Forward the login_hint upstream.
#4512
Conversation
| /// | ||
| /// Defaults to `false`. | ||
| #[serde(default)] | ||
| pub forward_login_hint: bool, |
There was a problem hiding this comment.
I imagine this should be a template to allow people to configure what exactly gets forwarded based on their upstream provider's requirements
There was a problem hiding this comment.
I think later on we'd want a behaviour which looks up the user based on a mxid: login hint, and forwards to the upstream provider with either a id_token_hint (the last id_token we've seen for this user) or a templated login_hint. This obviously has some privacy implications, which is why we want to be careful with this
But for now, this simple feature of just forwarding the login_hint as-is could already be valuable for some deployments
| .nova | ||
|
|
||
| # OS garbage | ||
| .DS_Store |
There was a problem hiding this comment.
I have those in my global git-config, that's why I never bothered :)
There was a problem hiding this comment.
Whaaat, there's a global gitignore?! Why did nobody ever tell me this before?!! 😂😂
Would you like me to revert this or is it useful for anyone who doesn't have (or know about) global ignores?
There was a problem hiding this comment.
I'm fine with keeping it though :)
| @@ -0,0 +1,8 @@ | |||
| -- Copyright 2024 New Vector Ltd. | |||
There was a problem hiding this comment.
| -- Copyright 2024 New Vector Ltd. | |
| -- Copyright 2025 New Vector Ltd. |
Note that your local deployment may complain if you change a migration file after applying it, so you may have to reset your local DB
There was a problem hiding this comment.
Oh good catch, fixed in 2d4f24e, sqlx seemed happy as it didn't regenerate anything new.
Totally unrelated and I forgot to mention it earlier, there's some migrations in here still with the old Apache headers, not sure if that's intentional or they got missed by the update script.
There was a problem hiding this comment.
No it's just that the migration files are immutable once applied: there is a hash of the file saved in the database to make sure we don't end up in a state where in-progress migration files were applied
There was a problem hiding this comment.
Right, got it. Hence it only potentially having been an issue with my local DB 👍
sqlx migrate/prepare are both still happy.
|
Alright, updated. Feel free to squash merge this BTW, the history is messy 😅 |
| @@ -565,4 +565,11 @@ pub struct Provider { | |||
| /// Orders of the keys are not preserved. | |||
| #[serde(default, skip_serializing_if = "BTreeMap::is_empty")] | |||
| pub additional_authorization_parameters: BTreeMap<String, String>, | |||
|
|
|||
| /// Whether the login_hint should be forwarded to the provider in the | |||
There was a problem hiding this comment.
One thing I just thought of, can you please update the reference documentation here? https://github.com/element-hq/matrix-authentication-service/blob/main/docs/reference/configuration.md#upstream_oauth2providers
sandhose
added
A-Upstream-OAuth
|
You're welcome, thanks for all the help! |
I think this is correct but haven't got a way to test it and I can't see any tests that I could add to to confirm it is doing the right thing (happy to add one if I'm looking in the wrong place).