Skip to content

Commit

Permalink
Update playground URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
@sandhose
sandhose committed May 28, 2024
1 parent 0b29c67 commit 3aa8f98
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 14 deletions.
14 changes: 7 additions & 7 deletions client-implementation-guide/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ a.k.a. How to make your Matrix client OIDC-native
If you only want to make the client [OIDC-aware as per MSC3824](https://github.com/matrix-org/matrix-spec-proposals/pull/3824) then see the [client requirements section](https://github.com/matrix-org/matrix-spec-proposals/blob/hughns/sso-redirect-action/proposals/3824-oidc-aware-clients.md#definition-of-oidc-aware) of the MSC.

When implementing an OIDC-native client you can test against the [OIDC Playground](https://github.com/vector-im/oidc-playground) where a number of Homeservers are available in different configurations.
When implementing an OIDC-native client you can test against the [OIDC Playground](https://github.com/element-hq/oidc-playground) where a number of Homeservers are available in different configurations.

# Useful terminology

Expand All @@ -27,16 +27,16 @@ There are two steps to get started:

To determine whether a Homeserver is using auth delegated via OIDC you make use of [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) and check the `/.well-known/matrix/client`. The presence of org.matrix.msc2965.authentication indicates that homeserver is using OIDC.

e.g. from [https://synapse-oidc.lab.element.dev/.well-known/matrix/client](https://synapse-oidc.lab.element.dev/.well-known/matrix/client)
e.g. from [https://synapse-oidc.element.dev/.well-known/matrix/client](https://synapse-oidc.element.dev/.well-known/matrix/client)

```
{
  "m.homeserver": {
    "base_url": "https://synapse-oidc.lab.element.dev/"
    "base_url": "https://synapse-oidc.element.dev/"
},
  "org.matrix.msc2965.authentication": {
    "issuer": "https://auth-oidc.lab.element.dev/",
    "account": "https://auth-oidc.lab.element.dev/account"
    "issuer": "https://auth-oidc.element.dev/",
    "account": "https://auth-oidc.element.dev/account"
  }
}
```
Expand All @@ -54,7 +54,7 @@ The client registration is currently implemented on a per-device basis. The clie
> This is due to the open nature of the Matrix eco-system where by default any client can be used to connect to any HS.
> In the legacy (non-OIDC) architecture it is implicit that any client can connect to any HS, whereas in OIDC architecture it becomes explicit: each client either needs to be pre-registered with a HS/OP or the HS/OP allows clients to dynamically register.
You can test dynamic client registration against the `synapse-oidc.lab.element.dev` homeserver in the [OIDC Playground](https://github.com/vector-im/oidc-playground).
You can test dynamic client registration against the `synapse-oidc.element.dev` homeserver in the [OIDC Playground](https://github.com/element-hq/oidc-playground).

**Recommended flows**

Expand Down Expand Up @@ -199,4 +199,4 @@ More can be found at [https://openid.net/developers/certified/](https://openid.n
# Implementation examples

- Hydrogen - [https://github.com/sandhose/hydrogen-web/blob/sandhose/oidc-login/src/matrix/net/OidcApi.ts](https://github.com/sandhose/hydrogen-web/blob/sandhose/oidc-login/src/matrix/net/OidcApi.ts)
- files-sdk-demo - [https://github.com/vector-im/files-sdk-demo/blob/oidc/src/ClientManager.ts](https://github.com/vector-im/files-sdk-demo/blob/oidc/src/ClientManager.ts)
- files-sdk-demo - [https://github.com/element-hq/files-sdk-demo/blob/oidc/src/ClientManager.ts](https://github.com/vector-im/files-sdk-demo/blob/oidc/src/ClientManager.ts)
14 changes: 7 additions & 7 deletions index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ image: https://areweoidcyet.com/assets/images/logo.png

This site is being used to track the progress of [Matrix](https://matrix.org) migrating to [OpenID Connect](https://openid.net/connect/) (OIDC) for authentication. You can join the discussion at [#matrix-auth:matrix.org](https://matrix.to/#/#matrix-auth:matrix.org).

We have also set up the [Matrix OIDC Playground](https://github.com/vector-im/oidc-playground) which contains Homeservers, OpenID Providers and Clients for you to try out.
We have also set up the [Matrix OIDC Playground](https://github.com/element-hq/oidc-playground) which contains Homeservers, OpenID Providers and Clients for you to try out.

