Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add Mastodon SSO setup instructions to docs #14594

Merged
merged 17 commits into from
Dec 7, 2022
Merged

Add Mastodon SSO setup instructions to docs #14594

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
8bb77c5
Add Mastodon/Fediverse instructions
villepeh Dec 2, 2022
0c7c6cb
Update openid.md
villepeh Dec 2, 2022
7d2bfe4
Create 14593.doc
villepeh Dec 2, 2022
0d57ded
Rename 14593.doc to 14594.doc
villepeh Dec 2, 2022
a20a05a
fixed typo in the curl command
villepeh Dec 2, 2022
6feba37
Merge branch 'develop' into develop
villepeh Dec 2, 2022
2f8e0cc
Merge branch 'develop' into develop
villepeh Dec 2, 2022
1502529
Update docs/openid.md
villepeh Dec 5, 2022
cdf4b50
Update docs/openid.md
villepeh Dec 5, 2022
0c50c8a
Update docs/openid.md
villepeh Dec 5, 2022
97e613d
Update 14594.doc
villepeh Dec 5, 2022
be248c3
Update openid.md
villepeh Dec 5, 2022
9bf098b
Update docs/openid.md
villepeh Dec 5, 2022
7ea308f
Update docs/openid.md
villepeh Dec 5, 2022
01da8fc
Update docs/openid.md
villepeh Dec 5, 2022
6cd9cf9
Merge branch 'develop' into develop
villepeh Dec 5, 2022
94e4219
Merge branch 'matrix-org:develop' into develop
villepeh Dec 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/14594.doc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add Mastodon and Fediverse Single-Sign On setup instructions for Synapse.
villepeh marked this conversation as resolved.
Show resolved Hide resolved
39 changes: 39 additions & 0 deletions docs/openid.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -590,3 +590,42 @@ oidc_providers:
display_name_template: "{{ user.first_name }} {{ user.last_name }}"
email_template: "{{ user.email }}"
```

### Mastodon / Fediverse

Single-Sign On provided by [Mastodon](https://docs.joinmastodon.org/) and other Fediverse websites work with Synapse, provided they have implemented the [Mastodon OAuth API](https://docs.joinmastodon.org/spec/oauth/).
villepeh marked this conversation as resolved.
Show resolved Hide resolved

This example assumes:
* the Mastodon instance website URL is `https://your.mastodon.instance.url/`
* you want to create an App titled *my_synapse_app*

The first step is to create an App using the Mastodon's [Create an application API](https://docs.joinmastodon.org/methods/apps/#create). There are several ways to do this but in the example below we are using CURL.

villepeh marked this conversation as resolved.
Show resolved Hide resolved
Send the following request:
villepeh marked this conversation as resolved.
Show resolved Hide resolved
```sh
curl -d "client_name=my_synapse_app&redirect_uris=https://[synapse_public_baseurl]/_synapse/client/oidc/callback" -X POST https://your.mastodon.instance.url/api/v1/apps
```

You should get the following response, and you should write down:
villepeh marked this conversation as resolved.
Show resolved Hide resolved
```json
{"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"}
DMRobertson marked this conversation as resolved.
Show resolved Hide resolved
```

As the Synapse login mechanism needs an attribute to uniquely identify users, and that endpoint does not return a sub property, an alternative subject_claim has to be set. Your Synapse configuration should be the following:
villepeh marked this conversation as resolved.
Show resolved Hide resolved

```yaml
oidc_providers:
- idp_id: fediverse
idp_name: "Fediverse Example"
villepeh marked this conversation as resolved.
Show resolved Hide resolved
discover: false
issuer: "https://your.mastodon.instance.url/@admin"
DMRobertson marked this conversation as resolved.
Show resolved Hide resolved
client_id: "someclientid_123"
client_secret: "someclientsecret_123"
authorization_endpoint: "https://your.mastodon.instance.url/oauth/authorize"
token_endpoint: "https://your.mastodon.instance.url/oauth/token"
userinfo_endpoint: "https://your.mastodon.instance.url/api/v1/accounts/verify_credentials"
scopes: ["read"]
user_mapping_provider:
config:
subject_claim: "id"
villepeh marked this conversation as resolved.
Show resolved Hide resolved
```
villepeh marked this conversation as resolved.
Show resolved Hide resolved