git-mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-09-11 21:53:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

impl MSC2965: self-advertise as OIDC authentication provider

Browse source 
MSC2965 proposes to let the homeserver advertise its current OIDC authentication
issuer. These changes let conduwuit advertise itself as the issuer when
[global.auth.enable_oidc_login] is set. It also advertises its account management
endpoint if [global.auth.enable_oidc_account_management] is set.

None of these endpoints are implemented. This commit only implements the bare
advertisement, as requested by the MSC.
This commit is contained in:
lafleur 2025-04-01 09:29:25 +02:00 committed by nexy7574
commit db3a2dc468
No known key found for this signature in database
GPG key ID: 0FA334385D0B689F
9 changed files with 157 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/core/config/check.rs
View file

@ -280,6 +280,17 @@ pub fn check(config: &Config) -> Result {
));
}
if let Some(auth) = &config.auth {
if auth.enable_oidc_login {
if config.well_known.client.is_none() {
return Err!(Config(
"auth.enable_oidc_login",
"Oidc authentication is enabled but the well-known client is not set."
))
}
}
}
Ok(())
}

18
src/core/config/mod.rs
View file

@ -103,7 +103,9 @@ pub struct Config {
#[serde(default)]
pub tls: TlsConfig,
/// The UNIX socket continuwuity will listen on.
pub auth: Option<AuthConfig>,
/// The UNIX socket conduwuit will listen on.
///
/// continuwuity cannot listen on both an IP address and a UNIX socket. If
/// listening on a UNIX socket, you MUST remove/comment the `address` key.
@ -1880,6 +1882,20 @@ pub struct TlsConfig {
pub dual_protocol: bool,
}
#[derive(Clone, Debug, Deserialize, Default)]
#[config_example_generator(filename = "conduwuit-example.toml", section = "global.auth")]
pub struct AuthConfig {
/// Use this homeserver as the OIDC authentication reference.
/// Note that the legacy Matrix authentication still will work.
/// Unset by default.
pub enable_oidc_login: bool,
/// The URL where the user is able to access the account management
/// capabilities of the homeserver. Only used if `enable_oidc_login` is set.
/// Unset by default.
pub enable_oidc_account_management: bool,
}
#[allow(rustdoc::broken_intra_doc_links, rustdoc::bare_urls)]
#[derive(Clone, Debug, Deserialize, Default)]
#[config_example_generator(filename = "conduwuit-example.toml", section = "global.well_known")]