MSC1960: OpenID information exchange with widgets #1960
Conversation
turt2live
changed the title
|
@turt2live and I had a discussion about this a bit on Matrix, something somewhere needs to spec out a bit more how the client gets the OpenID credentials to pass to the widget. It was suggested something like https://github.com/matrix-org/matrix-doc/pull/1961/files#diff-46763da5dcada9c6bd410e646df8390bR21 could be added. I also wonder if this should be generalized a bit to broader SSO access? I'm not sure how hard that would be, but the current way that clients can login is a generic "SSO" type, not OpenID specifically. |
Co-authored-by: David Baker <[email protected]> Co-authored-by: Andrew Morgan <[email protected]>
|
@dbkr @anoadragon453 I've ruined your comment threads by making significant formatting changes to the diff, sorry. There's also some clarifications if @richvdh, @clokep, and @jaywink have a chance to review them. |
|
@mscbot fcp merge |
|
Team member @turt2live has proposed to merge this. The next step is review by the rest of the tagged people: Concerns:
Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for information about what commands tagged team members can give me. |
mscbot
added
disposition-merge
proposed-final-comment-period
turt2live
removed
the
blocked
|
right, so enough of the widget spec has been specified for this to get the clarifications it needed. Originally the Functionally the MSC is the same with this new wording, though most of it has been replaced with clearer (hopefully) words. @richvdh @dbkr @anoadragon453 please take another read, which may involve skimming parts of the widget spec (see diff for links). For now, I think my concern can be lifted: @mscbot resolve This is blocked on untangling the mess between MSC1236 and reality. |
|
|
||
| Widgets are currently left with no options to verify the user's ID, making it hard for | ||
| personalized and authenticated widgets to exist. The spec says the `$matrix_user_id` | ||
| template variable cannot be relied upon due to how easy it is to faslify, which is true. |
There was a problem hiding this comment.
| template variable cannot be relied upon due to how easy it is to faslify, which is true. | |
| template variable cannot be relied upon due to how easy it is to falsify, which is true. |
| "widgetId": "CCCDDD", | ||
| "data": { | ||
| "state": "allowed", | ||
| "original_request_id": "AAABBB", |
There was a problem hiding this comment.
The mix of snake & camel case is unfortunate but this is probably the least terrible way of combining the two worlds.
There was a problem hiding this comment.
yea, it's a mess. It is however consistent with the other API actions (which are also awful).
| The request SHOULD result in the user being prompted to confirm that the widget can have | ||
| their information. Because of this user interaction, it's not always possible for the user | ||
| to complete the approval within the 10 second suggested timeout by the widget spec. As | ||
| such, the initial request by the widget can have one of three states: |
There was a problem hiding this comment.
It feels a bit out-of-order that we're talking about the responses before we've seen what the request is.
| ``` | ||
|
|
||
| Which then receives a response which has a `state` field alongside potentially the credentials | ||
| to be verified. Matching the order of possible responses above, here are examples: |
There was a problem hiding this comment.
I would probably have just talked about what responses at the same time as the examples rather than having the reader refer back up to the list of possible responses, but ok - the content is fine, probably not worth re-wording.
|
🔔 This is now entering its final comment period, as per the review above. 🔔 |
mscbot
added
final-comment-period
|
The final comment period, with a disposition to merge, as per the review above, is now complete. |
mscbot
added
finished-final-comment-period
and removed
disposition-merge
final-comment-period
turt2live
added
spec-pr-missing
turt2live
added
spec-pr-in-review
turt2live
added
the
blocked
| In the case of `state: "request"`, the user is being asked to approve the widget's attempt to | ||
| verify their identity. To ensure that future requests are quicker, clients are encouraged to | ||
| include a "remember this widget" option to make use of the immediate `state: "allowed"` or | ||
| `state: "blocked"` responses above. |
There was a problem hiding this comment.
This seems to be redundant to what we have with the capability system. I would propose making this a capability as well. This would
- give the widget developer the choice to ask the user for oidc permissions on first startup.
- the client developer does not need to track oidc permissions + capabilitis but can treat oidc as a capability without any custom logic.
There was a problem hiding this comment.
thinking further capabilites imply a rethinking of this:
to conform to the rest of the widget logic It seems It should be like this:
- there should only be on action:
fromWidgetget_openId. - there should be a capability
allow_open_id - it is the widgets responsibility to first aquire the capability. (the client is responsible to prompt the user with a clear explanation) -> then the token request via
get_openidis instant and does not need two actions: one for asking for the tokenget_openid(which might already return a token but not necassarly) and another one for sending over the tokenopenid_credentials.
In other words get_oidc seems to be equivalent to a request capabilites call with a confusing name.
Rendered
Upstream proposal: MSC1956 - Integrations API
Discussion room: #msc-integrations-api:t2bot.io
This is being contributed under the hat of "author of Dimension":