diff --git a/docs/oidc.md b/docs/oidc.md index 34387f9241..bf10792d0c 100644 --- a/docs/oidc.md +++ b/docs/oidc.md @@ -1,29 +1,9 @@ # OIDC and delegated authentication -## Compatibility/OIDC-aware mode - -[MSC2965: OIDC provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) -[MSC3824: OIDC aware clients](https://github.com/matrix-org/matrix-spec-proposals/pull/3824) -This mode uses an SSO flow to gain a `loginToken` from the authentication provider, then continues with SSO login. -Element Web uses [MSC2965: OIDC provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) to discover the configured provider. -Wherever valid MSC2965 configuration is discovered, OIDC-aware login flow will be the only option offered. - -## (🧪Experimental) OIDC-native flow - -Can be enabled by a config-level-only setting in `config.json` - -```json -{ - "features": { - "feature_oidc_native_flow": true - } -} -``` - See https://areweoidcyet.com/client-implementation-guide/ for implementation details. Element Web uses [MSC2965: OIDC provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) to discover the configured provider. -Where OIDC native login flow is enabled and valid MSC2965 configuration is discovered, OIDC native login flow will be the only login option offered. +Where a valid MSC2965 configuration is discovered, OIDC native login flow will be the only login option offered. Element Web will attempt to [dynamically register](https://openid.net/specs/openid-connect-registration-1_0.html) with the configured OP. Then, authentication will be completed [as described here](https://areweoidcyet.com/client-implementation-guide/). diff --git a/playwright/e2e/oidc/oidc-aware.spec.ts b/playwright/e2e/oidc/oidc-aware.spec.ts deleted file mode 100644 index 7b155f27a4..0000000000 --- a/playwright/e2e/oidc/oidc-aware.spec.ts +++ /dev/null @@ -1,34 +0,0 @@ -/* -Copyright 2024 New Vector Ltd. -Copyright 2023 The Matrix.org Foundation C.I.C. - -SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only -Please see LICENSE files in the repository root for full details. -*/ - -import { test, expect, registerAccountMas } from "."; -import { isDendrite } from "../../plugins/homeserver/dendrite"; - -test.describe("OIDC Aware", { tag: ["@no-firefox", "@no-webkit"] }, () => { - test.skip(isDendrite, "does not yet support MAS"); - test.slow(); // trace recording takes a while here - - test("can register an account and manage it", async ({ context, page, homeserver, mailhog, app }) => { - await page.goto("/#/login"); - await page.getByRole("button", { name: "Continue" }).click(); - await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); - - // Eventually, we should end up at the home screen. - await expect(page).toHaveURL(/\/#\/home$/, { timeout: 10000 }); - await expect(page.getByRole("heading", { name: "Welcome alice", exact: true })).toBeVisible(); - - // Open settings and navigate to account management - await app.settings.openUserSettings("Account"); - const newPagePromise = context.waitForEvent("page"); - await page.getByRole("button", { name: "Manage account" }).click(); - - // Assert new tab opened - const newPage = await newPagePromise; - await expect(newPage.getByText("Primary email")).toBeVisible(); - }); -}); diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index 2ae5cf83e6..b523f37f3b 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -14,10 +14,6 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { test.skip(isDendrite, "does not yet support MAS"); test.slow(); // trace recording takes a while here - test.use({ - labsFlags: ["feature_oidc_native_flow"], - }); - test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhog, mas }) => { const tokenUri = `http://localhost:${mas.port}/oauth2/token`; const tokenApiPromise = page.waitForRequest(