synapse requires `identifier` in `/login` requests, even for auth types which do not require it

matrix-org / synapse

Synapse: Matrix homeserver written in Python/Twisted.

https://matrix-org.github.io/synapse

Apache License 2.0

11.81k stars 2.13k forks source link

synapse requires `identifier` in `/login` requests, even for auth types which do not require it #8836

Closed richvdh closed 3 years ago

richvdh commented 3 years ago

suppose I create a custom login type com.example.login_token (NB a login type as opposed to a UIA authentication type) and say that the login submission should look like this:

{
  "type": "com.example.login_token",
  "token": "<login token>"
}

I should be able to implement this via a custom password provider; however, synapse expects to see an identifier in the submission, and will reject the login before passing it to the password provider.

richvdh commented 3 years ago

This is related to https://github.com/matrix-org/synapse/issues/5665: basically synapse uses "is this a login or a UIA?" to decide whether to look for an identifier, whereas it should be looking at the login/auth type.

richvdh commented 3 years ago

I should be able to implement this via a custom password provider

except I can't, because the custom password provider API takes a "username", so synapse core has to be able to convert the identifier dict to a username.

This code is a bit of a mess generally, but I don't think this is worth tracking.