Dima/element-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Update sso_redirect_options to work for Native OIDC (#32537)

Browse Source 
* Remove long deprecated option `sso_immediate_redirect`

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Remove stale experimental comment about Native OIDC support

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Extract redirectToSso from loadApp

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix maintaining deeplink when going via auto sso

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Improve error

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Update `sso_redirect_options` to work for Native OIDC

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Update existing test for log changes

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Add tests

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
This commit is contained in:
Michael Telatynski
2026-02-18 09:49:53 +00:00
committed by GitHub
parent 5417fce489
commit 177bc4dad4
7 changed files with 143 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/config.md
+1 -3
View File
@@ -260,7 +260,7 @@ When Element is deployed alongside a homeserver with SSO-only login, some option
1. `logout_redirect_url`: Optional URL to redirect the user to after they have logged out. Some SSO systems support a page that the
user can be sent to in order to log them out of that system too, making logout symmetric between Element and the SSO system.
2. `sso_redirect_options`: Options to define how to handle unauthenticated users. If the object contains `"immediate": true`, then
all unauthenticated users will be automatically redirected to the SSO system to start their login. If instead you'd only like to
all unauthenticated users will be automatically redirected to the SSO/OIDC system to start their login. If instead you'd only like to
have users which land on the welcome page to be redirected, use `"on_welcome_page": true`. Additionally, there is an option to
redirect anyone landing on the login page, by using `"on_login_page": true`. As an example:
```json
@@ -276,8 +276,6 @@ When Element is deployed alongside a homeserver with SSO-only login, some option
## Native OIDC
Native OIDC support is currently in labs and is subject to change.
Static OIDC Client IDs are preferred and can be specified under `oidc_static_clients` as a mapping from `issuer` to configuration object containing `client_id`.
Issuer must have a trailing forward slash. As an example: