|
|
|
|
|
|
by philsnow
518 days ago
|
|
|
> After that they released Matrix Authentication Service (MAS), which is an additional service to deploy that moves the internal authentication functionality out of Synapse and interfaces with Synapse using OIDC. I haven't deployed it yet. They say it will eventually get rolled into Synapse, so I'm intending to wait for that. They broke out synapse's authentication into a separate service, only to plan to roll it back into synapse later? There's probably more to it than that, right? |
|
|
Therefore, we needed a basic Matrix-aware OIDC identity provider which could ship with Synapse and other homeservers in order to auth users (and optionally delegate to fully fledged IdPs like Keycloak). So we wrote matrix-authentication-service (MAS) in Rust, which is released as FOSS: https://github.com/element-hq/matrix-authentication-service.
This is released as a separate project because: a) it's written by a different team, b) it's intended to power OIDC auth for other servers than Synapse. For instance, https://github.com/element-hq/dendrite/pull/3493 is the pull to make Dendrite support OIDC via MAS.
In future, we may end up for admin convenience also bundle it by default inside FOSS Synapse (especially given Synapse is part-Rust these days) - so that folks running `pip install matrix-synapse` magically get OIDC-based auth without having to also run a separate MAS. However, this is a while off, and even then we'll continue to support MAS as a standalone service as the primary configuration.
(N.B. none of this has anything to do with Synapse Pro, and is an example of Element continuing to pour the majority its effort into FOSS work like MAS and native OIDC in Matrix...)