Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC4108: Mechanism to allow OIDC sign in and E2EE set up via QR code #4108

Open
wants to merge 32 commits into
base: main
Choose a base branch
from
+1,592 −0
Open

MSC4108: Mechanism to allow OIDC sign in and E2EE set up via QR code #4108

Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
6e42f10
Placeholder
hughns Feb 22, 2024
d90eda1
MSC4108
hughns Feb 22, 2024
f7bbba3
WIP of MSC4108
hughns Apr 3, 2024
177a2db
Auto numbers don't work on non-sequential items
hughns Apr 3, 2024
f54e194
High level description of rendezvous protocol and consistency in payl…
hughns Apr 4, 2024
f34bec3
Cheat spell checker
hughns Apr 4, 2024
2830e88
Description of rendezvous session API
hughns Apr 4, 2024
24e2242
Add description of QR format
hughns Apr 4, 2024
21ae2ca
Lint
hughns Apr 4, 2024
38eb661
Notes on threat model
hughns Apr 4, 2024
9cd724f
Fix broken link
hughns Apr 4, 2024
db759ea
Resolve some more TODOs
hughns Apr 4, 2024
5d6fb4a
Merge branch 'element-hq/oidc-qr-login' of https://github.com/matrix-…
hughns Apr 4, 2024
4e425af
Define POST response body explicitly
hughns Apr 5, 2024
a302c39
Add Cache-Control and Pragma HTTP response headers
hughns Apr 9, 2024
a81491c
Add error codes
hughns Apr 10, 2024
e1f7367
Formatting
hughns Apr 15, 2024
d8c62ed
Whitespace
hughns Apr 15, 2024
ad31acf
More formatting
hughns Apr 15, 2024
aa37af9
Tweaks to the QR code login crypto (#4129)
dkasak Apr 16, 2024
289a810
Add missing device id check step to sequence diagram
hughns Apr 16, 2024
25e8fcb
Remove references to rendezvous session ID
hughns Apr 18, 2024
e12945c
Fix POST endpoint and Location references
hughns Apr 18, 2024
4f9a4a4
Rendezvous sessions should have a fixed lifetime and allow enough tim…
hughns Apr 19, 2024
fbb30ec
Set max payload size to 4KB and fix content-type as text/plain (#4134)
hughns Apr 22, 2024
fe939be
Cross signing is mandatory
hughns Apr 22, 2024
76f175b
Use unstable prefix for errcode
hughns Apr 22, 2024
0ca3dea
The If-Match header on PUT requests contains the ETag
hughns Apr 23, 2024
02f18e1
Fix description of 304 GET response
hughns May 8, 2024
f49fd7f
Fix m.login.failure reason typo
hughns May 28, 2024
73da95a
Fix originator of m.login.declined
hughns May 30, 2024
87f8317
Use server name rather than base URL and clarify well-known discovery
hughns Jun 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Notes on threat model
  • Loading branch information
@hughns
hughns committed Apr 4, 2024
commit 38eb66151ee558d2615fbda429954455b80e5eee
12 changes: 11 additions & 1 deletion proposals/4108-oidc-qr-login.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1447,7 +1447,17 @@ will soon be verified.

## Security considerations

See individual threat analysis sections above.
This proposed mechanism has been designed to protects users and their devices from the following threats:

- A malicious actor who is able to scan the QR code generated by the legitimate user.
- A malicious actor who can intercept and modify traffic on the application layer, even if protected by encryption like TLS.
- Both of the above at the same time.

Additionally, the OIDC Provider is able to define and enforce policies that can prevent a sign in on a new device.
Such policies depend on the OIDC Provider in use and could include, but are not limited to, time of day, day of the week,
source IP address and geolocation.

A threat analysis has been done within each of the key layers in the proposal above.

## Unstable prefix

Expand Down