Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC3824: OIDC aware clients #3824

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions proposals/3824-sso-redirect-action.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# MSC3824: Login/register indication on SSO redirect

At present a homeserver cannot tell if a request for `GET /_matrix/client/v3/login/sso/redirect` is intended to be used to sign in an existing user or register a new user.

In the context of [MSC2964](https://github.com/matrix-org/matrix-doc/pull/2965) the homeserver needs to know the intent so that the correct UI can be shown to the user.
hughns marked this conversation as resolved.
Show resolved Hide resolved

## Proposal

Add an optional query parameter `action` to `GET /_matrix/client/v3/login/sso/redirect` with meaning:

- `login` - the SSO redirect is for the purposes of signing an existing user in
- `register` - the SSO redirect is for the purpose of registering a new user account

## Potential issues

None.

## Alternatives

A `prompt` parameter with values [`create`](https://openid.net/specs/openid-connect-prompt-create-1_0.html#rfc.section.4) and [`login`](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) exists in OIDC for use on the authorized endpoint. However, our use case is different and it might cause confusion to overload these terms.

## Security considerations

None relevant.

## Unstable prefix

Not applicable.