mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-24 18:08:28 +01:00
Enable QR code login (MSC4108) support for Synapse when Matrix Authentication Service is enabled
Related to 8a6b822bbd
Related to https://github.com/matrix-org/matrix-spec-proposals/pull/4108
Potential (unconfirmed) fix for https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3749
This commit is contained in:
parent
3a11881120
commit
509542ccaf
@ -4769,6 +4769,8 @@ matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(ma
|
|||||||
matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
|
matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
|
||||||
matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
|
matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
|
||||||
|
|
||||||
|
matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
|
||||||
|
|
||||||
# Disable password authentication when delegating authentication to Matrix Authentication Service.
|
# Disable password authentication when delegating authentication to Matrix Authentication Service.
|
||||||
# Unless this is done, Synapse fails on startup with:
|
# Unless this is done, Synapse fails on startup with:
|
||||||
# > Error in configuration at 'password_config.enabled':
|
# > Error in configuration at 'password_config.enabled':
|
||||||
|
@ -1180,6 +1180,10 @@ matrix_synapse_experimental_features_msc3861_admin_token: ''
|
|||||||
# URL to advertise to clients where users can self-manage their account.
|
# URL to advertise to clients where users can self-manage their account.
|
||||||
matrix_synapse_experimental_features_msc3861_account_management_url: ''
|
matrix_synapse_experimental_features_msc3861_account_management_url: ''
|
||||||
|
|
||||||
|
# Controls whether to enable the "QR code login" experimental feature.
|
||||||
|
# Enabling this requires that MSC3861 (see `matrix_synapse_experimental_features_msc3861_enabled`) is also enabled.
|
||||||
|
matrix_synapse_experimental_features_msc4108_enabled: false
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
#
|
#
|
||||||
# /Next-generation auth for Matrix, based on OAuth 2.0/OIDC
|
# /Next-generation auth for Matrix, based on OAuth 2.0/OIDC
|
||||||
|
@ -154,3 +154,8 @@
|
|||||||
ansible.builtin.fail:
|
ansible.builtin.fail:
|
||||||
msg: "When Synapse is delegating authentication to Matrix Authentication Service, it doesn't make sense to enable the password config (`matrix_synapse_password_config_enabled: true`), because it is not Synapse that is handling authentication. Please remove your `matrix_synapse_password_config_enabled: true` setting before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise."
|
msg: "When Synapse is delegating authentication to Matrix Authentication Service, it doesn't make sense to enable the password config (`matrix_synapse_password_config_enabled: true`), because it is not Synapse that is handling authentication. Please remove your `matrix_synapse_password_config_enabled: true` setting before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise."
|
||||||
when: matrix_synapse_experimental_features_msc3861_enabled and matrix_synapse_password_config_enabled
|
when: matrix_synapse_experimental_features_msc3861_enabled and matrix_synapse_password_config_enabled
|
||||||
|
|
||||||
|
- name: Fail if QR code login (MSC4108) is enabled while Next-Gen Auth (MSC3861) is not
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "When Synapse QR code login is enabled (MSC4108 via `matrix_synapse_experimental_features_msc4108_enabled`), Next-Gen auth (MSC3861 via `matrix_synapse_experimental_features_msc3861_enabled`) must also be enabled."
|
||||||
|
when: matrix_synapse_experimental_features_msc4108_enabled and not matrix_synapse_experimental_features_msc3861_enabled
|
||||||
|
@ -2987,5 +2987,8 @@ experimental_features:
|
|||||||
admin_token: {{ matrix_synapse_experimental_features_msc3861_admin_token | to_json }}
|
admin_token: {{ matrix_synapse_experimental_features_msc3861_admin_token | to_json }}
|
||||||
account_management_url: {{ matrix_synapse_experimental_features_msc3861_account_management_url | to_json }}
|
account_management_url: {{ matrix_synapse_experimental_features_msc3861_account_management_url | to_json }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if matrix_synapse_experimental_features_msc4108_enabled %}
|
||||||
|
msc4108_enabled: true
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# vim:ft=yaml
|
# vim:ft=yaml
|
||||||
|
Loading…
Reference in New Issue
Block a user