mirror of
https://github.com/element-hq/matrix-authentication-service.git
synced 2026-05-25 12:04:15 +00:00
Quentin Gliech
cf732ac8f0
Now that we have deduplicated clients, we're in this weird situation where authorization grants just… go through. This is because 4 years ago, I designed it to support prompt=consent and prompt=none, but that never ended up being used/mentioned in the MSCs. We also had support for max_age, but that required reauthing, which doesn't work well with upstream providers. So this removes support for prompt=consent|none and max_age, and makes sure we always go through the consent page. Lots of code deleted, yay!
OAuth2.0 + OpenID Connect Provider for Matrix Homeservers
MAS (Matrix Authentication Service) is an OAuth 2.0 and OpenID Provider server for Matrix.
It has been created to support the migration of Matrix to an OpenID Connect (OIDC) based authentication layer as per MSC3861.
See the Documentation for information on installation and use.
You can learn more about Matrix and OIDC at areweoidcyet.com.
Features
- Supported homeservers
- ✅ Synapse
- Authentication methods:
- ✅ Upstream OIDC
- 🚧 Local password
- ‼️ Application Services login (Encrypted bridges)
- Migration support
- ✅ Compatibility layer for legacy Matrix authentication
- ✅ Advisor on migration readiness
- ✅ Import users from Synapse
- ✅ Import password hashes from Synapse
- ✅ Import of external subject IDs for upstream identity providers from Synapse
Upstream Identity Providers
MAS is known to work with the following upstream IdPs via OIDC: