# Synapse experimental-features delta to delegate auth to a local MAS (MSC3861). # Merge this into your test homeserver.yaml. The client_secret + admin_token MUST # match the MAS config (clients[].client_secret and matrix.secret respectively). experimental_features: msc3861: enabled: true issuer: http://localhost:8090/ client_id: "0000000000000000000SYNAPSE" client_auth_method: client_secret_basic client_secret: "REPLACE_WITH_A_SHARED_CLIENT_SECRET" admin_token: "REPLACE_WITH_A_LONG_SHARED_ADMIN_TOKEN" account_management_url: "http://localhost:8090/account" # With msc3861 enabled, Synapse disables its own password/SSO login and advertises # `m.authentication` in /.well-known/matrix/client — which is exactly what the # Lotus client's getOidcIssuer() reads to switch into the OIDC flow.