* Store id_token rather than just id_token_claims
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Pass id_token via `id_token_hint` on `Manage Account` interaction
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Mock subtle crypto in OIDC test
To unblock upgrade to oidc-client-ts
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update dependency oidc-client-ts to v3
* delint
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Ensure oidc-client-ts 3.0.1 to drop crypto-js
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Reuse exported common type
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve client metadata used for OIDC dynamic registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix Native OIDC for Element Desktop by including ssoid in the url_state of the /auth call
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Reuse exported common type
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve client metadata used for OIDC dynamic registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix typo
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix test
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Mock PlatformPeg
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Mock platform
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add comment
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve comment
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update src/BasePlatform.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* add delegatedauthentication to validated server config
* dynamic client registration functions
* test OP registration functions
* add stubbed nativeOidc flow setup in Login
* cover more error cases in Login
* tidy
* test dynamic client registration in Login
* comment oidc_static_clients
* register oidc inside Login.getFlows
* strict fixes
* remove unused code
* and imports
* comments
* comments 2
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* OidcRegistrationClientMetadata type
* navigate to oidc authorize url
* exchange code for token
* navigate to oidc authorize url
* navigate to oidc authorize url
* test
* adjust for js-sdk code
* login with oidc native flow: messy version
* tidy
* update test for response_mode query
* tidy up some TODOs
* use new types
* add identityServerUrl to stored params
* unit test completeOidcLogin
* test tokenlogin
* strict
* whitespace
* tidy
* unit test oidc login flow in MatrixChat
* strict
* tidy
* extract success/failure handlers from token login function
* typo
* use for no homeserver error dialog too
* reuse post-token login functions, test
* shuffle testing utils around
* shuffle testing utils around
* i18n
* tidy
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* tidy
* comment
* update tests for id token validation
* move try again responsibility
* prettier
* add friendly error messages for oidc authorization failures
* i18n
* update for new translations, tidy
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* utils to persist clientId and issuer after oidc authentication
* add dep oidc-client-ts
* persist issuer and clientId after successful oidc auth
* add OidcClientStore
* comments and tidy
* expose getters for stored refresh and access tokens in Lifecycle
* revoke tokens with oidc provider
* test logout action in MatrixChat
* comments
* prettier
* test OidcClientStore.revokeTokens
* put pickle key destruction back
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* OidcClientStore.initClient use stored issuer when client well known unavailable
* test Lifecycle.logout
* update Lifecycle test replaceUsingCreds calls
* fix test
* add sdkContext to UserSettingsDialog
* use sdkContext and oidcClientStore in session manager
* use sdkContext and OidcClientStore in generalusersettingstab
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
* fix test mock, comment
* typo
* add sdkContext to SoftLogout, pass oidcClientStore to logout
* fullstops
* comments
* fussy comment formatting
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* comments
* prettier
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* update Lifecycle test replaceUsingCreds calls
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* comments
* prettier
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* comments
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* util for account url
* test cases
* disable multi session selection on device list
* remove sign out all from context menus when oidc-aware
* comment
* remove unused param
* typo
* utils to persist clientId and issuer after oidc authentication
* add dep oidc-client-ts
* persist issuer and clientId after successful oidc auth
* add OidcClientStore
* comments and tidy
* format
* add delegatedauthentication to validated server config
* dynamic client registration functions
* test OP registration functions
* add stubbed nativeOidc flow setup in Login
* cover more error cases in Login
* tidy
* test dynamic client registration in Login
* comment oidc_static_clients
* register oidc inside Login.getFlows
* strict fixes
* remove unused code
* and imports
* comments
* comments 2
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* OidcRegistrationClientMetadata type
* navigate to oidc authorize url
* exchange code for token
* navigate to oidc authorize url
* navigate to oidc authorize url
* test
* adjust for js-sdk code
* login with oidc native flow: messy version
* tidy
* update test for response_mode query
* tidy up some TODOs
* use new types
* add identityServerUrl to stored params
* unit test completeOidcLogin
* test tokenlogin
* strict
* whitespace
* tidy
* unit test oidc login flow in MatrixChat
* strict
* tidy
* extract success/failure handlers from token login function
* typo
* use for no homeserver error dialog too
* reuse post-token login functions, test
* shuffle testing utils around
* shuffle testing utils around
* i18n
* tidy
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* tidy
* comment
* update tests for id token validation
* move try again responsibility
* prettier
* use more future proof config for static clients
* test util for oidcclientconfigs
* rename type and lint
* correct oidc test util
* store issuer and clientId pre auth navigation
* adjust for js-sdk changes
* update for js-sdk userstate, tidy
* update MatrixChat tests
* update tests
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test util for oidcclientconfigs
* rename type and lint
* correct oidc test util
* store issuer and clientId pre auth navigation
* update for js-sdk userstate, tidy
* add delegatedauthentication to validated server config
* dynamic client registration functions
* test OP registration functions
* add stubbed nativeOidc flow setup in Login
* cover more error cases in Login
* tidy
* test dynamic client registration in Login
* comment oidc_static_clients
* register oidc inside Login.getFlows
* strict fixes
* remove unused code
* and imports
* comments
* comments 2
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* OidcRegistrationClientMetadata type
* navigate to oidc authorize url
* navigate to oidc authorize url
* test
* adjust for js-sdk code
* update test for response_mode query
* use new types
* strict
* tidy
* add delegatedauthentication to validated server config
* dynamic client registration functions
* test OP registration functions
* add stubbed nativeOidc flow setup in Login
* cover more error cases in Login
* tidy
* test dynamic client registration in Login
* comment oidc_static_clients
* register oidc inside Login.getFlows
* strict fixes
* remove unused code
* and imports
* comments
* comments 2
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* OidcRegistrationClientMetadata type
* use registerClient from js-sdk
* use OidcError from js-sdk
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* add trailing slash
* comment error enum
* spacing
* PR tidying
* more comments
* add ValidatedDelegatedAuthConfig type
* Update src/Login.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/Login.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/utils/ValidatedServerConfig.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* rename oidc_static_clients to oidc_static_client_ids
* comment
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>