# Copyright 2021 The Matrix.org Foundation C.I.C. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. type: object title: m.login.sso flow schema properties: type: type: string enum: ["m.login.sso"] description: The string `m.login.sso` example: "m.login.sso" identity_providers: type: array description: |- Optional identity providers (IdPs) to present to the user. These would appear (typically) as distinct buttons for the user to interact with, and would map to the appropriate IdP-dependent redirect endpoint for that IdP. example: [ {"id": "com.example.idp.github", "name": "GitHub", "brand": "github"}, {"id": "com.example.idp.gitlab", "name": "GitLab", "icon": "mxc://example.com/abc123"}, ] items: type: object title: IdP description: An identity provider. properties: id: type: string description: |- Opaque string chosen by the homeserver, uniquely identifying the IdP from other IdPs the homeserver might support. Should use the [Opaque identifier Grammar](/appendices#opaque-identifiers). example: "com.example.idp.github" name: type: string description: |- Human readable description for the IdP, intended to be shown to the user. example: "Github" icon: type: string description: |- Optional `mxc://` URI to provide an image/icon representing the IdP. Intended to be shown alongside the `name` if provided. {{% boxes/note %}} Clients SHOULD use the deprecated [`/download`](/client-server-api/#get_matrixmediav3downloadservernamemediaid) and [`/thumbnail`](/client-server-api/#get_matrixmediav3thumbnailservernamemediaid) endpoints to retrieve this media item because clients will not have an access token they can authenticate with yet. Servers SHOULD ensure media used for IdP icons is excluded from the freeze described by the [Content Repository module's Client Behaviour section](/client-server-api/#content-repo-client-behaviour). This may be addressed in the future with proposals like [MSC4148](https://github.com/matrix-org/matrix-spec-proposals/pull/4148), or removed entirely through the transition to OIDC. {{% /boxes/note %}} example: "mxc://example.org/abc123" brand: type: string description: |- Optional UI hint for what kind of common SSO provider is being described in this IdP. Matrix maintains a registry of identifiers [in the matrix-spec repo](https://github.com/matrix-org/matrix-spec/blob/main/informal/idp-brands.md) to ensure clients and servers are aligned on major/common brands. Clients should prefer the `brand` over the `icon`, when both are provided. Clients are not required to support any particular `brand`, including those in the registry, though are expected to be able to present any IdP based off the `name`/`icon` to the user regardless. Unregistered brands are permitted using the [Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar), though excluding the namespace requirements. For example, `examplesso` is a valid brand which is not in the registry but still permitted. Servers should be mindful that clients might not support their unregistered brand usage as intended by the server. example: "github" required: ['id', 'name'] required: ['type']