Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(oidc): Only support public clients #4634

Merged
merged 7 commits into from
Feb 13, 2025
Merged

refactor(oidc): Only support public clients #4634

merged 7 commits into from
Feb 13, 2025

Conversation

zecakeh
Copy link
Collaborator

@zecakeh zecakeh commented Feb 6, 2025

This should be the most common case, and is already the only case supported by the higher level APIs like url_for_oidc and login_with_qr_code. It simplifies the API because we can call restore_registered_client directly from register_client, which was a TODO.

  • Public API changes documented in changelogs (optional)

@zecakeh
refactor(oidc): Only allow to register public clients
3f7cb0f 
Public clients are clients with only a client ID, and no secret or other authentication method.

It should be the most common case and allows to simplify several APIs.

Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
refactor(oidc): Use ClientId instead of ClientCredentials
2150f7e 
Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
refactor(oidc): Call restore_registered_client from register_client
3580609 
This simplifies the registration flow, and matches what higher level
methods are doing.

Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh
test(oidc): Add test for register_client
48acd4f 
Signed-off-by: Kévin Commaille <[email protected]>
@zecakeh zecakeh requested a review from a team as a code owner February 6, 2025 12:06
@zecakeh zecakeh requested review from jmartinesp and removed request for a team February 6, 2025 12:06
@codecov Codecov
Copy link

codecov bot commented Feb 6, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 83.33333% with 4 lines in your changes missing coverage. Please review.

Project coverage is 85.70%. Comparing base (2999d10) to head (3b775e8).
Report is 26 commits behind head on main.

Files with missing lines Patch % Lines
crates/matrix-sdk/src/authentication/oidc/mod.rs 86.36% 3 Missing ⚠️
...x-sdk/src/authentication/oidc/auth_code_builder.rs 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4634   +/-   ##
=======================================
  Coverage   85.70%   85.70%           
=======================================
  Files         292      292           
  Lines       33590    33586    -4     
=======================================
- Hits        28788    28786    -2     
+ Misses       4802     4800    -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jmartinesp
jmartinesp reviewed Feb 7, 2025
View reviewed changes
Copy link
Contributor

@jmartinesp jmartinesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes LGTM in general, but I'd rather have someone else with more experience in this part of the SDK review it too. I'm not sure I fully understand what this change would mean for the clients.

@matrix-org/rust ?

bindings/matrix-sdk-ffi/src/client.rs Outdated
.client_id()
.to_owned();
let client_id =
api.client_id().context("OIDC client credentials are missing.")?.0.clone();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This message is probably not accurate now.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@Hywan
Copy link
Member

Hywan commented Feb 11, 2025

cc @pixlwave do you have a feedback about this change?

@Hywan Hywan requested a review from poljar February 11, 2025 09:46
@manuroe manuroe requested review from poljar and removed request for poljar February 11, 2025 09:46
@pixlwave
Copy link
Member

Looks reasonable to me. We've only ever extracted the client ID out of the credentials/created credentials from a client ID anyway so this shouldn't have any effect to us.

poljar
poljar approved these changes Feb 11, 2025
View reviewed changes
Copy link
Contributor

@poljar poljar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, makes sense.

Could you please resolve the conflict?

@zecakeh
Copy link
Collaborator Author

zecakeh commented Feb 11, 2025

Done

@poljar poljar enabled auto-merge (rebase) February 11, 2025 15:20
auto-merge was automatically disabled February 11, 2025 15:30

Rebase failed

@bnjbvr bnjbvr merged commit 31e78c2 into matrix-org:main Feb 13, 2025
41 checks passed
@zecakeh zecakeh deleted the oidc-only-none branch February 13, 2025 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmartinesp jmartinesp jmartinesp left review comments

@poljar poljar poljar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@zecakeh @Hywan @pixlwave @jmartinesp @poljar @bnjbvr