Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Homeservers as OAuth authorization endpoints (resource owners) (SPEC-206) #531

Closed
matrixbot opened this issue Jul 25, 2015 · 8 comments
Closed

Homeservers as OAuth authorization endpoints (resource owners) (SPEC-206) #531

matrixbot opened this issue Jul 25, 2015 · 8 comments
Labels
abandoned A proposal where the author/shepherd is not responsive feature Suggestion for a significant extension which needs considerable consideration kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal

Comments

@matrixbot
Copy link
Member

matrixbot commented Jul 25, 2015
edited by benparsons
Loading

Documentation: https://docs.google.com/document/d/1vEPFlX79oa1foBmar6i8nvw-hB4SXfVqg6o6Wsdl1kQ/edit
Author: @kegsay

We want third parties (ASes, random web apps which use OAuth to login as someone) to be able to act on behalf of real matrix users. Currently, they simply can't, as they can't authenticate as a given user_id.

We should probably expose a CS HTTP API endpoint /oauth which expects to be hit with a redirect_uri, scopes, etc and ideally a browser-sent access_token from the redirect (obviously not automatic given the token is a query param and not a Cookie :( ). If not logged in, you'd need to login as usual for that HS (e.g. m.login.password) and then go to the "Accept scopes" page. This will then return a token which the 3rd party service can use as an access_token.

Note that this is completely different to the role HSes play during reg/login where we ARE the "web app" wanting to authenticate on another 3rd party (FB/G+/etc).

This is becoming increasingly important as more services wish to authenticate as existing user IDs rather than having user ID fragmentation/namespace hell.

(Imported from https://matrix.org/jira/browse/SPEC-206)

(Reported by @kegsay)
@matrixbot
Copy link
Member Author

Jira watchers: @kegsay

@matrixbot
Copy link
Member Author

matrixbot commented Jul 25, 2015
edited
Loading

Links exported from Jira:

blocks BOTS-4
relates to SPEC-170

@matrixbot matrixbot added the p1 label Oct 28, 2016
@matrixbot matrixbot changed the title Homeservers as OAuth authorization endpoints (resource owners) Homeservers as OAuth authorization endpoints (resource owners) (SPEC-206) Oct 31, 2016
@matrixbot matrixbot added the spec-bug Something which is in the spec, but is wrong label Nov 7, 2016
@leonerd
Copy link
Contributor

leonerd commented Nov 17, 2016

Also matrix-org/matrix-appservice-gitter#33 could benefit from this most majorly.

@richvdh richvdh added feature Suggestion for a significant extension which needs considerable consideration and removed spec-bug Something which is in the spec, but is wrong p1 labels Oct 26, 2017
@benparsons benparsons added the abandoned A proposal where the author/shepherd is not responsive label May 10, 2018
@ara4n ara4n added proposal-in-review proposal A matrix spec change proposal and removed proposal-in-review labels May 15, 2018
@yangm97
Copy link

yangm97 commented Feb 17, 2019

Was this abandoned or superseded by something better?

@ara4n
Copy link
Member

ara4n commented Feb 17, 2019

neither. we still want this, but nobody has MSC'd it yet. unfortunately kegsay left the project during the funding disruption in 2017, so it hasn't really had a champion since. in other words: it's very much up for grabs! MSCs welcome!

@richvdh
Copy link
Member

richvdh commented Oct 8, 2019

is this now implemetned by https://matrix.org/docs/spec/client_server/r0.5.0#id199 ?

@turt2live
Copy link
Member

OAuth != OpenID, also an OpenID token from a homeserver doesn't give you permission to impersonate that user.

@turt2live turt2live added the kind:feature MSC for not-core and not-maintenance stuff label Apr 21, 2020
@richvdh
Copy link
Member

richvdh commented Aug 21, 2020

if this is abandoned, it may as well be closed.

@richvdh richvdh closed this as completed Aug 21, 2020
@erlend-sh erlend-sh mentioned this issue Mar 1, 2022
Open
@ara4n ara4n mentioned this issue Mar 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
abandoned A proposal where the author/shepherd is not responsive feature Suggestion for a significant extension which needs considerable consideration kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@leonerd @turt2live @benparsons @ara4n @anoadragon453 @richvdh @yangm97 @matrixbot