mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-15 17:51:10 +00:00
Advertise the token login type when OpenID Connect is enabled. (#7631)
This commit is contained in:
parent
11de843626
commit
f8b9ead3ee
2 changed files with 4 additions and 8 deletions
1
changelog.d/7631.bugfix
Normal file
1
changelog.d/7631.bugfix
Normal file
|
@ -0,0 +1 @@
|
|||
Advertise the `m.login.token` login flow when OpenID Connect is enabled.
|
|
@ -99,25 +99,20 @@ class LoginRestServlet(RestServlet):
|
|||
flows.append({"type": LoginRestServlet.JWT_TYPE})
|
||||
|
||||
if self.cas_enabled:
|
||||
flows.append({"type": LoginRestServlet.SSO_TYPE})
|
||||
|
||||
# we advertise CAS for backwards compat, though MSC1721 renamed it
|
||||
# to SSO.
|
||||
flows.append({"type": LoginRestServlet.CAS_TYPE})
|
||||
|
||||
if self.cas_enabled or self.saml2_enabled or self.oidc_enabled:
|
||||
flows.append({"type": LoginRestServlet.SSO_TYPE})
|
||||
# While its valid for us to advertise this login type generally,
|
||||
# synapse currently only gives out these tokens as part of the
|
||||
# CAS login flow.
|
||||
# SSO login flow.
|
||||
# Generally we don't want to advertise login flows that clients
|
||||
# don't know how to implement, since they (currently) will always
|
||||
# fall back to the fallback API if they don't understand one of the
|
||||
# login flow types returned.
|
||||
flows.append({"type": LoginRestServlet.TOKEN_TYPE})
|
||||
elif self.saml2_enabled:
|
||||
flows.append({"type": LoginRestServlet.SSO_TYPE})
|
||||
flows.append({"type": LoginRestServlet.TOKEN_TYPE})
|
||||
elif self.oidc_enabled:
|
||||
flows.append({"type": LoginRestServlet.SSO_TYPE})
|
||||
|
||||
flows.extend(
|
||||
({"type": t} for t in self.auth_handler.get_supported_login_types())
|
||||
|
|
Loading…
Reference in a new issue