Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Update SSO mapping providers documentation about unique IDs. (#9980)
Browse files Browse the repository at this point in the history
  • Loading branch information
clokep authored May 13, 2021
1 parent 451f251 commit d19bccd
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 7 deletions.
1 change: 1 addition & 0 deletions changelog.d/9980.doc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Clarify documentation around SSO mapping providers generating unique IDs and localparts.
18 changes: 11 additions & 7 deletions docs/sso_mapping_providers.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ A custom mapping provider must specify the following methods:
- Arguments:
- `userinfo` - A `authlib.oidc.core.claims.UserInfo` object to extract user
information from.
- This method must return a string, which is the unique identifier for the
user. Commonly the ``sub`` claim of the response.
- This method must return a string, which is the unique, immutable identifier
for the user. Commonly the `sub` claim of the response.
* `map_user_attributes(self, userinfo, token, failures)`
- This method must be async.
- Arguments:
Expand All @@ -87,7 +87,9 @@ A custom mapping provider must specify the following methods:
`localpart` value, such as `john.doe1`.
- Returns a dictionary with two keys:
- `localpart`: A string, used to generate the Matrix ID. If this is
`None`, the user is prompted to pick their own username.
`None`, the user is prompted to pick their own username. This is only used
during a user's first login. Once a localpart has been associated with a
remote user ID (see `get_remote_user_id`) it cannot be updated.
- `displayname`: An optional string, the display name for the user.
* `get_extra_attributes(self, userinfo, token)`
- This method must be async.
Expand Down Expand Up @@ -153,8 +155,8 @@ A custom mapping provider must specify the following methods:
information from.
- `client_redirect_url` - A string, the URL that the client will be
redirected to.
- This method must return a string, which is the unique identifier for the
user. Commonly the ``uid`` claim of the response.
- This method must return a string, which is the unique, immutable identifier
for the user. Commonly the `uid` claim of the response.
* `saml_response_to_user_attributes(self, saml_response, failures, client_redirect_url)`
- Arguments:
- `saml_response` - A `saml2.response.AuthnResponse` object to extract user
Expand All @@ -172,8 +174,10 @@ A custom mapping provider must specify the following methods:
redirected to.
- This method must return a dictionary, which will then be used by Synapse
to build a new user. The following keys are allowed:
* `mxid_localpart` - The mxid localpart of the new user. If this is
`None`, the user is prompted to pick their own username.
* `mxid_localpart` - A string, the mxid localpart of the new user. If this is
`None`, the user is prompted to pick their own username. This is only used
during a user's first login. Once a localpart has been associated with a
remote user ID (see `get_remote_user_id`) it cannot be updated.
* `displayname` - The displayname of the new user. If not provided, will default to
the value of `mxid_localpart`.
* `emails` - A list of emails for the new user. If not provided, will
Expand Down

0 comments on commit d19bccd

Please sign in to comment.