Commit Graph

25 Commits (9cd0c247a20823cc1d29a9c322acd7bc4397a55e)

Author SHA1 Message Date
Michael Telatynski d0b30d1631
Allow explicit configuration of OIDC dynamic registration metadata (#12514)
* Fix `element-desktop-ssoid being` included in OIDC Authorization call

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Split out oidc callback url into its own method

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Allow explicit configuration of OIDC dynamic registration metadata

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix test

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix unexpected hash on oidc callback url

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* undefined > []

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-05-14 09:38:33 +00:00
Michael Telatynski cc6958980b
Fix `element-desktop-ssoid being` included in OIDC Authorization call (#12495)
* Fix `element-desktop-ssoid being` included in OIDC Authorization call

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Split out oidc callback url into its own method

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix unexpected hash on oidc callback url

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Update src/BasePlatform.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-05-13 13:31:08 +00:00
Michael Telatynski 580bb5537d
OIDC: pass `id_token` via `id_token_hint` on Manage Account interaction (#12499)
* Store id_token rather than just id_token_claims

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Pass id_token via `id_token_hint` on `Manage Account` interaction

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix tests

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-05-07 11:27:37 +00:00
Michael Telatynski 7b1e8e3d2f
Update MSC2965 OIDC Discovery implementation (#12245)
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-23 16:43:14 +00:00
renovate[bot] 300f30eca9
Update dependency oidc-client-ts to v3 (#12223)
* Mock subtle crypto in OIDC test

To unblock upgrade to oidc-client-ts

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Update dependency oidc-client-ts to v3

* delint

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Ensure oidc-client-ts 3.0.1 to drop crypto-js

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 16:58:59 +00:00
Michael Telatynski 618462ba06
Fix Native OIDC for Element Desktop (#12253)
* Reuse exported common type

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Improve client metadata used for OIDC dynamic registration

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix Native OIDC for Element Desktop by including ssoid in the url_state of the /auth call

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Reuse exported common type

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Improve client metadata used for OIDC dynamic registration

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix typo

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix test

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Mock PlatformPeg

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Mock platform

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Add comment

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Improve comment

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Update src/BasePlatform.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-19 15:10:11 +00:00
Michael Telatynski cd8679c172
Improve client metadata used for OIDC dynamic registration (#12257) 2024-02-16 14:43:58 +00:00
Michael Telatynski 4e68b91515
Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data (#12166)
* Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix tests

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-23 13:34:10 +00:00
Michael Telatynski a465b1659f
Fix account management link for delegated auth OIDC setups (#12144)
* Fix account management link for delegated auth OIDC setups

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix comment

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-16 09:51:03 +00:00
Kerry 1d9c24e96e
OIDC: add friendly errors (#11184)
* add delegatedauthentication to validated server config

* dynamic client registration functions

* test OP registration functions

* add stubbed nativeOidc flow setup in Login

* cover more error cases in Login

* tidy

* test dynamic client registration in Login

* comment oidc_static_clients

* register oidc inside Login.getFlows

* strict fixes

* remove unused code

* and imports

* comments

* comments 2

* util functions to get static client id

* check static client ids in login flow

* remove dead code

* OidcRegistrationClientMetadata type

* navigate to oidc authorize url

* exchange code for token

* navigate to oidc authorize url

* navigate to oidc authorize url

* test

* adjust for js-sdk code

* login with oidc native flow: messy version

* tidy

* update test for response_mode query

* tidy up some TODOs

* use new types

* add identityServerUrl to stored params

* unit test completeOidcLogin

* test tokenlogin

* strict

* whitespace

* tidy

* unit test oidc login flow in MatrixChat

* strict

* tidy

* extract success/failure handlers from token login function

* typo

* use for no homeserver error dialog too

* reuse post-token login functions, test

* shuffle testing utils around

* shuffle testing utils around

* i18n

* tidy

* Update src/Lifecycle.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* tidy

