Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation (#4233)

* Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-08-09 10:22:46 +03:00 · 2024-06-18 14:03:14 +01:00
parent 987ec1e62f
commit c55289ec65
8 changed files with 33 additions and 32 deletions
--- a/src/@types/matrix-sdk-crypto-wasm.d.ts
+++ b/src/@types/matrix-sdk-crypto-wasm.d.ts
@@ -37,4 +37,8 @@ declare module "@matrix-org/matrix-sdk-crypto-wasm" {
            };
        }>;
    }
+
+    interface Device {
+        requestVerification(methods?: any[]): [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest];
+    }
 }
--- a/src/rendezvous/MSC4108SignInWithQR.ts
+++ b/src/rendezvous/MSC4108SignInWithQR.ts
@@ -145,7 +145,7 @@ export class MSC4108SignInWithQR {
        }

        if (this.ourIntent === QrCodeMode.Reciprocate && this.client) {
-            this._code = await this.channel.generateCode(this.ourIntent, this.client.getHomeserverUrl());
+            this._code = await this.channel.generateCode(this.ourIntent, this.client.getDomain()!);
        } else if (this.ourIntent === QrCodeMode.Login) {
            this._code = await this.channel.generateCode(this.ourIntent);
        }
@@ -171,7 +171,7 @@ export class MSC4108SignInWithQR {
     * The scanning device has to discover the homeserver details, if they scanned the code then they already have it.
     * If the new device is the one rendering the QR code then it has to wait be sent the homeserver details via the rendezvous channel.
     */
-    public async negotiateProtocols(): Promise<{ homeserverBaseUrl?: string }> {
+    public async negotiateProtocols(): Promise<{ serverName?: string }> {
        logger.info(`negotiateProtocols(isNewDevice=${this.isNewDevice} didScanCode=${this.didScanCode})`);
        await this.channel.connect();

@@ -194,7 +194,7 @@ export class MSC4108SignInWithQR {
                    await this.send<ProtocolsPayload>({
                        type: PayloadType.Protocols,
                        protocols: ["device_authorization_grant"],
-                        homeserver: this.client?.getHomeserverUrl() ?? "",
+                        homeserver: this.client!.getDomain()!,
                    });
                } else {
                    await this.send<FailurePayload>({
@@ -227,7 +227,7 @@ export class MSC4108SignInWithQR {
                );
            }

-            return { homeserverBaseUrl: payload.homeserver };
+            return { serverName: payload.homeserver };
        } else {
            // MSC4108-Flow: NewScanned - nothing to do
        }
--- a/src/rendezvous/channels/MSC4108SecureChannel.ts
+++ b/src/rendezvous/channels/MSC4108SecureChannel.ts
@@ -54,11 +54,11 @@ export class MSC4108SecureChannel {
    /**
     * Generate a QR code for the current session.
     * @param mode the mode to generate the QR code in, either `Login` or `Reciprocate`.
-     * @param homeserverBaseUrl the base URL of the homeserver to connect to, required for `Reciprocate` mode.
+     * @param serverName the name of the homeserver to connect to, as defined by server discovery in the spec, required for `Reciprocate` mode.
     */
    public async generateCode(mode: QrCodeMode.Login): Promise<Uint8Array>;
-    public async generateCode(mode: QrCodeMode.Reciprocate, homeserverBaseUrl: string): Promise<Uint8Array>;
-    public async generateCode(mode: QrCodeMode, homeserverBaseUrl?: string): Promise<Uint8Array> {
+    public async generateCode(mode: QrCodeMode.Reciprocate, serverName: string): Promise<Uint8Array>;
+    public async generateCode(mode: QrCodeMode, serverName?: string): Promise<Uint8Array> {
        const { url } = this.rendezvousSession;

        if (!url) {
@@ -68,8 +68,8 @@ export class MSC4108SecureChannel {
        return new QrCodeData(
            this.secureChannel.public_key(),
            url,
-            mode === QrCodeMode.Reciprocate ? homeserverBaseUrl : undefined,
-        ).to_bytes();
+            mode === QrCodeMode.Reciprocate ? serverName : undefined,
+        ).toBytes();
    }

    /**
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -1100,10 +1100,9 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
        }

        try {
-            const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] =
-                await device.requestVerification(
-                    this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
-                );
+            const [request, outgoingRequest] = device.requestVerification(
+                this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
+            );
            await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest);
            return new RustVerificationRequest(
                this.olmMachine,