dendrite icon indicating copy to clipboard operation
dendrite copied to clipboard

Published 20 hours ago verified publisher icon matrix-org

Document configuration of OpenID Connect

Open C0ffeeCode opened this issue 3 years ago • 7 comments
trafficstars

Description: The documentation for configuring OpenID Connect is missing. Dendrite already has support, but it is undocumented, it is only mentioned in the default config and issues and PRs exist.

Also see: #599

C0ffeeCode avatar Feb 10 '22 21:02 C0ffeeCode

I didn't even realize Dendrite had OIDC support until now.

9p4 avatar Feb 10 '22 23:02 9p4

OpenID support is limited to authentication, and is for 3rd parties to know if a person has a matrix account on dendrite. It does not:

  • give access to that users account.
  • give any useful information about that user's account beyond the user ID.

So it is limited in usefulness. Good for bridges and bots if they want to check that a random out-of-bound user has a matrix account but beyond that, nothing helpful. This is why you probably haven't heard much about OpenID support.

kegsay avatar Feb 11 '22 09:02 kegsay

Does this mean it is not possible to log in on Dentride using an OpenID Connect provider?

C0ffeeCode avatar Feb 11 '22 14:02 C0ffeeCode

@C0ffeeCode #1297

gregistech avatar Mar 19 '22 16:03 gregistech

This might be relevant for the folks watching this issue:

It sounds like the Matrix server Rust implementation "Conduit" will get OIDC. Which does not seem to be true for Dendrite.

Hence you might want to watch the other issue too.

alexanderadam avatar Sep 08 '23 13:09 alexanderadam

This might be relevant for the folks watching this issue:

It sounds like the Matrix server Rust implementation "Conduit" will get OIDC. Which does not seem to be true for Dendrite.

Hence you might want to watch the other issue too.

Dendrite wants to support OIDC natively in the future.

rriemann avatar Oct 30 '23 15:10 rriemann

Dendrite wants to support OIDC natively in the future.

Can you clarify which timeframe of future you're referring to? I assume that we're speaking of years here, since the comment from one of the Dendrite members wrote in 2022

This PR is being closed because it isn't a feature we want to maintain going forwards.

And they wrote that only

[w]hen we have more bandwidth as a team, we would be very interested in supporting this natively.

And unfortunately the contribution activity rather went down since 2022. Therefore I saw these things as indicators that this feature is rather not in the foreseeable timeline yet.

Conduit, the Matrix server implementation in Rust, however has an open Merge Request for OpenID Connect where apparently only tidying up and rebasing is needed.

And the reference implementation Synapse has OIDC support anyway. Therefore it looks to me like Dendride is rather the worst bet to go for if OpenID Connect is a feature that is important to you.

But maybe I'm missing something and you have some insights that I don't have? 🤔

alexanderadam avatar Nov 16 '23 23:11 alexanderadam