Skip to content

OIDC configuration #4623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 23, 2025
Merged

OIDC configuration #4623

merged 9 commits into from
Apr 23, 2025

Conversation

bmarty
Copy link
Member

@bmarty bmarty commented Apr 22, 2025

Content

Let OIDC configuration be read from BuildConfig file.
Also improve the error dialog when there is an error in the configuration (see screenshot below). Since this is generally build issue, there is no need to translate such error message.

Motivation and context

Make Oidc configuration configurable at build time.

Screenshots / GIFs

Before After
OidcError_before OidcError_after

Tests

  • There should be no impact at all on the Element X Android application, but reviewer should check that login/registration still works as expected on matrix.org or any other homeserver which supports MAS.

Tested devices

  • Physical
  • Emulator
  • OS version(s):

Checklist

  • Changes have been tested on an Android device or Android emulator with API 24
  • UI change has been tested on both light and dark themes
  • Accessibility has been taken into account. See https://github.com/element-hq/element-x-android/blob/develop/CONTRIBUTING.md#accessibility
  • Pull request is based on the develop branch
  • Pull request title will be used in the release note, it clearly define what will change for the user
  • Pull request includes screenshots or videos if containing UI changes
  • You've made a self review of your PR

@bmarty bmarty added the PR-Build For changes related to build, tools, CI/CD label Apr 22, 2025
@bmarty bmarty requested a review from a team as a code owner April 22, 2025 14:58
@bmarty bmarty requested review from jmartinesp and removed request for a team April 22, 2025 14:58
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 22, 2025
edited
Loading

📱 Scan the QR code below to install the build (arm64 only) for this PR.
QR code
If you can't scan the QR code you can install the build via this link: https://i.diawi.com/YCcGXN

@codecov Codecov
Copy link

codecov bot commented Apr 22, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 75.86207% with 7 lines in your changes missing coverage. Please review.

Project coverage is 80.00%. Comparing base (75cb315) to head (4960065).
Report is 15 commits behind head on develop.

Files with missing lines Patch % Lines
...atrix/impl/auth/RustMatrixAuthenticationService.kt 0.00% 5 Missing ⚠️
...oid/features/login/impl/error/ChangeServerError.kt 66.66% 0 Missing and 2 partials ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #4623      +/-   ##
===========================================
- Coverage    80.01%   80.00%   -0.01%     
===========================================
  Files         2103     2104       +1     
  Lines        55758    55774      +16     
  Branches      6941     6948       +7     
===========================================
+ Hits         44612    44621       +9     
- Misses        8752     8757       +5     
- Partials      2394     2396       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ElementBot
Copy link
Collaborator

Warnings
⚠️

app/src/main/AndroidManifest.xml#L89 - This intent filter has the format of an Android App Link but is missing the autoVerify attribute; add android:autoVerify="true" to ensure your domain will be validated and enable App Link-related Lint warnings. If you do not want clicked URLs to bring the user to your app, remove the android.intent.category.BROWSABLE category, or set android:autoVerify="false" to make it clear this is not intended to be an Android App Link.

Generated by 🚫 dangerJS against 4960065

bmarty
bmarty commented Apr 23, 2025
View reviewed changes
libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/OidcConfig.kt
// Some homeservers/auth issuers don't support dynamic client registration, and have to be registered manually
val STATIC_REGISTRATIONS = mapOf(
"https://id.thirdroom.io/realms/thirdroom" to "elementx",
)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pixlwave this map is not "externally" configurable, do you know if we should do something about it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine for now. IIRC we added the static registrations specifically for compatibility with Third Room, but given basically everyone will be using MAS, dynamic registration will be supported.

jmartinesp
jmartinesp approved these changes Apr 23, 2025
View reviewed changes
Copy link
Member

@jmartinesp jmartinesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

...mpl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/AuthenticationException.kt
Comment on lines +28 to +34
is OidcException -> when (this) {
is OidcException.Generic -> AuthenticationException.Oidc(message)
is OidcException.CallbackUrlInvalid -> AuthenticationException.Oidc(message)
is OidcException.Cancelled -> AuthenticationException.Oidc(message)
is OidcException.MetadataInvalid -> AuthenticationException.Oidc(message)
is OidcException.NotSupported -> AuthenticationException.Oidc(message)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we're mapping them to the same type, are we sure the messages are clear enough to track the root cause of the issue?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, for what I have seen, it seems to be clear enough. We may want to improve the mapping if it's not the case.

Previously the homeserver reachability was designed as the cause of the failure, so I guess this is already much better.

@bmarty bmarty merged commit b068597 into develop Apr 23, 2025
30 of 31 checks passed
@bmarty bmarty deleted the feature/bma/oidcConfiguration branch April 23, 2025 09:58
@wrenix
Copy link

wrenix commented Apr 25, 2025

I am not possible to login to my matrix-authentification-service.
"missing contact" are shown (and that is here null now).

See element-hq/matrix-authentication-service#4322

@pixlwave
Copy link
Member

pixlwave commented Apr 25, 2025
edited
Loading

@wrenix It sounds like your MAS is out of date as this requirement was removed in September. Updating your server should fix this issue.

@pixlwave pixlwave mentioned this pull request Apr 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pixlwave pixlwave pixlwave left review comments

@jmartinesp jmartinesp jmartinesp approved these changes

Assignees
No one assigned
Labels
PR-Build For changes related to build, tools, CI/CD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bmarty @ElementBot @wrenix @pixlwave @jmartinesp