Add: OAuth for GMCP Extension for MUD Client Authentication #7784
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hey there! Thanks for helping Mudlet improve. 🌟 Test versionsYou can directly test the changes here:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Brief overview of PR changes/additions
Support Open ID Connect (OIDC) providers to authenticate users to games.
For the purpose of this PR, StickMUD will serve as the pilot.
Char.Login.Default, providing an authenticationlocation(OIDC URL).locationfor user login.authorization_code.authorization_codeand sends it to StickMUD viaChar.Login.AuthCode.Char.Login.Result.sequenceDiagram participant User participant Mudlet (GMCPAuthenticator) participant Browser participant OIDC Provider participant StickMUD (Game Server) participant Python OIDC Script User->>StickMUD (Game Server): Connects to game StickMUD (Game Server)->>Mudlet (GMCPAuthenticator): Sends `Char.Login.Default` with `location` Mudlet (GMCPAuthenticator)->>Browser: Opens authentication URL from `location` Browser->>OIDC Provider: User logs in & approves authentication OIDC Provider->>Mudlet (Local Server): Redirects with `authorization_code` Mudlet (GMCPAuthenticator)->>StickMUD (Game Server): Sends `authorization_code` via `Char.Login.AuthCode` StickMUD (Game Server)->>Python OIDC Script: Exchanges `authorization_code` for ID token Python OIDC Script->>StickMUD (Game Server): Returns ID token StickMUD (Game Server)->>Mudlet (GMCPAuthenticator): Sends GMCP authentication result (`Char.Login.Result`) Mudlet (GMCPAuthenticator)->>User: Displays success message🔹 Why This Works Well
✅ GMCP Authentication Extension Compliant → Uses
Char.Login.Default,Char.Login.AuthCode, andChar.Login.Result.✅ RFC 8252 & 7636 Compliant → Uses browser-based authentication with PKCE.
✅ Security Best Practices → Game handles
client_secretand token validation.✅ Simplifies Mudlet's Role → Mudlet only handles browser interaction and GMCP messaging.
Motivation for adding to Mudlet
Extending the GMCP Extension for MUD Client Authentication to support the "oauth" type.
Other info (issues closed, discussion etc)
This code may be in draft and may not run yet. I had a working version that was not compliant with the RFCs, and now I am refactoring.
We may add buttons with the major providers to Mudlet in time where it will suggest the provider to the game like many enterprise applications do. They could either be part of default games profiles, or sent from the game and used on future connections. It needs a lot of thought. For now, we're trying to stay as close to the proposed GMCP Authentication Extension and the RFC 8252 & 7636 to keep it simple.