gary-kim
iframe prevents OAuth login
I have tried to use your app but I have installed Matrix Synapse to use Nextcloud as an OpenID Connect / Oauth provider, which requires an OAuth handshake on login. This handshake must not be preformed in an iframe and therefor failes with your app. Is there a possibility to not run Element in an iframe?
Here is a detailed description of my setup: https://falko.berlin/post/2021-02-03.0#integrating-matrix-with-nextcloud
You can access the non-iframed version by going to https://example.org/apps/riotchat/riot/ but I'd like to set up a way to detect whether the user is attempting a openid login and automatically redirect to the non-iframed version in that case.
I thought the SSO detection with openid as well but I suppose it doesn't so going to have to figure that out. Always open to PRs.
Should we just make a button in the top menu bar for opening outside of an iframe until we can figure out how to handle openid logins better?
This might be overkill and may not be the direction you want to go, but instead of using iframes, why not actually embed the entire Element framework into the NC plugin? I did a quick look, and Element seems to just be a bunch of JS, so you wouldn't have any issues of missing server-side libraries. Yes, it would be bulky, but it would also be a lot more flexible. I thought about trying this, myself, but I thought I'd send a message here to see what you thought.
I do have a experimental branch with that idea where rather than iframing it, the React app is just initialized on a div. It could be made more usable with some extra effort but I didn't end up finishing it. So it is a possibility and I would happily accept a PR with it.
I'll give that a peek. I think that may be a better route. iframes are just . . . such a mess.