* comment

* update tests for id token validation

* move try again responsibility

* prettier

* add friendly error messages for oidc authorization failures

* i18n

* update for new translations, tidy

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-19 02:46:37 +00:00
Kerry d9d52fba8c
OIDC: use delegated auth account URL from `OidcClientStore` (#11723)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* retreive stored refresh token and add to credentials

* extract token decryption into function

* remove TODO

* very messy poc

* utils to persist clientId and issuer after oidc authentication

* add dep oidc-client-ts

* persist issuer and clientId after successful oidc auth

* add OidcClientStore

* comments and tidy

* expose getters for stored refresh and access tokens in Lifecycle

* revoke tokens with oidc provider

* test logout action in MatrixChat

* comments

* prettier

* test OidcClientStore.revokeTokens

* put pickle key destruction back

* comment pedantry

* working refresh without persistence

* extract token persistence functions to utils

* add sugar

* implement TokenRefresher class with persistence

* tidying

* persist idTokenClaims

* persist idTokenClaims

* tests

* remove unused cde

* create token refresher during doSetLoggedIn

* tidying

* also tidying

* OidcClientStore.initClient use stored issuer when client well known unavailable

* test Lifecycle.logout

* update Lifecycle test replaceUsingCreds calls

* fix test

* add sdkContext to UserSettingsDialog

* use sdkContext and oidcClientStore in session manager

* use sdkContext and OidcClientStore in generalusersettingstab

* tidy

* test tokenrefresher creation in login flow

* test token refresher

* Update src/utils/oidc/TokenRefresher.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* use literal value for m.authentication

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* improve comments

* fix test mock, comment

* typo

* add sdkContext to SoftLogout, pass oidcClientStore to logout

* fullstops

* comments

* fussy comment formatting

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-15 23:03:25 +00:00
Kerry 3a025c4b21
OIDC: refresh tokens (#11699)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* retreive stored refresh token and add to credentials

* extract token decryption into function

* remove TODO

* very messy poc

* comments

* prettier

* comment pedantry

* working refresh without persistence

* extract token persistence functions to utils

* add sugar

* implement TokenRefresher class with persistence

* tidying

* persist idTokenClaims

* persist idTokenClaims

* tests

* remove unused cde

* create token refresher during doSetLoggedIn

* tidying

* also tidying

* update Lifecycle test replaceUsingCreds calls

* tidy

* test tokenrefresher creation in login flow

* test token refresher

* Update src/utils/oidc/TokenRefresher.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* use literal value for m.authentication

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* improve comments

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-12 00:49:07 +00:00
Kerry feb7e9899b
OIDC: persist id token claims (#11691)
* persist idTokenClaims

* tests

* remove unused cde
2023-10-04 05:06:04 +01:00
Kerry 46072caa3a
OIDC: persist refresh token (#11249)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* comments

* prettier

* Update src/Lifecycle.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* comments

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-09-19 00:06:19 +00:00
Kerry dfded8d4d3
OIDC: disable multi session signout for OIDC-aware servers in session manager (#11431)
* util for account url

* test cases

* disable multi session selection on device list

* remove sign out all from context menus when oidc-aware

* comment

* remove unused param

* typo
2023-08-22 02:25:34 +00:00
Michael Telatynski 57a0d99dc8
Improve randomString mock for better snapshots (#11375) 2023-08-09 09:39:48 +01:00
Kerry 0b0d77cbcc
OIDC: Persist details in session storage, create store (#11302)
* utils to persist clientId and issuer after oidc authentication

* add dep oidc-client-ts

* persist issuer and clientId after successful oidc auth

* add OidcClientStore

* comments and tidy

* format
2023-07-20 21:30:19 +00:00
Michael Telatynski f5f31eb7d8
Fix jest/valid-expects lints (#11238) 2023-07-13 15:19:44 +00:00
Kerry 7b3d0ad209
OIDC: Log in (#11199)
* add delegatedauthentication to validated server config

