Allow explicit configuration of OIDC dynamic registration metadata (#12514)

* Fix `element-desktop-ssoid being` included in OIDC Authorization call

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Split out oidc callback url into its own method

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Allow explicit configuration of OIDC dynamic registration metadata

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix test

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix unexpected hash on oidc callback url

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* undefined > []

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
t3chguy/dedup-icons-17oct
Michael Telatynski 2024-05-14 10:38:33 +01:00 committed by GitHub
parent 357f882ff5
commit d0b30d1631
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 32 additions and 11 deletions

View File

@ -430,6 +430,13 @@ export default abstract class BasePlatform {
return window.location.origin + window.location.pathname; return window.location.origin + window.location.pathname;
} }
/**
* Fallback Client URI to use for OIDC client registration for if one is not specified in config.json
*/
public get defaultOidcClientUri(): string {
return window.location.origin;
}
/** /**
* Metadata to use for dynamic OIDC client registrations * Metadata to use for dynamic OIDC client registrations
*/ */
@ -437,16 +444,17 @@ export default abstract class BasePlatform {
const config = SdkConfig.get(); const config = SdkConfig.get();
return { return {
clientName: config.brand, clientName: config.brand,
clientUri: this.baseUrl, clientUri: config.oidc_metadata?.client_uri ?? this.defaultOidcClientUri,
redirectUris: [this.getOidcCallbackUrl().href], redirectUris: [this.getOidcCallbackUrl().href],
logoUri: new URL("vector-icons/1024.png", this.baseUrl).href, logoUri: config.oidc_metadata?.logo_uri ?? new URL("vector-icons/1024.png", this.baseUrl).href,
applicationType: "web", applicationType: "web",
// XXX: We break the spec by not consistently supplying these required fields // XXX: We break the spec by not consistently supplying these required fields
// contacts: [],
// @ts-ignore // @ts-ignore
tosUri: config.terms_and_conditions_links?.[0]?.url, contacts: config.oidc_metadata?.contacts,
// @ts-ignore // @ts-ignore
policyUri: config.privacy_policy_url, tosUri: config.oidc_metadata?.tos_uri ?? config.terms_and_conditions_links?.[0]?.url,
// @ts-ignore
policyUri: config.oidc_metadata?.policy_uri ?? config.privacy_policy_url,
}; };
} }

View File

@ -200,12 +200,20 @@ export interface IConfigOptions {
* The issuer URL must have a trailing `/`. * The issuer URL must have a trailing `/`.
* OPTIONAL * OPTIONAL
*/ */
oidc_static_clients?: Record< oidc_static_clients?: {
string, [issuer: string]: { client_id: string };
{ };
client_id: string;
} /**
>; * Configuration for OIDC dynamic registration where a static OIDC client is not configured.
*/
oidc_metadata?: {
client_uri?: string;
logo_uri?: string;
tos_uri?: string;
policy_uri?: string;
contacts?: string[];
};
} }
export interface ISsoRedirectOptions { export interface ISsoRedirectOptions {

View File

@ -44,6 +44,11 @@ describe("getOidcClientId()", () => {
return baseUrl; return baseUrl;
}, },
}); });
Object.defineProperty(PlatformPeg.get(), "defaultOidcClientUri", {
get(): string {
return baseUrl;
},
});
Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", { Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
value: () => ({ value: () => ({
href: baseUrl, href: baseUrl,