Move from MSC3824 actions to org.matrix.msc3824.delegated_oidc_compatibility flag (#250)

Co-authored-by: Quentin Gliech <quenting@element.io>
2025-07-29 22:01:14 +03:00 · 2022-06-15 16:49:03 +01:00
parent 5632f6ba99
commit 9e3f43f1f0
2 changed files with 10 additions and 20 deletions
--- a/crates/axum-utils/src/client_authorization.rs
+++ b/crates/axum-utils/src/client_authorization.rs
@ -562,6 +562,11 @@ mod tests {
    async fn client_assertion_test() {
        // Signed with client_secret = "client-secret"
        let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjbGllbnQtaWQiLCJzdWIiOiJjbGllbnQtaWQiLCJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL29hdXRoMi9pbnRyb3NwZWN0IiwianRpIjoiYWFiYmNjIiwiZXhwIjoxNTE2MjM5MzIyLCJpYXQiOjE1MTYyMzkwMjJ9.XTaACG_Rww0GPecSZvkbem-AczNy9LLNBueCLCiQajU";
+        let body = Bytes::from(format!(
+            "client_assertion_type={}&client_assertion={}&foo=bar",
+            JWT_BEARER_CLIENT_ASSERTION, jwt,
+        ));
+
        let mut req = RequestParts::new(
            Request::builder()
                .method(Method::POST)
@ -569,13 +574,7 @@ mod tests {
                    http::header::CONTENT_TYPE,
                    mime::APPLICATION_WWW_FORM_URLENCODED.as_ref(),
                )
-                .body(Full::<Bytes>::new(
-                    format!(
-                        "client_assertion_type={}&client_assertion={}&foo=bar",
-                        JWT_BEARER_CLIENT_ASSERTION, jwt,
-                    )
-                    .into(),
-                ))
+                .body(Full::new(body))
                .unwrap(),
        );

--- a/crates/handlers/src/compat/login.rs
+++ b/crates/handlers/src/compat/login.rs
@ -33,18 +33,11 @@ use thiserror::Error;

 use super::MatrixError;

-#[derive(Debug, Serialize)]
-#[serde(rename_all = "lowercase")]
-enum Action {
-    Login,
-    Register,
-}
-
 #[derive(Debug, Serialize)]
 #[serde(tag = "type")]
 enum LoginType {
    #[serde(rename = "m.login.password")]
-    Password { actions: Vec<Action> },
+    Password,

    // we will leave MSC3824 `actions` as undefined for this auth type as unclear
    // how it should be interpreted
@ -55,7 +48,7 @@ enum LoginType {
    Sso {
        #[serde(skip_serializing_if = "Vec::is_empty")]
        identity_providers: Vec<SsoIdentityProvider>,
-        actions: Vec<Action>,
+        delegated_oidc_compatibility: bool,
    },
 }

@ -73,12 +66,10 @@ struct LoginTypes {
 pub(crate) async fn get() -> impl IntoResponse {
    let res = LoginTypes {
        flows: vec![
-            LoginType::Password {
-                actions: vec![Action::Login],
-            },
+            LoginType::Password,
            LoginType::Sso {
                identity_providers: vec![],
-                actions: vec![Action::Login, Action::Register],
+                delegated_oidc_compatibility: true,
            },
            LoginType::Token,
        ],