Skip to content

Add passthrough_authorization_parameters support to OIDC configuration #18232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Apr 10, 2025
Merged

Add passthrough_authorization_parameters support to OIDC configuration #18232

merged 18 commits into from
Apr 10, 2025

Conversation

odelcroi
Copy link
Contributor

@odelcroi odelcroi commented Mar 12, 2025
edited
Loading

Add passthrough_authorization_parameters support to OIDC configuration

This PR adds the passthrough_authorization_parameters option to OIDC configuration, allowing specific query parameters (like login_hint) to be passed from the redirect endpoint to the authorization grant URL.

This enables clients to provide additional context to identity providers during authentication flows.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct
    (run the linters)

@odelcroi odelcroi requested a review from a team as a code owner March 12, 2025 15:26
@odelcroi odelcroi closed this Mar 18, 2025
@odelcroi odelcroi reopened this Mar 18, 2025
@odelcroi odelcroi closed this Mar 21, 2025
@odelcroi odelcroi reopened this Mar 21, 2025
sandhose
sandhose requested changes Apr 1, 2025
View reviewed changes
synapse/handlers/oidc.py Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be an extension of the spec, which should go through the spec change process. Given that it's unlikely that such a spec change would land, I think it would make sense to instead have a generic option to 'passthrough' specific query parameters.

Something like

oidc_providers:
  - idp_id: 
    passthrough_authorization_parameters:
      - login_hint

And then passthrough any query parameter passed to /_matrix/client/v3/login/sso/redirect to the OIDC authorization request

Copy link
Contributor Author

@odelcroi odelcroi Apr 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for your inputs, makes sense, I've made the corresponding changes

@github-actions github-actions bot deployed to PR Documentation Preview April 1, 2025 14:14 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 1, 2025 14:17 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 1, 2025 14:19 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 1, 2025 14:22 Active
@odelcroi odelcroi requested a review from sandhose April 1, 2025 15:19
@github-actions github-actions bot deployed to PR Documentation Preview April 1, 2025 15:25 Active
@odelcroi odelcroi changed the title Add support for the login_hint parameter in OIDC authentication flow Add passthrough_authorization_parameters support to OIDC configuration Apr 2, 2025
@github-actions github-actions bot deployed to PR Documentation Preview April 2, 2025 07:35 Active
@odelcroi odelcroi mentioned this pull request Apr 2, 2025
Closed
3 tasks
@github-actions github-actions bot deployed to PR Documentation Preview April 2, 2025 12:21 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 3, 2025 08:11 Active
@odelcroi odelcroi closed this Apr 8, 2025
@odelcroi odelcroi reopened this Apr 8, 2025
@github-actions github-actions bot deployed to PR Documentation Preview April 8, 2025 12:15 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 9, 2025 08:45 Active
@odelcroi odelcroi closed this Apr 10, 2025
@odelcroi odelcroi reopened this Apr 10, 2025
@github-actions github-actions bot deployed to PR Documentation Preview April 10, 2025 07:20 Active
sandhose
sandhose approved these changes Apr 10, 2025
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty nice and short in the end, thanks for doing this!

sandhose
sandhose reviewed Apr 10, 2025
View reviewed changes
@odelcroi odelcroi requested a review from sandhose April 10, 2025 13:11
@odelcroi
Copy link
Contributor Author

@sandhose thanks 👍

@odelcroi odelcroi closed this Apr 10, 2025
@odelcroi odelcroi reopened this Apr 10, 2025
@sandhose sandhose enabled auto-merge (squash) April 10, 2025 13:13
@github-actions github-actions bot deployed to PR Documentation Preview April 10, 2025 13:13 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 10, 2025 13:13 Active
@sandhose sandhose merged commit dd05cc5 into element-hq:develop Apr 10, 2025
52 of 73 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandhose sandhose sandhose approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@odelcroi @sandhose