Skip to content

refactor(oidc): Only support public clients#4634

Merged
bnjbvr merged 7 commits intomatrix-org:mainfrom
zecakeh:oidc-only-none
Feb 13, 2025
Merged

refactor(oidc): Only support public clients#4634
bnjbvr merged 7 commits intomatrix-org:mainfrom
zecakeh:oidc-only-none

Conversation

@zecakeh
Copy link
Copy Markdown
Collaborator

@zecakeh zecakeh commented Feb 6, 2025

This should be the most common case, and is already the only case supported by the higher level APIs like url_for_oidc and login_with_qr_code. It simplifies the API because we can call restore_registered_client directly from register_client, which was a TODO.

  • Public API changes documented in changelogs (optional)

@zecakeh
refactor(oidc): Only allow to register public clients
3f7cb0f 
Public clients are clients with only a client ID, and no secret or other authentication method.

It should be the most common case and allows to simplify several APIs.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
refactor(oidc): Use ClientId instead of ClientCredentials
2150f7e 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
refactor(oidc): Call restore_registered_client from register_client
3580609 
This simplifies the registration flow, and matches what higher level
methods are doing.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
test(oidc): Add test for register_client
48acd4f 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh zecakeh requested a review from a team as a code owner February 6, 2025 12:06
@zecakeh zecakeh requested review from jmartinesp and removed request for a team February 6, 2025 12:06
@zecakeh
chore: Add changelog for matrix-org#4634
ca5552a 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@codecov
Copy link
Copy Markdown

codecov Bot commented Feb 6, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 83.33333% with 4 lines in your changes missing coverage. Please review.

Project coverage is 85.70%. Comparing base (2999d10) to head (3b775e8).
Report is 26 commits behind head on main.

Files with missing lines Patch % Lines
crates/matrix-sdk/src/authentication/oidc/mod.rs 86.36% 3 Missing ⚠️
...x-sdk/src/authentication/oidc/auth_code_builder.rs 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4634   +/-   ##
=======================================
  Coverage   85.70%   85.70%           
=======================================
  Files         292      292           
  Lines       33590    33586    -4     
=======================================
- Hits        28788    28786    -2     
+ Misses       4802     4800    -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jmartinesp
jmartinesp reviewed Feb 7, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jmartinesp jmartinesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes LGTM in general, but I'd rather have someone else with more experience in this part of the SDK review it too. I'm not sure I fully understand what this change would mean for the clients.

@matrix-org/rust ?

Comment thread bindings/matrix-sdk-ffi/src/client.rs Outdated
.client_id()
.to_owned();
let client_id =
api.client_id().context("OIDC client credentials are missing.")?.0.clone();
Copy link
Copy Markdown
Contributor

@jmartinesp jmartinesp Feb 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This message is probably not accurate now.

Copy link
Copy Markdown
Collaborator Author

@zecakeh zecakeh Feb 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@Hywan
Copy link
Copy Markdown
Member

Hywan commented Feb 11, 2025

cc @pixlwave do you have a feedback about this change?

@Hywan Hywan requested a review from poljar February 11, 2025 09:46
@manuroe manuroe requested review from poljar and removed request for poljar February 11, 2025 09:46
@pixlwave
Copy link
Copy Markdown
Member

pixlwave commented Feb 11, 2025

Looks reasonable to me. We've only ever extracted the client ID out of the credentials/created credentials from a client ID anyway so this shouldn't have any effect to us.

@zecakeh
fix(ffi): Fix error message for OIDC client ID
53fa5b3 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
poljar
poljar approved these changes Feb 11, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@poljar poljar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, makes sense.

Could you please resolve the conflict?

@zecakeh
Merge branch 'main' into oidc-only-none
3b775e8 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Copy link
Copy Markdown
Collaborator Author

zecakeh commented Feb 11, 2025

Done

@poljar poljar enabled auto-merge (rebase) February 11, 2025 15:20
auto-merge was automatically disabled February 11, 2025 15:30

Rebase failed

@bnjbvr bnjbvr merged commit 31e78c2 into matrix-org:main Feb 13, 2025
@zecakeh zecakeh deleted the oidc-only-none branch February 13, 2025 21:29
yostyle pushed a commit to tchapgouv/matrix-rust-sdk that referenced this pull request Apr 4, 2025
@zecakeh
refactor(oidc): Only support public clients (matrix-org#4634)
7363f85 
This should be the most common case, and is already the only case
supported by the higher level APIs like `url_for_oidc` and
`login_with_qr_code`. It simplifies the API because we can call
`restore_registered_client` directly from `register_client`, which was a
TODO.

- [x] Public API changes documented in changelogs (optional)

---------

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmartinesp jmartinesp jmartinesp left review comments

@poljar poljar poljar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@zecakeh @Hywan @pixlwave @jmartinesp @poljar @bnjbvr