MSC2965: OIDC Provider discovery

[sandhose]

Rendered

Status:

• [x] Spec is feature complete
• [x] Reviewed for consistency with MSC3861
• [x] Implementations believed to be complete enough

Dependencies:

• https://github.com/matrix-org/matrix-spec-proposals/pull/3861

Implementations:

Homeservers

• [x] Synapse implementation: https://github.com/sandhose/synapse/tree/quenting/oauth-delegation
  • Exposes .well-known/matrix/client https://synapse-oidc.lab.element.dev/.well-known/matrix/client
  • Consumes .well-known/openid-configuration from delegated OIDC issuers

OIDC Providers exposing .well-known/openid-configuration

• Matrix Authentication Service in OIDC Playground: https://auth-oidc.lab.element.dev/.well-known/openid-configuration
• Keycloak in OIDC Playground: https://keycloak-oidc.lab.element.dev/realms/master/.well-known/openid-configuration

Clients using .well-known/matrix/client

In OIDC-aware mode:

• [x] Element Web using m.authentication.account via matrix-react-sdk: https://github.com/matrix-org/matrix-react-sdk/pull/8681

In OIDC-native mode:

• [x] hydrogen
• [x] files-sdk-demo

Clients using .well-known/openid-configuration

• [x] hydrogen
• [x] files-sdk-demo

[erlend-sh]

Keycloak in OIDC Playground

Are any other examples planned?

I’m using Ory for several apps that I’d like to also connect together with Matrix. It also strikes me as a conveniently lightweight example for Matrix, which also aligns well with Dendrite since it’s in Go.

[hughns]

@erlend-sh Good suggestion, thank you - I've added https://github.com/vector-im/oidc-playground/issues/3 to track this.