search

element-hq / element-desktop

A glossy Matrix collaboration client for desktop.
https://element.io
GNU Affero General Public License v3.0
1.15k stars 263 forks source link

Support non-default-browser SSO #925

Open bast0006 opened 2 years ago

bast0006 commented 2 years ago

Your use case

What would you like to do?

I would like to perform SSO login without using my default browser

Why would you like to do it?

Because my default browser is a catch-all for untrusted applications who's target cannot be configured, and I do not wish to trust an untrusted session with a trusted login process.

How would you like to achieve it?

A button, label, or some other method of being provided the SSO link itself so that its single use can be performed on a browser of choice, rather than being consumed by a browser that cannot safely perform SSO.

Have you considered any alternatives?

I have set up my default browser to refuse to resolve the SSO links, which permits me to copy them to the correct browser and continue the login process.

Additional context

Most other services perform validation via email (which allows easy link copying) or they provide the link as text in addition to a button so that users can copy it if their default browser does not work for some reason, which is not uncommon among nontechnical users.

t3chguy commented 1 year ago

This is non-trivial, we delegate to https://www.electronjs.org/docs/latest/api/shell#shellopenexternalurl-options

Lesik commented 1 year ago

I believe @bast0006 wasn't asking for Element to open in a non-default browser or present a browser picker, but rather to display a little button that lets the user copy the SSO link to clipboard, so they can paste it into the browser of their choice manually.

It might sound like an odd feature, but many people for example separate their work and private browser profiles, or use different browsers altogether. The SSO page might open in the wrong browser, one which doesn't have the SSO credentials saved in the password manager, for instance.

The license activation window of JetBrains IDEs does something similar:

Screenshot of JetBrains IDE license activation window, with the "Troubles?" button highlighted

Screenshot of JetBrains IDE license token window

I would offer to work on this. Can I get approval on implementing a behavior that's similar to JetBrains as described above? Element already shows a similar popup, which could just include a "Trouble? Click here to copy the link and open it manually in your browser" text underneath the spinner:

Screenshot of Element showing the "Go to your browser to log in" popup

t3chguy commented 1 year ago

@Lesik that sounds sane, no harm in working on it but it'd likely need design to sign off on and they're stretched very thin right now. Can't match Jetbrains exactly as the flow doesn't give you a token, it deeplinks back into the app. The Matrix spec would need changing to go with tokens.