-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO Login #1
Comments
What do you mean, how would you imagine such scenario? How would it work if implemented? |
Not sure how it should work, but ideally the application would need a cookie provided to it so that works. Anyway, for now, I managed to bypass this by login through the web and provide the matrix token directly to the client, creating the credentials.json file based on the source code hints. Let me try to help and order a few ideas:
For SSO
|
Do you have SSO enabled and registrations enabled, too? Because even if registrations are disabled, you can add a new user through the homeserver's CLI, and so you could create a technical user just for the bridge. What I'd think of is a way to be able to login with the technical user with password auth and only expose SSO registration/login to real users (maybe there is an Element config to only show the SSO login fields but no user/pass fields). Implementing such login feature in the bridge and creating an SSO technical user on your end seems to be a bigger effort and it would create a never-ever used user in the auth provider system (e.g. an unnecessary and never-used account in Nextcloud, LDAP, Gitlab, etc). Plus my Matrix server doesn't have SSO, so I might not even be able to test it 😀 You might be able to hack your way in to the bridge auth through the credentials.json, indeed. It would need some grokking of the To sum up, you either find a workaround for pass auth or find a way to implement SSO login with nio. Just after a quick look at the nio repo (https://github.com/poljar/matrix-nio), I couldn't find an SSO/OAuth example, so it seems to be an uncharted territory for me, you would first need to understand how the lib works. This is much larger effort and time that I can spend right now but should you find any answer, I'm happy to merge a PR for this use case. |
Thanks for taking the time to look into it. For now, the hacked credentials.json is working fine, I think adding the format of the file to the README.md would be enough, as that is all that I required to get it working. |
I'm on mobile right now but luckily, I've added some comments here before: https://github.com/immanuelfodor/matrix-encrypted-webhooks/blob/main/src/E2EEClient.py#L33 The url and user are trivial to get, but device ID and access token could be grabbed from an Element session, I think, at least it's worth a try. You should log into Element with SSO in a private browser window, copy these, then close the window without logging out, so the destroyed window's session will be the bridge's session. You shouldn't use your regular session as it might cause problems if two devices use the same login. Update: Here is a guide how to obtain it properly: https://t2bot.io/docs/access_tokens/
|
Any way to work with SSO logins or leverage a token from a different session?
The text was updated successfully, but these errors were encountered: