chore: fix up

conduwuit-example.toml

@@ -23,7 +23,7 @@
 # See the docs for reverse proxying and delegation:
 # https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
 #
-# Also see the `[global.well_known]` config section at the very bottom.
+# Also see the `[global.auth]` and `[global.well_known]` config sections at the very bottom.
 #
 # Examples of delegation:
 # - https://puppygock.gay/.well-known/matrix/server
@@ -58,10 +58,6 @@
 #
 #port = 8008
 
-# This item is undocumented. Please contribute documentation for it.
-#
-#auth =
-
 # The UNIX socket conduwuit will listen on.
 #
 # continuwuity cannot listen on both an IP address and a UNIX socket. If
@@ -1630,14 +1626,18 @@
 
 [global.auth]
 
-# Use this homeserver as the OIDC authentication reference.
+# Use this homeserver as the OIDC authentication reference. It will
-# Note that the legacy Matrix authentication still will work.
+# advertise itself as the OIDC authentication issuer to new clients,
+# and use the internal user database to answer on the advertised
+# endpoints. Note that the legacy Matrix authentication still will be
+# reachable.
 # Unset by default.
 #
 #enable_oidc_login =
 
-# The URL where the user is able to access the account management
+# Whether this homeserver should provide users with an account management 
-# capabilities of the homeserver. Only used if `enable_oidc_login` is set.
+# interface. Only used if `enable_oidc_login` is set. Note that the
+# endpoint is unimplemented at the moment.
 # Unset by default.
 #
 #enable_oidc_account_management =

src/api/client/oidc/authorize.rs

@@ -39,10 +39,7 @@ pub(crate) async fn authorize(
 	}
 
 	// Redirect to the login page if no token or token not known.
-	let hostname = services
+	let hostname = services.config.server_name.host();
-		.config
-		.server_name
-		.host();
 	match oauth.authorization_header() {
 		| None => {
 			return Ok(oidc_login_form(hostname, &query));

src/api/client/oidc/discovery.rs

@@ -5,13 +5,10 @@ use axum::extract::State;
 use conduwuit::Result;
 use ruma::{
 	api::client::{
-		discovery::get_authorization_server_metadata::{
+		discovery::get_authorization_server_metadata::msc2965::{
-			self,
+			self, AccountManagementAction, AuthorizationServerMetadata, CodeChallengeMethod,
-			msc2965::{
-				AccountManagementAction, AuthorizationServerMetadata, CodeChallengeMethod,
 			GrantType, Prompt, ResponseMode, ResponseType,
 		},
-		},
 		error::{
 			Error as ClientError, ErrorBody as ClientErrorBody, ErrorKind as ClientErrorKind,
 		},
@@ -92,5 +89,5 @@ pub(crate) async fn get_auth_metadata(
 	};
 	let metadata = Raw::new(&metadata).expect("authorization server metadata should serialize");
 
-	Ok(RumaResponse(Response::new(metadata)))
+	Ok(RumaResponse(msc2965::Response::new(metadata)))
 }

src/api/client/oidc/login.rs

@@ -27,10 +27,7 @@ pub(crate) async fn oidc_login(
 	if !services.users.exists(&user_id).await {
 		return Err(err!(Request(Unknown("unknown username"))));
 	}
-	let valid_hash = services
+	let valid_hash = services.users.password_hash(&user_id).await?;
-		.users
-		.password_hash(&user_id)
-		.await?;
 
 	if valid_hash.is_empty() {
 		return Err(err!(Request(UserDeactivated("the user's hash was not found"))));
@@ -40,10 +37,7 @@ pub(crate) async fn oidc_login(
 	}
 	tracing::info!("logging in: {user_id:?}");
 
-	let hostname = services
+	let hostname = services.config.server_name.host();
-		.config
-		.server_name
-		.host();
 	let authorization_query: AuthorizationQuery = query.into();
 
 	services

src/core/config/mod.rs

@@ -61,7 +61,8 @@ pub struct Config {
 	/// See the docs for reverse proxying and delegation:
 	/// https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
 	///
-	/// Also see the `[global.auth]` and `[global.well_known]` config sections at the very bottom.
+	/// Also see the `[global.auth]` and `[global.well_known]` config sections
+	/// at the very bottom.
 	///
 	/// Examples of delegation:
 	/// - https://puppygock.gay/.well-known/matrix/server