matrix
/
matrix-doc
mirror of https://github.com/matrix-org/matrix-doc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
matrix-doc/proposals/4148-https-sso-icons.md

4.1 KiB
Raw Permalink Blame History

MSC4148: Permitting HTTP(S) URLs for SSO IdP icons

The current m.login.sso flow schema includes an optional icon field for clients to use when representing the Identity Provider.

Use of this icon currently relies on unauthenticated media download/thumbnail endpoints, which are slated for deprecation and eventual removal through MSC3916. Clients do not yet have credentials for the user and therefore may not be able to access these icons. MSC3916 recommends that servers continue to allow the icons on the unauthenticated endpoints, though this is only helpful so long as the endpoints exist.

This proposal introduces yet another temporary measure for handling these icons in the face of authenticated media and the upcoming transition to OIDC: servers are permitted to use HTTP(S) URLs instead.

Proposal

icon for the m.login.sso flow schema has the following changes:

  1. mxc:// URI usage is deprecated, pending removal.
  2. HTTPS and HTTP URLs are permitted.
  3. Servers SHOULD prefer to use HTTPS URLs over HTTP or MXC URLs.
  4. Icons SHOULD be 64x64 pixels in size, accounting for a wide range of screen resolutions.
    • This is because the thumbnail APIs are no longer accessible to clients with HTTP(S) URLs, so "reasonable" sizes should be picked. This is not a strong requirement as deployment-specific considerations may apply (larger sign-in button on a custom client, etc).

Some suggested spec text for icon to capture these changes would be:

Optional. An HTTP(S) URL to provide an image/icon representing the IdP. Intended to be shown alongside name if provided.

Servers SHOULD prefer HTTPS URLs over HTTP. mxc:// URIs SHOULD NOT be used as their usage is deprecated here, though are permitted. Clients may have to use the deprecated, unauthenticated, media download and thumbnail endpoints to access content addressed by mxc:// URIs.

Images SHOULD be 64x64 pixels in size.

Potential issues

Existing clients may block non-mxc:// URI usage and show no icon. Though this can lead to subpar user experience, the actual impact is expected to be temporary.

Alternatives

  • As it turns out, Element Web overrides the icon if it recognizes the brand. This behaviour prevents authenticated media from breaking the icons, and avoids issues with HTTP(S) URL compatibility for the client. Other clients may wish to pursue a similar approach, particularly for popular brands/sign in methods.

  • This entire SSO login mechanism could be replaced, which is what is happening with OIDC (as of writing). This MSC is intended to fill a gap between 'now' and when OIDC lands rather than being a complete solution.

Security considerations

MXC URIs are intended to keep media 'inside' Matrix to reduce opportunities for user information to be harvested by external entities. Unlike random image uploads to a room though, the server the user is about to register an account on is the only entity able to control these URLs, reducing the risk surface. Clients may wish to look into an approach similar to Element Web for handling common icons, and possibly ways of not using icons if they feel "too sketchy". For example, if the icons aren't served by a subdomain of the Client-Server API URL (https://*.matrix.org in the case of https://matrix-client.matrix.org), the icon could be omitted.

Unstable prefix

Placing this MSC behind an unstable prefix becomes very difficult very quickly. Instead, clients and servers are suggested to not implement this proposal until it is considered stable.

Dependencies

No direct dependencies. MSC3916 increases the need for this MSC, however.