Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add note about external_ids for User Admin API in documentation #17139

Merged
merged 3 commits into from
May 7, 2024
Merged

Add note about external_ids for User Admin API in documentation #17139

merged 3 commits into from
May 7, 2024

Conversation

sanjacob
Copy link
Contributor

@sanjacob sanjacob commented May 1, 2024
edited
Loading

If the login method is OIDC then the external id provider must be prefixed with 'oidc-', which was not mentioned before.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct
    (run the linters)

@sanjacob sanjacob requested a review from a team as a code owner May 1, 2024 09:53
@CLAassistant
Copy link

CLAassistant commented May 1, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@sanjacob sanjacob force-pushed the sanjacob-patch-1 branch 2 times, most recently from 6cdf562 to 5429c6b Compare May 2, 2024 07:46
@github-actions github-actions bot deployed to PR Documentation Preview May 2, 2024 07:55 Active
@github-actions github-actions bot deployed to PR Documentation Preview May 2, 2024 08:35 Active
@erikjohnston
Copy link
Member

Hmm, TBH it feels like we should make it error rather than silently fail? But I'm not really quite sure how this is meant to work, @sandhose do you know what's going on here?

@clokep
Copy link
Contributor

clokep commented May 2, 2024

It is meant to support that so you can add or remove OIDC providers. Ie you want to register OIDC login info first for every user, then update the Synapse config to actually use SSO.

Maybe that doesn't make sense, but that was the initial design IIRC.

@sandhose
Copy link
Member

sandhose commented May 2, 2024

@erikjohnston In other contexts we do somewhat use it as an arbitrary key-value thing (I know, it's as bad as it sounds), so making this an error would break those. It's also used with delegated auth to store the delegated IDP subject <-> MXID mapping

@sanjacob
Copy link
Contributor Author

sanjacob commented May 2, 2024

I am using the API to register users from another service (since that service knows their OIDC provider and sub) and thus the users can simply log into Synapse from the start, without needing to sign up again and without allowing other users to simply register in Synapse directly. Perhaps having my own OIDC service would make more sense, but it works for my use case.

@sanjacob sanjacob force-pushed the sanjacob-patch-1 branch 2 times, most recently from 13e0967 to 008fbd2 Compare May 3, 2024 12:02
@sanjacob sanjacob force-pushed the sanjacob-patch-1 branch from 008fbd2 to 71b5375 Compare May 3, 2024 22:05
@github-actions github-actions bot deployed to PR Documentation Preview May 7, 2024 16:38 Active
@anoadragon453 anoadragon453 enabled auto-merge (squash) May 7, 2024 16:38
@anoadragon453 anoadragon453 merged commit 1b15536 into element-hq:develop May 7, 2024
31 checks passed
yingziwu added a commit to yingziwu/synapse that referenced this pull request Jun 7, 2024
@yingziwu
Merge tag 'v1.108.0' into develop
bff6843 
No significant changes since 1.108.0rc1.

- Add a feature that allows clients to query the configured federation whitelist. Disabled by default. ([\#16848](element-hq/synapse#16848), [\#17199](element-hq/synapse#17199))
- Add the ability to allow numeric user IDs with a specific prefix when in the CAS flow. Contributed by Aurélien Grimpard. ([\#17098](element-hq/synapse#17098))

- Fix bug where push rules would be empty in `/sync` for some accounts. Introduced in v1.93.0. ([\#17142](element-hq/synapse#17142))
- Add support for optional whitespace around the Federation API's `Authorization` header's parameter commas. ([\#17145](element-hq/synapse#17145))
- Fix bug where disabling room publication prevented public rooms being created on workers. ([\#17177](element-hq/synapse#17177), [\#17184](element-hq/synapse#17184))

- Document [`/v1/make_knock`](https://spec.matrix.org/v1.10/server-server-api/#get_matrixfederationv1make_knockroomiduserid) and [`/v1/send_knock/`](https://spec.matrix.org/v1.10/server-server-api/#put_matrixfederationv1send_knockroomideventid) federation endpoints as worker-compatible. ([\#17058](element-hq/synapse#17058))
- Update User Admin API with note about prefixing OIDC external_id providers. ([\#17139](element-hq/synapse#17139))
- Clarify the state of the created room when using the `autocreate_auto_join_room_preset` config option. ([\#17150](element-hq/synapse#17150))
- Update the Admin FAQ with the current libjemalloc version for latest Debian stable. Additionally update the name of the "push_rules" stream in the Workers documentation. ([\#17171](element-hq/synapse#17171))

- Add note to reflect that [MSC3886](matrix-org/matrix-spec-proposals#3886) is closed but will remain supported for some time. ([\#17151](element-hq/synapse#17151))
- Update dependency PyO3 to 0.21. ([\#17162](element-hq/synapse#17162))
- Fixes linter errors found in PR #17147. ([\#17166](element-hq/synapse#17166))
- Bump black from 24.2.0 to 24.4.2. ([\#17170](element-hq/synapse#17170))
- Cache literal sync filter validation for performance. ([\#17186](element-hq/synapse#17186))
- Improve performance by fixing a reactor pause. ([\#17192](element-hq/synapse#17192))
- Route `/make_knock` and `/send_knock` federation APIs to the federation reader worker in Complement test runs. ([\#17195](element-hq/synapse#17195))
- Prepare sync handler to be able to return different sync responses (`SyncVersion`). ([\#17200](element-hq/synapse#17200))
- Organize the sync cache key parameter outside of the sync config (separate concerns). ([\#17201](element-hq/synapse#17201))
- Refactor `SyncResultBuilder` assembly to its own function. ([\#17202](element-hq/synapse#17202))
- Rename to be obvious: `joined_rooms` -> `joined_room_ids`. ([\#17203](element-hq/synapse#17203), [\#17208](element-hq/synapse#17208))
- Add a short pause when rate-limiting a request. ([\#17210](element-hq/synapse#17210))

* Bump cryptography from 42.0.5 to 42.0.7. ([\#17180](element-hq/synapse#17180))
* Bump gitpython from 3.1.41 to 3.1.43. ([\#17181](element-hq/synapse#17181))
* Bump immutabledict from 4.1.0 to 4.2.0. ([\#17179](element-hq/synapse#17179))
* Bump sentry-sdk from 1.40.3 to 2.1.1. ([\#17178](element-hq/synapse#17178))
* Bump serde from 1.0.200 to 1.0.201. ([\#17183](element-hq/synapse#17183))
* Bump serde_json from 1.0.116 to 1.0.117. ([\#17182](element-hq/synapse#17182))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anoadragon453 anoadragon453 anoadragon453 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sanjacob @CLAassistant @erikjohnston @clokep @sandhose @anoadragon453