* dynamic client registration functions

* test OP registration functions

* add stubbed nativeOidc flow setup in Login

* cover more error cases in Login

* tidy

* test dynamic client registration in Login

* comment oidc_static_clients

* register oidc inside Login.getFlows

* strict fixes

* remove unused code

* and imports

* comments

* comments 2

* util functions to get static client id

* check static client ids in login flow

* remove dead code

* OidcRegistrationClientMetadata type

* navigate to oidc authorize url

* exchange code for token

* navigate to oidc authorize url

* navigate to oidc authorize url

* test

* adjust for js-sdk code

* login with oidc native flow: messy version

* tidy

* update test for response_mode query

* tidy up some TODOs

* use new types

* add identityServerUrl to stored params

* unit test completeOidcLogin

* test tokenlogin

* strict

* whitespace

* tidy

* unit test oidc login flow in MatrixChat

* strict

* tidy

* extract success/failure handlers from token login function

* typo

* use for no homeserver error dialog too

* reuse post-token login functions, test

* shuffle testing utils around

* shuffle testing utils around

* i18n

* tidy

* Update src/Lifecycle.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* tidy

* comment

* update tests for id token validation

* move try again responsibility

* prettier

* use more future proof config for static clients

* test util for oidcclientconfigs

* rename type and lint

* correct oidc test util

* store issuer and clientId pre auth navigation

* adjust for js-sdk changes

* update for js-sdk userstate, tidy

* update MatrixChat tests

* update tests

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-07-11 04:09:18 +00:00
Kerry 01bd80fe59
OIDC: update to `oidc-client-ts` functions from js-sdk (#11193)
* test util for oidcclientconfigs

* rename type and lint

* correct oidc test util

* store issuer and clientId pre auth navigation

* update for js-sdk userstate, tidy
2023-07-10 00:57:16 +00:00
Kerry 90e65e8490
use more future proof config for static clients (#11175) 2023-07-04 23:10:03 +00:00
Kerry 3f04e41c21
OIDC: navigate to authorization endpoint (#11096)
* add delegatedauthentication to validated server config

* dynamic client registration functions

* test OP registration functions

* add stubbed nativeOidc flow setup in Login

* cover more error cases in Login

* tidy

* test dynamic client registration in Login

* comment oidc_static_clients

* register oidc inside Login.getFlows

* strict fixes

* remove unused code

* and imports

* comments

* comments 2

* util functions to get static client id

* check static client ids in login flow

* remove dead code

* OidcRegistrationClientMetadata type

* navigate to oidc authorize url

* navigate to oidc authorize url

* test

* adjust for js-sdk code

* update test for response_mode query

* use new types

* strict

* tidy
2023-06-28 21:08:56 +00:00
Michael Telatynski 6836a5fa7b
Conform more code to `strictNullChecks` and `noImplicitAny` (#11156) 2023-06-28 14:05:36 +01:00
Kerry 358c37ad69
OIDC: attempt dynamic client registration (#11074)
* add delegatedauthentication to validated server config

* dynamic client registration functions

* test OP registration functions

* add stubbed nativeOidc flow setup in Login

* cover more error cases in Login

* tidy

* test dynamic client registration in Login

* comment oidc_static_clients

* register oidc inside Login.getFlows

* strict fixes

* remove unused code

* and imports

* comments

* comments 2

* util functions to get static client id

* check static client ids in login flow

* remove dead code

* OidcRegistrationClientMetadata type

* use registerClient from js-sdk

* use OidcError from js-sdk
2023-06-22 20:59:03 +00:00
Kerry 328db8fdfd
OIDC: Check static client registration and add login flow (#11088)
* util functions to get static client id

* check static client ids in login flow

* remove dead code

* add trailing slash

* comment error enum

* spacing

* PR tidying

* more comments

* add ValidatedDelegatedAuthConfig type

* Update src/Login.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Update src/Login.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Update src/utils/ValidatedServerConfig.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* rename oidc_static_clients to oidc_static_client_ids

* comment

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-06-22 10:15:44 +00:00