Skip to content

Commit 21cd5e9

Browse files
authored
Use stable /auth_metadata endpoint where homeserver supports v1.15 (#5174)
1 parent db070dc commit 21cd5e9

File tree

3 files changed

+33
-11
lines changed

3 files changed

+33
-11
lines changed

spec/unit/matrix-client.spec.ts

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3877,6 +3877,27 @@ describe("MatrixClient", function () {
38773877
makeClient();
38783878
});
38793879

3880+
it("should use stable prefix", async () => {
3881+
const metadata = mockOpenIdConfiguration();
3882+
client.getVersions = vi.fn().mockResolvedValue({
3883+
versions: ["v1.15"],
3884+
});
3885+
httpLookups = [
3886+
{
3887+
method: "GET",
3888+
path: `/auth_metadata`,
3889+
data: metadata,
3890+
prefix: "/_matrix/client/v1",
3891+
},
3892+
];
3893+
3894+
await expect(client.getAuthMetadata()).resolves.toEqual({
3895+
...metadata,
3896+
signingKeys: [],
3897+
});
3898+
expect(httpLookups.length).toEqual(0);
3899+
});
3900+
38803901
it("should use unstable prefix", async () => {
38813902
const metadata = mockOpenIdConfiguration();
38823903
httpLookups = [

src/client.ts

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8837,21 +8837,21 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
88378837
}
88388838

88398839
/**
8840-
* Discover and validate delegated auth configuration
8841-
* - delegated auth issuer openid-configuration is reachable
8842-
* - delegated auth issuer openid-configuration is configured correctly for us
8840+
* Discover and validate the auth metadata for the OAuth 2.0 API.
8841+
*
88438842
* Fetches /auth_metadata falling back to legacy implementation using /auth_issuer followed by
88448843
* https://oidc-issuer.example.com/.well-known/openid-configuration and other files linked therein.
8845-
* When successful, validated metadata is returned
8844+
* When successful, validated metadata is returned.
8845+
*
88468846
* @returns validated authentication metadata and optionally signing keys
88478847
* @throws when delegated auth config is invalid or unreachable
8848-
* @experimental - part of MSC2965
88498848
*/
88508849
public async getAuthMetadata(): Promise<OidcClientConfig> {
88518850
let authMetadata: unknown | undefined;
88528851
try {
8852+
const useStable = await this.isVersionSupported("v1.15");
88538853
authMetadata = await this.http.request<unknown>(Method.Get, "/auth_metadata", undefined, undefined, {
8854-
prefix: ClientPrefix.Unstable + "/org.matrix.msc2965",
8854+
prefix: useStable ? ClientPrefix.V1 : ClientPrefix.Unstable + "/org.matrix.msc2965",
88558855
});
88568856
} catch (e) {
88578857
if (e instanceof MatrixError && e.errcode === "M_UNRECOGNIZED") {

src/oidc/validate.ts

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@ import { OidcError } from "./error.ts";
2222
import { OAuthGrantType } from "./index.ts";
2323

2424
/**
25-
* Metadata from OIDC authority discovery
25+
* Metadata from OAuth 2.0 client authentication API as per
26+
* https://spec.matrix.org/v1.17/client-server-api/#get_matrixclientv1auth_metadata
2627
* With validated properties required in type
2728
*/
2829
export type ValidatedAuthMetadata = Partial<OidcMetadata> &
@@ -36,7 +37,7 @@ export type ValidatedAuthMetadata = Partial<OidcMetadata> &
3637
| "grant_types_supported"
3738
| "code_challenge_methods_supported"
3839
> & {
39-
// MSC2965 extensions to the OIDC spec
40+
// MSC4191 extensions to the OIDC spec
4041
account_management_uri?: string;
4142
account_management_actions_supported?: string[];
4243
// The OidcMetadata type from oidc-client-ts does not include `prompt_values_supported`
@@ -80,9 +81,9 @@ const requiredArrayValue = (wellKnown: Record<string, unknown>, key: string, val
8081
};
8182

8283
/**
83-
* Validates issuer `.well-known/openid-configuration`
84-
* As defined in RFC5785 https://openid.net/specs/openid-connect-discovery-1_0.html
85-
* validates that OP is compatible with Element's OIDC flow
84+
* Validates OAuth 2.0 auth metadata as defined by
85+
* https://spec.matrix.org/v1.17/client-server-api/#get_matrixclientv1auth_metadata
86+
* is compatible with Element's OAuth/OIDC flow
8687
* @param authMetadata - json object
8788
* @returns valid issuer config
8889
* @throws Error - when issuer config is not found or is invalid

0 commit comments

Comments
 (0)