Replies: 2 comments
-
I'm also wondering this. It seems like the solution here is backwards. There really needs to be a document explaining why it is better to have an additional service than to have Synapse just integrate with an existing IdP as already exists and why this functionality is being deprecated. It's a bit frustrating to set up a whole OIDC provider just to more or less proxy requests to the OIDC provider I actually want to use. |
Beta Was this translation helpful? Give feedback.
-
MAS isn't an IDP, it's a rewrite auth Synapse's internal auth system. It's highly tied to Synapse, as it needs to manage Matrix devices, users, etc. I think we did the mistake of naming this new API 'OIDC native', whilst it really the 'next gen auth API for Matrix, based on OAuth 2.0/OIDC'. I encourage you watching my talk at the Matrix conference, the second half talks about MAS itself: https://youtu.be/wOW8keNafdE?t=919 |
Beta Was this translation helpful? Give feedback.
-
I'm looking for some information on why a Synapse homeserver operator would want to use MAS (MSC3861) if they already have OpenID Connect Provider(s) configured on their homeserver(s) (
oidc_providers
) for their desired Identity Provider(s).Beta Was this translation helpful? Give feedback.
All reactions