feat(auth): OIDC phase 0+1 — discovery, flow detection, client config
Toward MSC3861/MSC2965 next-gen-auth login (P4-6), client-only.
- cs-api.ts: type the stable `m.authentication` well-known key + getOidcIssuer()
(stable preferred over the unstable msc2965 key; {} for non-OIDC servers).
- useParsedLoginFlows.ts: getOidcCompatibilityFlag() (MSC3824 oauth_aware_preferred
/ delegated_oidc_compatibility) as a secondary OIDC hint.
- New pages/auth/oidc/oidcConfig.ts: dynamic-registration client metadata + the
non-hash callback URL (redirect_uris can't contain a fragment).
- paths.ts: OIDC_CALLBACK_PATH.
- 8 unit tests for the pure helpers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
import type { OidcRegistrationClientMetadata } from 'matrix-js-sdk';
|
||||
import LotusLogo from '../../../../../public/res/Lotus.png';
|
||||
import { OIDC_CALLBACK_PATH } from '../../paths';
|
||||
import { getOriginBaseUrl, withOriginBaseUrl } from '../../pathUtils';
|
||||
|
||||
/**
|
||||
* Absolute URL the OIDC provider redirects back to after authorization.
|
||||
*
|
||||
* It MUST be a real (non-hash) path on our origin: OAuth redirect_uris cannot
|
||||
* contain a fragment, and with hashRouter the app's routes live after `#`. We
|
||||
* therefore always build it against the plain origin base — `getOriginBaseUrl()`
|
||||
* with NO hashRouter arg returns `${origin}${BASE_URL}` (no `#`) — and App.tsx
|
||||
* short-circuits this path before the router mounts.
|
||||
*/
|
||||
export const getOidcCallbackUrl = (): string =>
|
||||
withOriginBaseUrl(getOriginBaseUrl(), OIDC_CALLBACK_PATH);
|
||||
|
||||
/**
|
||||
* Client metadata sent during MSC2966 dynamic client registration.
|
||||
*
|
||||
* `registerOidcClient` drops any URI that doesn't share `clientUri` as a common
|
||||
* base, so every URI here lives under our origin base.
|
||||
*/
|
||||
export const getOidcClientMetadata = (): OidcRegistrationClientMetadata => {
|
||||
// `${origin}${BASE_URL}` (with trailing slash) — the common base for all URIs.
|
||||
const clientUri = getOriginBaseUrl();
|
||||
return {
|
||||
clientName: 'Lotus Chat',
|
||||
clientUri,
|
||||
logoUri: new URL(LotusLogo, window.location.origin).href,
|
||||
applicationType: 'web',
|
||||
contacts: ['support@lotusguild.org'],
|
||||
tosUri: clientUri,
|
||||
policyUri: clientUri,
|
||||
redirectUris: [getOidcCallbackUrl()],
|
||||
};
|
||||
};
|
||||
Reference in New Issue
Block a user