 15:26:14 +00:00
logging Removal: Remove support for experimental msc3886 (#17638) 2024-11-13 14:10:20 +00:00
media Enable authenticated media by default (#17889) 2024-11-20 14:48:22 +00:00
metrics Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
module_api Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
push Remove support for python 3.8 (#17908) 2024-11-06 19:36:01 +00:00
replication Enable authenticated media by default (#17889) 2024-11-20 14:48:22 +00:00
rest Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972) 2024-11-29 11:26:37 -06:00
scripts Update license headers 2023-11-21 15:29:58 -05:00
server_notices Sliding Sync: Add cache to get_tags_for_room(...) (#17730) 2024-09-19 12:43:26 +01:00
state Update license headers 2023-11-21 15:29:58 -05:00
storage Remove support for python 3.8 (#17908) 2024-11-06 19:36:01 +00:00
test_utils Add media tests for a CMYK JPEG image (#17786) 2024-10-23 18:26:01 +01:00
types Use immutabledict instead of frozendict (#15113) 2023-03-22 17:15:34 +00:00
util Fix new scheduled tasks jumping the queue (#17962) 2024-11-28 18:06:19 +00:00
__init__.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
server.py Removal: Remove support for experimental msc3886 (#17638) 2024-11-13 14:10:20 +00:00
test_distributor.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_event_auth.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_federation.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_mau.py Update license headers 2023-11-21 15:29:58 -05:00
test_phone_home.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_rust.py Add missing type hints to tests. (#15027) 2023-02-08 19:52:37 +00:00
test_server.py Removal: Remove support for experimental msc3886 (#17638) 2024-11-13 14:10:20 +00:00
test_state.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_terms_auth.py Update license headers 2023-11-21 15:29:58 -05:00
test_test_utils.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_types.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_visibility.py Include user membership on events (#17282) 2024-06-13 21:45:54 +00:00
unittest.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
utils.py Improve lock performance when a lot of locks are waiting (#16840) 2024-03-14 13:49:54 +00:00