Allow explicit configuration of OIDC dynamic registration metadata (#12514)

* Fix `element-desktop-ssoid being` included in OIDC Authorization call

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Split out oidc callback url into its own method

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Allow explicit configuration of OIDC dynamic registration metadata

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix test

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix unexpected hash on oidc callback url

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* undefined > []

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
pull/28217/head
Michael Telatynski 2024-05-14 10:38:33 +01:00 committed by GitHub
parent 357f882ff5
commit d0b30d1631
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 32 additions and 11 deletions

View File

@ -430,6 +430,13 @@ export default abstract class BasePlatform {
return window.location.origin + window.location.pathname;
}
/**
* Fallback Client URI to use for OIDC client registration for if one is not specified in config.json
*/
public get defaultOidcClientUri(): string {
return window.location.origin;
}
/**
* Metadata to use for dynamic OIDC client registrations
*/
@ -437,16 +444,17 @@ export default abstract class BasePlatform {
const config = SdkConfig.get();
return {
clientName: config.brand,
clientUri: this.baseUrl,
clientUri: config.oidc_metadata?.client_uri ?? this.defaultOidcClientUri,
redirectUris: [this.getOidcCallbackUrl().href],
logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
logoUri: config.oidc_metadata?.logo_uri ?? new URL("vector-icons/1024.png", this.baseUrl).href,
applicationType: "web",
// XXX: We break the spec by not consistently supplying these required fields
// contacts: [],
// @ts-ignore
tosUri: config.terms_and_conditions_links?.[0]?.url,
contacts: config.oidc_metadata?.contacts,
// @ts-ignore
policyUri: config.privacy_policy_url,
tosUri: config.oidc_metadata?.tos_uri ?? config.terms_and_conditions_links?.[0]?.url,
// @ts-ignore
policyUri: config.oidc_metadata?.policy_uri ?? config.privacy_policy_url,
};
}

View File

@ -200,12 +200,20 @@ export interface IConfigOptions {
* The issuer URL must have a trailing `/`.
* OPTIONAL
*/
oidc_static_clients?: Record<
string,
{
client_id: string;
}
>;
oidc_static_clients?: {
[issuer: string]: { client_id: string };
};
/**
* Configuration for OIDC dynamic registration where a static OIDC client is not configured.
*/
oidc_metadata?: {
client_uri?: string;
logo_uri?: string;
tos_uri?: string;
policy_uri?: string;
contacts?: string[];
};
}
export interface ISsoRedirectOptions {

View File

@ -44,6 +44,11 @@ describe("getOidcClientId()", () => {
return baseUrl;
},
});
Object.defineProperty(PlatformPeg.get(), "defaultOidcClientUri", {
get(): string {
return baseUrl;
},
});
Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
value: () => ({
href: baseUrl,