Skip to main content

Third-Party Integrations

Matrix

Creation of the Chat Identity

loading...
info

To edit this diagram, import the source file in draw.io, edit and export as xml again.

Here above is a diagram of how and where the creation of the chat identity takes place.

After the registration in Ory and the creation of the user in Okuna the user will send his information (first name, last name, pronouns and geolocation) to the backend. The backend will generate a unique identity using the first name of the user and appending optionally on it an incremental number to make it unique (e.g. john, john1, john2, ..., johnx). Since the owner of identities is Ory, once created a unique identity Okuna will update Ory through a POST to the /admin/identities API provided by Ory.

Whenever a user logs in to holi, we also log in to the Matrix Server. This is done via a JWT token. The JWT token is generated by Oathkeeper, according to the logged in Ory user. Is is then moved to the body of the request via our unified-api proxy, since that is where the Matrix protocol needs it. It is then interpreted by our Matrix Server Synapse. According to its configuration, Synapse uses the trait.identity from the JWT token as the local part of the matrix id. If this account does not yet exist on the Matrix server, it is created on the fly. The login to the Matrix Server returns a matrix auth token, which is stored on the client and then used to communicate with the Matrix server.

Login to the Matrix Server

loading...
info

To edit this diagram, import the source file in draw.io, edit and export as xml again.

The current challenge is to ensure complete synchronization and consistency among the three systems that manage or handle the identities (Okuna, Ory and Matrix).

It is important that change to or deletion of a user does not lead to consistency problems between the three systems. A user who is deleted from Okuna must be deleted from both Ory and Matrix otherwise there is a risk that a user who creates a new user with a previously existing identity will be able to access the deleted user's chats and data.

Novu

Securing the Notification content

In-App notification content from Novu Cloud is secured. Users authenticate against novu with a subscriber hash, which is created by unified-api. This prevents public access to notification content.

loading...

OwnCloud

TODO

write documentation

Jitsi

TODO

write documentation