docs(test): add OIDC/MSC3861 test section + local MAS dev loop
CI / Build & Quality Checks (push) Successful in 13m42s
CI / Trigger Desktop Build (push) Successful in 33s

LOTUS_TESTING.md section N (N1-N6): OIDC login flow, session-persist-on-reload,
token refresh, logout revocation, account-management link, and the non-OIDC
regression check. Backed by dev/oidc-test/ — a runnable local Matrix
Authentication Service + Synapse(msc3861) loop (compose skeleton, the Synapse
experimental_features delta, and the public/config.json override) so the flow
can be verified without a mozilla.org tester.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-30 17:04:24 -04:00
parent 0b307037e0
commit efcee88f05
4 changed files with 179 additions and 0 deletions
+16
View File
@@ -0,0 +1,16 @@
# Synapse experimental-features delta to delegate auth to a local MAS (MSC3861).
# Merge this into your test homeserver.yaml. The client_secret + admin_token MUST
# match the MAS config (clients[].client_secret and matrix.secret respectively).
experimental_features:
msc3861:
enabled: true
issuer: http://localhost:8090/
client_id: "0000000000000000000SYNAPSE"
client_auth_method: client_secret_basic
client_secret: "REPLACE_WITH_A_SHARED_CLIENT_SECRET"
admin_token: "REPLACE_WITH_A_LONG_SHARED_ADMIN_TOKEN"
account_management_url: "http://localhost:8090/account"
# With msc3861 enabled, Synapse disables its own password/SSO login and advertises
# `m.authentication` in /.well-known/matrix/client — which is exactly what the
# Lotus client's getOidcIssuer() reads to switch into the OIDC flow.