Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logic for generating unique matrix IDs for SSO users could fail #8813

Open
matrixbot opened this issue Dec 18, 2023 · 0 comments
Open

Logic for generating unique matrix IDs for SSO users could fail #8813

matrixbot opened this issue Dec 18, 2023 · 0 comments

Comments

@matrixbot
Copy link
Collaborator

matrixbot commented Dec 18, 2023

This issue has been migrated from #8813.


This comes from a conversation at matrix-org/synapse#8801 (comment)

The current logic for generating unique matrix ID is something like:

  1. Get SSO attributes.
  2. Pass SSO attributes to mapping provider to get a matrix ID localpart.
  3. If the user exists, go back to 2 and append how many times we've attempted this to the localpart.
  4. If this has been attempted 1000 times, fail.
  5. If a unique user ID is generated, register the user and associated it with the SSO attributes.

A couple of odd things:

  • The 1000 is arbitrary but seems rather high (we would waste a lot of processing doing this loop 1000 times).
  • Can we improve this logic so you don't just give up after a certain number of iterations?

It is worth mentioning that depending on the SSO configuration and mapping provider used this might not be an issue (e.g. if you're in a corporate environment with unique email usernames and use the username as the localpart, they should never conflict). This really only happens if whatever attribute you're using from SSO can conflict (maybe you're using first name and hire a lot of people named "Erik", you'd end up with @erik:foo, @erik1:foo, .... @erik999:foo and then you can't hire more Eriks.

@matrixbot matrixbot changed the title Dummy issue Logic for generating unique matrix IDs for SSO users could fail Dec 21, 2023
@matrixbot matrixbot reopened this Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant