Open tcpipuk opened 4 months ago
Good! This feature is very good!
conduit support OIDC status: https://gitlab.com/famedly/conduit/-/merge_requests/587
Moved to here: https://gitlab.com/famedly/conduit/-/merge_requests/676
That's legacy SSO from my understanding, still interesting though
Many server admins prefer centralise their authentication, which means they can use a single system for login across all of their applications, then use one (ideally MFA) system for their users to login.
This simplifies user management, but also helps avoid requests for user management features, as password management and 3PID are handled by the OIDC provider instead of the Matrix server.
The overall MSC3861 exists for this, and has not yet been merged, but it's approaching maturity and MSC2964 specifies a comprehensive list of endpoints a server would require to handle OIDC authentication.