Advertise the token login type when OpenID Connect is enabled. (#7631)

This commit is contained in:
Patrick Cloke 2020-06-04 06:49:51 -04:00 committed by GitHub
parent 11de843626
commit f8b9ead3ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 8 deletions

1
changelog.d/7631.bugfix Normal file
View File

@ -0,0 +1 @@
Advertise the `m.login.token` login flow when OpenID Connect is enabled.

View File

@ -99,25 +99,20 @@ class LoginRestServlet(RestServlet):
flows.append({"type": LoginRestServlet.JWT_TYPE}) flows.append({"type": LoginRestServlet.JWT_TYPE})
if self.cas_enabled: if self.cas_enabled:
flows.append({"type": LoginRestServlet.SSO_TYPE})
# we advertise CAS for backwards compat, though MSC1721 renamed it # we advertise CAS for backwards compat, though MSC1721 renamed it
# to SSO. # to SSO.
flows.append({"type": LoginRestServlet.CAS_TYPE}) flows.append({"type": LoginRestServlet.CAS_TYPE})
if self.cas_enabled or self.saml2_enabled or self.oidc_enabled:
flows.append({"type": LoginRestServlet.SSO_TYPE})
# While its valid for us to advertise this login type generally, # While its valid for us to advertise this login type generally,
# synapse currently only gives out these tokens as part of the # synapse currently only gives out these tokens as part of the
# CAS login flow. # SSO login flow.
# Generally we don't want to advertise login flows that clients # Generally we don't want to advertise login flows that clients
# don't know how to implement, since they (currently) will always # don't know how to implement, since they (currently) will always
# fall back to the fallback API if they don't understand one of the # fall back to the fallback API if they don't understand one of the
# login flow types returned. # login flow types returned.
flows.append({"type": LoginRestServlet.TOKEN_TYPE}) flows.append({"type": LoginRestServlet.TOKEN_TYPE})
elif self.saml2_enabled:
flows.append({"type": LoginRestServlet.SSO_TYPE})
flows.append({"type": LoginRestServlet.TOKEN_TYPE})
elif self.oidc_enabled:
flows.append({"type": LoginRestServlet.SSO_TYPE})
flows.extend( flows.extend(
({"type": t} for t in self.auth_handler.get_supported_login_types()) ({"type": t} for t in self.auth_handler.get_supported_login_types())