feat(auth): OIDC phase 0+1 — discovery, flow detection, client config
Toward MSC3861/MSC2965 next-gen-auth login (P4-6), client-only.
- cs-api.ts: type the stable `m.authentication` well-known key + getOidcIssuer()
(stable preferred over the unstable msc2965 key; {} for non-OIDC servers).
- useParsedLoginFlows.ts: getOidcCompatibilityFlag() (MSC3824 oauth_aware_preferred
/ delegated_oidc_compatibility) as a secondary OIDC hint.
- New pages/auth/oidc/oidcConfig.ts: dynamic-registration client metadata + the
non-hash callback URL (redirect_uris can't contain a fragment).
- paths.ts: OIDC_CALLBACK_PATH.
- 8 unit tests for the pure helpers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -19,6 +19,12 @@ export type ResetPasswordPathSearchParams = {
|
||||
};
|
||||
export const RESET_PASSWORD_PATH = '/reset-password/:server?/';
|
||||
|
||||
// OIDC/next-gen-auth (MSC3861) authorization-code callback. This is a REAL
|
||||
// (non-hash) path: OAuth redirect_uris cannot contain a fragment, so it must not
|
||||
// live under the hash router. App.tsx short-circuits this path before the router
|
||||
// mounts. The provider returns `?code&state` (or `?error`) on the query string.
|
||||
export const OIDC_CALLBACK_PATH = '/auth/oidc/callback';
|
||||
|
||||
export const _CREATE_PATH = 'create/';
|
||||
export const _JOIN_PATH = 'join/';
|
||||
export const _LOBBY_PATH = 'lobby/';
|
||||
|
||||
Reference in New Issue
Block a user