impl MSC2965: self-advertise as OIDC authentication provider

MSC2965 proposes to let the homeserver advertise its current OIDC authentication issuer. These changes let conduwuit advertise itself as the issuer when [global.auth.enable_oidc_login] is set. It also advertises its account management endpoint if [global.auth.enable_oidc_account_management] is set. None of these endpoints are implemented. This commit only implements the bare advertisement, as requested by the MSC.
2025-09-11 07:33:01 +02:00 · 2025-04-01 09:29:25 +02:00 · 2025-04-01 09:29:25 +02:00 · db3a2dc468
commit db3a2dc468
parent 68afb07c27
9 changed files with 157 additions and 3 deletions
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -103,7 +103,9 @@ pub struct Config {
 	#[serde(default)]
 	pub tls: TlsConfig,

-	/// The UNIX socket continuwuity will listen on.
+	pub auth: Option<AuthConfig>,
+
+	/// The UNIX socket conduwuit will listen on.
 	///
 	/// continuwuity cannot listen on both an IP address and a UNIX socket. If
 	/// listening on a UNIX socket, you MUST remove/comment the `address` key.
@ -1880,6 +1882,20 @@ pub struct TlsConfig {
 	pub dual_protocol: bool,
 }

+#[derive(Clone, Debug, Deserialize, Default)]
+#[config_example_generator(filename = "conduwuit-example.toml", section = "global.auth")]
+pub struct AuthConfig {
+	/// Use this homeserver as the OIDC authentication reference.
+	/// Note that the legacy Matrix authentication still will work.
+	/// Unset by default.
+	pub enable_oidc_login: bool,
+
+	/// The URL where the user is able to access the account management
+	/// capabilities of the homeserver. Only used if `enable_oidc_login` is set.
+	/// Unset by default.
+	pub enable_oidc_account_management: bool,
+}
+
 #[allow(rustdoc::broken_intra_doc_links, rustdoc::bare_urls)]
 #[derive(Clone, Debug, Deserialize, Default)]
 #[config_example_generator(filename = "conduwuit-example.toml", section = "global.well_known")]