feat(auth): OIDC phase 0+1 — discovery, flow detection, client config
Toward MSC3861/MSC2965 next-gen-auth login (P4-6), client-only.
- cs-api.ts: type the stable `m.authentication` well-known key + getOidcIssuer()
(stable preferred over the unstable msc2965 key; {} for non-OIDC servers).
- useParsedLoginFlows.ts: getOidcCompatibilityFlag() (MSC3824 oauth_aware_preferred
/ delegated_oidc_compatibility) as a secondary OIDC hint.
- New pages/auth/oidc/oidcConfig.ts: dynamic-registration client metadata + the
non-hash callback URL (redirect_uris can't contain a fragment).
- paths.ts: OIDC_CALLBACK_PATH.
- 8 unit tests for the pure helpers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -20,6 +20,13 @@ export type AutoDiscoveryInfo = Record<string, unknown> & {
|
||||
'm.identity_server'?: {
|
||||
base_url: string;
|
||||
};
|
||||
// v1.15 stable next-gen-auth (MSC2965) discovery key — emitted by servers that
|
||||
// delegate to a Matrix Authentication Service (e.g. mozilla.org). The
|
||||
// `org.matrix.msc2965.authentication` key below is the unstable predecessor.
|
||||
'm.authentication'?: {
|
||||
issuer?: string;
|
||||
account?: string;
|
||||
};
|
||||
'org.matrix.msc2965.authentication'?: {
|
||||
account?: string;
|
||||
issuer?: string;
|
||||
@@ -32,6 +39,24 @@ export type AutoDiscoveryInfo = Record<string, unknown> & {
|
||||
];
|
||||
};
|
||||
|
||||
/**
|
||||
* Resolve the OIDC issuer (and account-management URL) advertised by a homeserver
|
||||
* in its `.well-known/matrix/client`, preferring the v1.15 stable
|
||||
* `m.authentication` key over the unstable `org.matrix.msc2965.authentication`.
|
||||
* Returns `{}` when the server is not OIDC-native (e.g. matrix.lotusguild.org).
|
||||
*/
|
||||
export const getOidcIssuer = (info: AutoDiscoveryInfo): { issuer?: string; account?: string } => {
|
||||
const stable = info['m.authentication'];
|
||||
if (stable && typeof stable.issuer === 'string') {
|
||||
return { issuer: stable.issuer, account: stable.account };
|
||||
}
|
||||
const unstable = info['org.matrix.msc2965.authentication'];
|
||||
if (unstable && typeof unstable.issuer === 'string') {
|
||||
return { issuer: unstable.issuer, account: unstable.account };
|
||||
}
|
||||
return {};
|
||||
};
|
||||
|
||||
export const autoDiscovery = async (
|
||||
request: typeof fetch,
|
||||
server: string,
|
||||
|
||||
Reference in New Issue
Block a user