robrix icon indicating copy to clipboard operation
robrix copied to clipboard
verified publisher icon project-robius

Login through external OIDC

Open thegcat opened this issue 10 months ago • 7 comments

There is currently no way to login to accounts that use an external OIDC authentication (currently set up through MAS).

I just tried my luck and clicked the AppleID button while having my homeserver (matrix.fachschaften.org) set up in the appropriate field and was taken through the OIDC flow with our OIDC provider and then MAS on fachschaften.org and then back to Robrix, this seems to result in an unexpected config though as the app crashed after it had received the OIDC/MAS callback and now crashes on start.

(I realize this might not be high on your list, this is just to document the issue, not to complain that it's not working)

thegcat avatar Feb 10 '25 19:02 thegcat

Thanks for reporting for the issue. I will look into it.

alanpoon avatar Feb 12 '25 10:02 alanpoon

You can delete the app_data_dir as per written in the log and try again. src/app.rs:184:9 - App::handle_startup(): app_data_dir: "/Users/alanpoon/Library/Application Support/org.robius.robrix"

Could you kindly provide the crash log?

alanpoon avatar Feb 13 '25 11:02 alanpoon

I can't find that line in the Console.app logs, where would I find the Robrix specific logs? I use the pre-compiled macOS version downloaded from Github.

EDIT: I know where the folder is and could remove it, without knowing where the logs you'd be interested in after that are that would be pointless though 😀

thegcat avatar Feb 13 '25 11:02 thegcat

I can't find that line in the Console.app logs, where would I find the Robrix specific logs? I use the pre-compiled macOS version downloaded from Github.

EDIT: I know where the folder is and could remove it, without knowing where the logs you'd be interested in after that are that would be pointless though 😀

https://github.com/project-robius/robrix/issues/345 There is no logs for distribution packages.

alanpoon avatar Feb 13 '25 14:02 alanpoon

Thanks for the report! I don't think we've tried MAS yet, though I'm not 100% sure since I mostly just test with the main matrix.org homeserver (which I thought had support for MAS?). Maybe it's an SDK issue; we're a few months behind the latest main branch of matrix-rust-sdk, but will update soon.

You can certainly delete the app data directory and try again, but that doesn't address the core issue. We'll try to test with a MAS provider and see if we can repro this problem.

kevinaboos avatar Feb 13 '25 22:02 kevinaboos

I am sorry, my description of the issue might have been misleading. MAS still supports m.login.password authentication, and matrix.org supports this, so no problem there.

We (matrix.fachschaften.org if you want to have a look) use MAS with an external OIDC authentication. From what I understand this is per MSC3824 {"type":"m.login.sso","org.matrix.msc3824.delegated_oidc_compatibility":true}.

thegcat avatar Feb 14 '25 13:02 thegcat

I'd like to understand more about this use case, since i don't have a way to test it.

Currently we're just relying on what the matrix-rust-sdk offers for login/auth. Is this a different form of auth that isn't provided by the SDK? Or is this something that requires us to configure how we use the SDK differently?

Basically, I need more info to determine what we're doing wrong or what we need to change in our use of the SDK.

kevinaboos avatar Feb 25 '25 20:02 kevinaboos

This should now be working via Matrix's new native auth protocol, which is supported by the SDK and Robrix.

kevinaboos avatar Jun 28 '25 00:06 kevinaboos