98ad5674a8
Toward MSC3861/MSC2965 next-gen-auth login (P4-6), client-only.
- cs-api.ts: type the stable `m.authentication` well-known key + getOidcIssuer()
(stable preferred over the unstable msc2965 key; {} for non-OIDC servers).
- useParsedLoginFlows.ts: getOidcCompatibilityFlag() (MSC3824 oauth_aware_preferred
/ delegated_oidc_compatibility) as a secondary OIDC hint.
- New pages/auth/oidc/oidcConfig.ts: dynamic-registration client metadata + the
non-hash callback URL (redirect_uris can't contain a fragment).
- paths.ts: OIDC_CALLBACK_PATH.
- 8 unit tests for the pure helpers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
38 lines
1.5 KiB
TypeScript
38 lines
1.5 KiB
TypeScript
import type { OidcRegistrationClientMetadata } from 'matrix-js-sdk';
|
|
import LotusLogo from '../../../../../public/res/Lotus.png';
|
|
import { OIDC_CALLBACK_PATH } from '../../paths';
|
|
import { getOriginBaseUrl, withOriginBaseUrl } from '../../pathUtils';
|
|
|
|
/**
|
|
* Absolute URL the OIDC provider redirects back to after authorization.
|
|
*
|
|
* It MUST be a real (non-hash) path on our origin: OAuth redirect_uris cannot
|
|
* contain a fragment, and with hashRouter the app's routes live after `#`. We
|
|
* therefore always build it against the plain origin base — `getOriginBaseUrl()`
|
|
* with NO hashRouter arg returns `${origin}${BASE_URL}` (no `#`) — and App.tsx
|
|
* short-circuits this path before the router mounts.
|
|
*/
|
|
export const getOidcCallbackUrl = (): string =>
|
|
withOriginBaseUrl(getOriginBaseUrl(), OIDC_CALLBACK_PATH);
|
|
|
|
/**
|
|
* Client metadata sent during MSC2966 dynamic client registration.
|
|
*
|
|
* `registerOidcClient` drops any URI that doesn't share `clientUri` as a common
|
|
* base, so every URI here lives under our origin base.
|
|
*/
|
|
export const getOidcClientMetadata = (): OidcRegistrationClientMetadata => {
|
|
// `${origin}${BASE_URL}` (with trailing slash) — the common base for all URIs.
|
|
const clientUri = getOriginBaseUrl();
|
|
return {
|
|
clientName: 'Lotus Chat',
|
|
clientUri,
|
|
logoUri: new URL(LotusLogo, window.location.origin).href,
|
|
applicationType: 'web',
|
|
contacts: ['support@lotusguild.org'],
|
|
tosUri: clientUri,
|
|
policyUri: clientUri,
|
|
redirectUris: [getOidcCallbackUrl()],
|
|
};
|
|
};
|