Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login with Token #55

Closed
daedric7 opened this issue Oct 3, 2024 · 9 comments · Fixed by #58
Closed

Login with Token #55

daedric7 opened this issue Oct 3, 2024 · 9 comments · Fixed by #58
Assignees
Labels
enhancement New feature or request

Comments

@daedric7
Copy link

daedric7 commented Oct 3, 2024

With serveral servers migrating to Native OIDC / MAS, Synapse-Admin doesn't work as it's unable to generate the required token.

One alternative would be to generate the token ourselves (via mas-cli) and then pass this token to Synapse-Admin.

Would this be possible ?

@aine-etke aine-etke assigned aine-etke and beastafk and unassigned aine-etke Oct 4, 2024
@aine-etke aine-etke added the enhancement New feature or request label Oct 4, 2024
@jacotec
Copy link

jacotec commented Oct 18, 2024

I'm still trying to find out how this works. There is a new tab "Access token" but I can't find a reference how to gerenate one in MAS-CLI.

Shouldn't the access token creation finally work simply if I do a normal SSO login which is (already yet) delegated to MAS?

@aine-etke
Copy link
Member

Synapse-Admin doesn't interact with MAS specifically, nor it MAS-aware. The new "login with token" option simply allows you to use existing access token, e.g. by generating it using mas-cli. So, consider it a "user-friendly workaround" until the #38 is done. How to generate such token with MAS is mentioned in the upstream's issue Awesome-Technologies/synapse-admin#429:

mas-cli manage issue-compatibility-token --yes-i-want-to-grant-synapse-admin-privileges [username]

Please note that we at etke.cc do not use MAS currently.

@jacotec
Copy link

jacotec commented Oct 18, 2024

@aine-etke Thanks, Quentin gave me that command in the Matrix Auth room 5 minutes ago. Unfortunately still not working running MAS. I'm still getting the "You're not an admin" message when using the access token.

@sandhose
Copy link

It looks like the two buttons 'Sign in' and 'Sign in with SSO' are still tied up to the login flow discovery, meaning that if the server only advertises m.login.sso, the Sign in button will be greyed out, so submitting the access token won't work

@jacotec
Copy link

jacotec commented Oct 18, 2024

Thanks for the comment, sandhose!

@aine-etke Can you fix the grayed out button? ;-)

@aine-etke
Copy link
Member

@aine-etke Thanks, Quentin gave me that command in the Matrix Auth room 5 minutes ago. Unfortunately still not working running MAS. I'm still getting the "You're not an admin" message when using the access token.

The error message is what Synapse returns when you send a request to an admin api endpoint, that means the token you generated belongs to a matrix user with no homeserver admin permissions

It looks like the two buttons 'Sign in' and 'Sign in with SSO' are still tied up to the login flow discovery, meaning that if the server only advertises m.login.sso, the Sign in button will be greyed out, so submitting the access token won't work

Oh, that's a problem

@beastafk could you make "Sign in" button work on Access token tab regardless of the available login flows, please?

@aine-etke
Copy link
Member

@jacotec @sandhose button fixed in etke-21 release

@jacotec
Copy link

jacotec commented Oct 18, 2024

@jacotec @sandhose button fixed in etke-21 release

Wow, awesome! That was fast! :-)

Working for me now, thanks a lot!

@beastafk
Copy link
Contributor

Improved in #61

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants