Skip to content

feat: m.oauth (MSC4312) cross-signing reset for OIDC devices#405

Merged
jevolk merged 2 commits intomatrix-construct:mainfrom
chbgdn:feat/oidc-cross-signing-reset
Apr 6, 2026
Merged

feat: m.oauth (MSC4312) cross-signing reset for OIDC devices#405
jevolk merged 2 commits intomatrix-construct:mainfrom
chbgdn:feat/oidc-cross-signing-reset

Conversation

@chbgdn
Copy link
Copy Markdown
Contributor

@chbgdn chbgdn commented Apr 5, 2026

Implements m.oauth (MSC4312) user-interactive authentication stage for cross-signing key reset on OIDC devices.

Flow:

  1. OIDC device attempts cross-signing key reset → server returns m.oauth with SSO fallback URL
  2. User completes SSO re-auth → 10-minute bypass granted (same approach as Synapse + MAS)
  3. Client retries with AuthData::OAuth(session) → keys uploaded without further UIAA

Dependencies:

@jevolk jevolk self-assigned this Apr 5, 2026
@chbgdn chbgdn force-pushed the feat/oidc-cross-signing-reset branch 2 times, most recently from e895f53 to df9ec5c Compare April 5, 2026 18:37
jevolk added a commit to chbgdn/tuwunel that referenced this pull request Apr 6, 2026
@jevolk
Fix fmt; related followup. (matrix-construct#405)
8e28bc2 
Signed-off-by: Jason Volk <jason@zemos.net>
@jevolk jevolk marked this pull request as ready for review April 6, 2026 02:36
@jevolk jevolk force-pushed the feat/oidc-cross-signing-reset branch from 8e28bc2 to 72da20b Compare April 6, 2026 05:02
@jevolk jevolk merged commit 72da20b into matrix-construct:main Apr 6, 2026
60 of 77 checks passed
@chbgdn chbgdn deleted the feat/oidc-cross-signing-reset branch April 7, 2026 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jevolk jevolk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chbgdn @jevolk