This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Save the login tokens in database instead of being macaroons #13841
Labels
A-Login
A-Modules
Module API: https://matrix-org.github.io/synapse/latest/modules/index.html
A-SSO
Single Sign-On (maybe OIDC)
O-Occasional
Affects or can be seen by some users regularly or most users rarely
S-Minor
Blocks non-critical functionality, workarounds exist.
T-Enhancement
New features, changes in functionality, improvements in performance, or user-facing enhancements.
Comments
This was referenced Sep 19, 2022
DMRobertson
added
A-SSO
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
While implementing #11414 (OIDC Backchannel Logouts), I needed a way to invalidate login tokens, which is not possible because they are macaroons.
A way of solving this would be to save them in database instead.
One problem is that it makes the creation of login tokens async, which impacts the Module API:
complete_sso_login, which is sync, but was deprecated in Synapse 1.13.0 in favour ofcomplete_sso_login_asyncgenerate_short_term_login_token, which is also sync.My plan is to do a first PR which adds a
create_login_tokenasync method and deprecates thegenerate_short_term_loginmethod, and then another one for actually saving the login tokens in the databaseThe text was updated successfully, but these errors were encountered: