Open zqad opened 1 year ago
Confirmed the same behavior in latest beta on Play Store (1.5.28)
After some more experimentation, I have more info:
I'm redirecting /_matrix/*
from the server name domain (example.tld) to the homeserver (homeserver.example.tld). I tried dropping this redirect to see what would happen, and now I'm getting the message "This is not a valid Matrix server address", much like in https://github.com/vector-im/element-android/issues/7813 , so these might be duplicates.
The client will access these URLs in succession:
All in all, the API URL detection seems to be broken somehow. I've also tried Fluffychat that implements the detection correctly and connects without issues.
Checking the same paths on matrix.org hints that a workaround is in place:
I am unable to expose the _matrix api on the apex domain, so I hope this can be resolved easily. I've tried to look into the code myself, but being terrible with Java and completely incompetent with Kotlin, it turned out to be quite hard.
I should also add that this used to work well before, so it might be due to a change in how the client is handling the redirects (the core issue with SSO is that the client will POST after the SSO flow to the login endpoint of the apex domain instead of the api domain, get redirected, and do a GET instead which makes sense to not risk leaking tokens); or that there is a regression in how the API domain is detected.
Steps to reproduce
.well-known/matrix/client
endpoint on the server name URL (example.tld) that points to a home server API URL (https://homeserver.example.tld)./_matrix/client/version
and/_matrix/client/r0/login/sso/redirect/oidc-keycloak
(http log)/_matrix/client/r0/login
end up on the server name URL (example.tld), instead of the base_url that is supplied in the .well-known file (homeserver.example.tld), and by Keycloak.Outcome
What did you expect?
Client to use either redirect URL from OIDC communication with Keycloak, or at least the URL from the
.well-known/matrix/client
endpoint when POSTing auth info to/_matrix/client/r0/login
.What happened instead?
OIDC POST callback went to server name URL (example.tld) instead of API endpoint URL (https://homeserver.example.tld).
However, entering the server name as homeserver.example.tld into the app makes the flow work well. This seems to be a workaround for now.
Your phone model
Pixel 3a and other tried
Operating system version
Android 12 and others
Application version and app store
1.5.26 [40105262] (G-f6379963) (Play Store latest) / SDK 1.5.26 (f6379963)
Homeserver
Synapse 1.79.0
Will you send logs?
No
Are you willing to provide a PR?
No