Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OIDC: validate id token #3531

Merged
merged 5 commits into from
Jul 3, 2023
Merged

Conversation

kerryarchibald
Copy link
Contributor

@kerryarchibald kerryarchibald commented Jun 29, 2023

For element-hq/element-web#25657

3.1.1. Authorization Code Flow Steps

  1. Client prepares an Authentication Request containing the desired request parameters.
  2. Client sends the request to the Authorization Server.
  3. Authorization Server Authenticates the End-User.
  4. Authorization Server obtains End-User Consent/Authorization.
  5. Authorization Server sends the End-User back to the Client with an Authorization Code.
  6. Client requests a response using the Authorization Code at the Token Endpoint.
  7. Client receives a response that contains an ID Token and Access Token in the response body.
  8. Client validates the ID token and retrieves the End-User's Subject Identifier.

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)

Here's what your changelog entry will look like:

✨ Features

@github-actions github-actions bot requested a deployment to PR Documentation Preview June 29, 2023 04:34 In progress
@kerryarchibald kerryarchibald marked this pull request as ready for review July 3, 2023 03:33
@kerryarchibald kerryarchibald requested review from a team as code owners July 3, 2023 03:33
@kerryarchibald kerryarchibald added this pull request to the merge queue Jul 3, 2023
Merged via the queue into develop with commit 09de76b Jul 3, 2023
@kerryarchibald kerryarchibald deleted the kerry/25574/validate-id-token branch July 3, 2023 21:24
su-ex added a commit to SchildiChat/matrix-js-sdk that referenced this pull request Feb 24, 2024
* Drop support for Node 16 ([\matrix-org#3533](matrix-org#3533)).
* Improve types around login, registration, UIA and identity servers ([\matrix-org#3537](matrix-org#3537)).
* **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (matrix-org#3189)**
* Simplify `MatrixClient::setPowerLevel` API ([\matrix-org#3570](matrix-org#3570)). Fixes element-hq/element-web#13900 and matrix-org#1844.
* Deprecate `VerificationRequest.getQRCodeBytes` and replace it with the asynchronous `generateQRCode`. ([\matrix-org#3562](matrix-org#3562)).
* Deprecate `VerificationRequest.beginKeyVerification()` in favour of `VerificationRequest.startVerification()`. ([\matrix-org#3528](matrix-org#3528)).
* Deprecate `Crypto.VerificationRequest` application event, replacing it with `Crypto.VerificationRequestReceived`. ([\matrix-org#3514](matrix-org#3514)).
* Throw saner error when peeking has its room pulled out from under it ([\matrix-org#3577](matrix-org#3577)). Fixes element-hq/element-web#18679.
* OIDC: Log in ([\matrix-org#3554](matrix-org#3554)). Contributed by @kerryarchibald.
* Prevent threads code from making identical simultaneous API hits ([\matrix-org#3541](matrix-org#3541)). Fixes element-hq/element-web#25395.
* Update IUnsigned type to be extensible ([\matrix-org#3547](matrix-org#3547)).
* add stop() api to BackupManager for clean shutdown ([\matrix-org#3553](matrix-org#3553)).
* Log the message ID of any undecryptable to-device messages ([\matrix-org#3543](matrix-org#3543)).
* Ignore thread relations on state events for consistency with edits ([\matrix-org#3540](matrix-org#3540)).
* OIDC: validate id token ([\matrix-org#3531](matrix-org#3531)). Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\matrix-org#3600](matrix-org#3600)).
* Fix `TypedEventEmitter::removeAllListeners(void)` not working ([\matrix-org#3561](matrix-org#3561)).
* Don't allow Olm unwedging rate-limiting to race ([\matrix-org#3549](matrix-org#3549)). Fixes element-hq/element-web#25716.
* Fix an instance of failed to decrypt error when an in flight `/keys/query` fails. ([\matrix-org#3486](matrix-org#3486)).
* Use the right anchor emoji for SAS verification ([\matrix-org#3534](matrix-org#3534)).
* fix a bug which caused the wrong emoji to be shown during SAS device verification. ([\matrix-org#3523](matrix-org#3523)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants