mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-18 08:54:54 +03:00
Code Issues Projects Releases Packages Wiki Activity
synapse/tests/rest/client
History
Eric Eastwood 6a909aade2
Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972) 
Consolidate SSO redirects through
`/_matrix/client/v3/login/sso/redirect(/{idpId})`

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1859497330 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). Instead of
needing to intercept multiple endpoints that redirect to the
authorization endpoint, it seems better to just have Synapse consolidate
to a single flow.


### Testing strategy

1. Create a new OAuth application. I'll be using GitHub for example but
there are [many
options](be65a8ec01/docs/openid.md).
Visit https://github.com/settings/developers -> **New OAuth App**
    - Application name: `Synapse local testing`
    - Homepage URL: `http://localhost:8008`
- Authorization callback URL:
`http://localhost:8008/_synapse/client/oidc/callback`
 1. Update your Synapse `homeserver.yaml`
    ```yaml
    server_name: "my.synapse.server"
    public_baseurl: http://localhost:8008/
    listeners:
      - port: 8008
        bind_addresses: [
          #'::1',
          '127.0.0.1'
        ]
        tls: false
        type: http
        x_forwarded: true
        resources:
          - names: [client, federation, metrics]
            compress: false
    
    # SSO login testing
    oidc_providers:
      - idp_id: github
        idp_name: Github
        idp_brand: "github"  # optional: styling hint for clients
        discover: false
        issuer: "https://github.com/"
        client_id: "xxx" # TO BE FILLED
        client_secret: "xxx" # TO BE FILLED
authorization_endpoint: "https://github.com/login/oauth/authorize"
        token_endpoint: "https://github.com/login/oauth/access_token"
        userinfo_endpoint: "https://api.github.com/user"
        scopes: ["read:user"]
        user_mapping_provider:
          config:
            subject_claim: "id"
            localpart_template: "{{ user.login }}"
            display_name_template: "{{ user.name }}"
    ```
1. Start Synapse: `poetry run synapse_homeserver --config-path
homeserver.yaml`
1. Visit
`http://localhost:8008/_synapse/client/pick_idp?redirectUrl=http%3A%2F%2Fexample.com`
 1. Choose GitHub
1. Notice that you're redirected to GitHub to sign in
(`https://github.com/login/oauth/authorize?...`)

Tested locally and works:

1.
`http://localhost:8008/_synapse/client/pick_idp?idp=oidc-github&redirectUrl=http%3A//example.com`
->
1.
`http://localhost:8008/_matrix/client/v3/login/sso/redirect/oidc-github?redirectUrl=http://example.com`
->
1.
`https://github.com/login/oauth/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A8008%2F_synapse%2Fclient%2Foidc%2Fcallback&scope=read%3Auser&state=xxx&nonce=xxx`
2024-11-29 11:26:37 -06:00
..
sliding_sync Sliding Sync: Lazy-loading room members on incremental sync (remember memberships) (#17809) 2024-11-04 10:17:58 -06:00
__init__.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_account.py Bump mypy from 1.8.0 to 1.9.0 (#17297) 2024-06-13 15:50:10 +01:00
test_account_data.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_auth.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_auth_issuer.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_capabilities.py Update license headers 2023-11-21 15:29:58 -05:00
test_consent.py Update license headers 2023-11-21 15:29:58 -05:00
test_delayed_events.py Add missing license header (#17799) 2024-10-08 12:01:44 +01:00
test_devices.py Add Sliding Sync /sync/e2ee endpoint for To-Device messages (#17167) 2024-05-23 12:06:16 -05:00
test_directory.py Update license headers 2023-11-21 15:29:58 -05:00
test_ephemeral_message.py Update license headers 2023-11-21 15:29:58 -05:00
test_events.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_filter.py Bump mypy from 1.5.1 to 1.8.0 (#16901) 2024-03-13 17:05:57 +00:00
test_identity.py Update license headers 2023-11-21 15:29:58 -05:00
test_keys.py Use custom stage UIA error for MAS cross-signing reset (#17509) 2024-08-30 14:52:57 +02:00
test_login.py Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972) 2024-11-29 11:26:37 -06:00
test_login_token_request.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_media.py Add media tests for a CMYK JPEG image (#17786) 2024-10-23 18:26:01 +01:00
test_models.py import pydantic objects from the _pydantic_compat module (#17667) 2024-09-11 21:01:43 +00:00
test_mutual_rooms.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_notifications.py Require the 'from' parameter for /notifications be an integer (#17283) 2024-06-19 10:05:39 +01:00
test_owned_state.py Support MSC3757: Restricting who can overwrite a state event (#17513) 2024-09-26 15:25:05 +02:00
test_password_policy.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_power_levels.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_presence.py Update license headers 2023-11-21 15:29:58 -05:00
test_profile.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_push_rule_attrs.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_read_marker.py Do not refuse to set read_marker if previous event_id is in wrong room (#16990) 2024-03-21 18:43:07 +00:00
test_receipts.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_redactions.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_register.py Format files with Ruff (#17643) 2024-09-02 12:39:04 +01:00
test_relations.py Stabliize support for MSC3981: recurse /relations (#17023) 2024-04-09 17:11:08 +01:00
test_rendezvous.py Removal: Remove support for experimental msc3886 (#17638) 2024-11-13 14:10:20 +00:00
test_reporting.py Support & use stable endpoints for MSC4151 (#17374) 2024-10-31 09:55:30 +00:00
test_retention.py Include user membership on events (#17282) 2024-06-13 21:45:54 +00:00
test_rooms.py Sliding Sync: Reset forgotten status when membership changes (like rejoining a room) (#17835) 2024-10-22 11:06:46 +01:00
test_sendtodevice.py Add Sliding Sync /sync/e2ee endpoint for To-Device messages (#17167) 2024-05-23 12:06:16 -05:00
test_shadow_banned.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_sync.py Optimise notifier (#17765) 2024-09-30 12:58:13 +01:00
test_tags.py Check if user is in room before being able to tag it (#17839) 2024-10-30 11:55:23 -05:00
test_third_party_rules.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_transactions.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_typing.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_upgrade_room.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
utils.py Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972) 2024-11-29 11:26:37 -06:00