Enable QR code login (MSC4108) support for Synapse when Matrix Authentication Service is enabled

Related to 8a6b822bbd

Related to https://github.com/matrix-org/matrix-spec-proposals/pull/4108

Potential (unconfirmed) fix for https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3749
This commit is contained in:
Slavi Pantaleev 2024-11-09 21:19:16 +02:00
parent 3a11881120
commit 509542ccaf
4 changed files with 14 additions and 0 deletions

View File

@ -4769,6 +4769,8 @@ matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(ma
matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
# Disable password authentication when delegating authentication to Matrix Authentication Service.
# Unless this is done, Synapse fails on startup with:
# > Error in configuration at 'password_config.enabled':

View File

@ -1180,6 +1180,10 @@ matrix_synapse_experimental_features_msc3861_admin_token: ''
# URL to advertise to clients where users can self-manage their account.
matrix_synapse_experimental_features_msc3861_account_management_url: ''
# Controls whether to enable the "QR code login" experimental feature.
# Enabling this requires that MSC3861 (see `matrix_synapse_experimental_features_msc3861_enabled`) is also enabled.
matrix_synapse_experimental_features_msc4108_enabled: false
################################################################################
#
# /Next-generation auth for Matrix, based on OAuth 2.0/OIDC

View File

@ -154,3 +154,8 @@
ansible.builtin.fail:
msg: "When Synapse is delegating authentication to Matrix Authentication Service, it doesn't make sense to enable the password config (`matrix_synapse_password_config_enabled: true`), because it is not Synapse that is handling authentication. Please remove your `matrix_synapse_password_config_enabled: true` setting before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise."
when: matrix_synapse_experimental_features_msc3861_enabled and matrix_synapse_password_config_enabled
- name: Fail if QR code login (MSC4108) is enabled while Next-Gen Auth (MSC3861) is not
ansible.builtin.fail:
msg: "When Synapse QR code login is enabled (MSC4108 via `matrix_synapse_experimental_features_msc4108_enabled`), Next-Gen auth (MSC3861 via `matrix_synapse_experimental_features_msc3861_enabled`) must also be enabled."
when: matrix_synapse_experimental_features_msc4108_enabled and not matrix_synapse_experimental_features_msc3861_enabled

View File

@ -2987,5 +2987,8 @@ experimental_features:
admin_token: {{ matrix_synapse_experimental_features_msc3861_admin_token | to_json }}
account_management_url: {{ matrix_synapse_experimental_features_msc3861_account_management_url | to_json }}
{% endif %}
{% if matrix_synapse_experimental_features_msc4108_enabled %}
msc4108_enabled: true
{% endif %}
# vim:ft=yaml