There are also some videos below showing some of the use cases in action.

Expand Down Expand Up @@ -57,11 +57,11 @@ Related MSCs:
| Proposal | Status | Implementations |
| ---------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
| [MSC3861: Matrix architecture change to delegate authentication via OIDC](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) | ✅ Draft but ready for review once dependencies are also ready | n/a |
| [MSC2964: Delegation of auth from homeserver to OpenID Provider](https://github.com/matrix-org/matrix-spec-proposals/pull/2964) | 🚧 Draft | 🚧 Partial implementations in the [Playground](https://github.com/vector-im/oidc-playground) |
| [MSC2965: OpenID Provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) | ✅ Feature complete | ✅ Available in the [Playground](https://github.com/vector-im/oidc-playground) |
| [MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2966) | 🚧 Draft | ✅ Available in the [Playground](https://github.com/vector-im/oidc-playground) |
| [MSC2964: Delegation of auth from homeserver to OpenID Provider](https://github.com/matrix-org/matrix-spec-proposals/pull/2964) | 🚧 Draft | 🚧 Partial implementations in the [Playground](https://github.com/element-hq/oidc-playground) |
| [MSC2965: OpenID Provider discovery](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) | ✅ Feature complete | ✅ Available in the [Playground](https://github.com/element-hq/oidc-playground) |
| [MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2966) | 🚧 Draft | ✅ Available in the [Playground](https://github.com/element-hq/oidc-playground) |
| [MSC2967: API scopes](https://github.com/matrix-org/matrix-spec-proposals/pull/2967) | 🚧 Not yet feature complete | 🚧 Partially implemented |
| [MSC3824: OIDC-aware clients](https://github.com/matrix-org/matrix-spec-proposals/pull/3824) | ✅ Feature complete | ✅ Available in the [Playground](https://github.com/vector-im/oidc-playground#clientsapplications-to-try) |
| [MSC3824: OIDC-aware clients](https://github.com/matrix-org/matrix-spec-proposals/pull/3824) | ✅ Feature complete | ✅ Available in the [Playground](https://github.com/element-hq/oidc-playground#clientsapplications-to-try) |

Outstanding key decision points:

Expand Down Expand Up @@ -107,7 +107,7 @@ The compatibility of Homeservers and OpenID Providers combinations are as follow

[Client implementation guide](./client-implementation-guide)

| Requirement | | Relevant spec(s) | [Hydrogen fork](https://github.com/sandhose/hydrogen-web/tree/sandhose/oidc-login) | [Files SDK Demo](https://github.com/vector-im/files-sdk-demo/tree/oidc) | Element Web | Element iOS/Android | [Element X iOS](https://github.com/vector-im/element-x-ios) | [Element X Android](https://github.com/vector-im/element-x-android) | [Third Room](https://github.com/matrix-org/thirdroom) |
| Requirement | | Relevant spec(s) | [Hydrogen fork](https://github.com/sandhose/hydrogen-web/tree/sandhose/oidc-login) | [Files SDK Demo](https://github.com/element-hq/files-sdk-demo/tree/oidc) | Element Web | Element iOS/Android | [Element X iOS](https://github.com/element-hq/element-x-ios) | [Element X Android](https://github.com/element-hq/element-x-android) | [Third Room](https://github.com/matrix-org/thirdroom) |
| --------------------------------------------------------------------------------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------- | ----------------------------------------------------------------------- | ----------- | ------------------- | ----------------------------------------------------------- | ------------------------------------------------------------------- | ----------------------------------------------------- |
| Discovery of OP in `/.well-known/matrix/client` | REQUIRED | [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) |||| 🚫 ||||
| Discovery of OP web UI in `/.well-known/matrix/client` and outbound linking to it | RECOMMENDED | [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965) |||| 🚫 ||||
Expand Down Expand Up @@ -207,7 +207,7 @@ The plan is to build these out a bit further to explore some more of the handove

The [RFC8628](https://datatracker.ietf.org/doc/html/rfc8628) OIDC device authorization grant (aka "device flow") can be used to allow login on a device using a second device.

An implementation of this is available to try in the [OIDC Playground](https://github.com/vector-im/oidc-playground).
An implementation of this is available to try in the [OIDC Playground](https://github.com/element-hq/oidc-playground).

It can work a bit like this:

Expand Down

0 comments on commit 3aa8f98

Please sign in to comment.