tommie

That's great news. Thanks!

@gedw99 No, sorry, I've only tested this with Complement.

Thanks for testing! > Hmm, after trying to test this with Authentik (goauthentik.io), it seems to expect iss claim to be supported but I'm not sure why is that required?...

I had a look through the code, and I don't think `iss` from user info or ID token is actually used anywhere, so this check should just be removed since...

> > I had a look through the code, and I don't think `iss` from user info or ID token is actually used anywhere, so this check should just be...

Certainly a good point about the config, and I'll leave it to the Matrix team to decide on this. The reason it's split is that OIDC is built on top...

> I have tested this some more, Much appreciated. > Hydrogen results in this url: `https://hs/_matrix/client/r0/login/sso/redirect?redirectUrl=https://hydrogen.element.io` and Flyffy uses `https://hs/_matrix/client/r0/login/sso/redirect?redirectUrl=im.fluffychat://login` I think this is because `path` is empty, failing this...

Looks like Hydrogen implemented SSO a year ago: https://github.com/vector-im/hydrogen-web/pull/453 error: unknown identity provider: Probably from https://github.com/matrix-org/dendrite/pull/2492/files#diff-f090ff919cb4374ac16416becee1fb972e3252d341ab28d35a0a18a316f08084R70 Looks like `providerID` is empty when it gets there. I think this is because...

Since @neilalexander has picked this up now, I wasn't planning on making further changes unless asked to.

I'm fairly sure what you see means that SSO created an account. Deleting the login token is the last thing to happen, and only happens on success. I don't what's...