Store an IdP ID in the OIDC session (#9109)

Again in preparation for handling more than one OIDC provider, add a new caveat to the macaroon used as an OIDC session cookie, which remembers which OIDC provider we are talking to. In future, when we get a callback, we'll need it to make sure we talk to the right IdP. As part of this, I'm adding an idp_id and idp_name field to the OIDC configuration object. They aren't yet documented, and we'll just use the old values by default.
2025-05-04 14:44:57 -04:00 · 2021-01-15 13:22:12 +00:00 · 2021-01-15 13:22:12 +00:00 · 4575ad0b1e
commit 4575ad0b1e
parent 20af310889
4 changed files with 42 additions and 10 deletions
--- a/tests/handlers/test_oidc.py
+++ b/tests/handlers/test_oidc.py
@ -848,6 +848,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
        return self.handler._token_generator.generate_oidc_session_token(
            state=state,
            session_data=OidcSessionData(
+                idp_id="oidc",
                nonce=nonce,
                client_redirect_url=client_redirect_url,
                ui_auth_session_id=ui_auth_session_id,
@ -990,7 +991,7 @@ async def _make_callback_with_userinfo(
    session = handler._token_generator.generate_oidc_session_token(
        state=state,
        session_data=OidcSessionData(
-            nonce="nonce", client_redirect_url=client_redirect_url,
+            idp_id="oidc", nonce="nonce", client_redirect_url=client_redirect_url,
        ),
    )
    request = _build_callback_request("code", state, session)