diff --git a/changelog.d/19273.feature b/changelog.d/19273.feature new file mode 100644 index 00000000000..5d8fe3d693b --- /dev/null +++ b/changelog.d/19273.feature @@ -0,0 +1 @@ +Support for stable MSC4312 m.oauth UIA stage for resetting cross-signing identity with the OAuth 2.0 API. \ No newline at end of file diff --git a/synapse/rest/client/auth.py b/synapse/rest/client/auth.py index 600bb51a7e7..c3644c12ce0 100644 --- a/synapse/rest/client/auth.py +++ b/synapse/rest/client/auth.py @@ -67,7 +67,8 @@ async def on_GET(self, request: SynapseRequest, stagetype: str) -> None: if not session: raise SynapseError(400, "No session supplied") - if stagetype == "org.matrix.cross_signing_reset": + # We support the unstable (`org.matrix.cross_signing_reset`) name from MSC4312 until enough clients have adopted the stable name (`m.oauth`). + if stagetype == "m.oauth" or stagetype == "org.matrix.cross_signing_reset": if self.hs.config.mas.enabled: assert isinstance(self.auth, MasDelegatedAuth) diff --git a/synapse/rest/client/keys.py b/synapse/rest/client/keys.py index 5f488674b4a..502c5d495a9 100644 --- a/synapse/rest/client/keys.py +++ b/synapse/rest/client/keys.py @@ -560,9 +560,14 @@ async def on_POST(self, request: SynapseRequest) -> tuple[int, JsonDict]: { "session": "dummy", "flows": [ + {"stages": ["m.oauth"]}, + # The unstable name from MSC4312 should be supported until enough clients have adopted the stable (`m.oauth`) name: {"stages": ["org.matrix.cross_signing_reset"]}, ], "params": { + "m.oauth": { + "url": url, + }, "org.matrix.cross_signing_reset": { "url": url, }, @@ -594,9 +599,14 @@ async def on_POST(self, request: SynapseRequest) -> tuple[int, JsonDict]: { "session": "dummy", "flows": [ + {"stages": ["m.oauth"]}, + # The unstable name from MSC4312 should be supported until enough clients have adopted the stable (`m.oauth`) name: {"stages": ["org.matrix.cross_signing_reset"]}, ], "params": { + "m.oauth": { + "url": url, + }, "org.matrix.cross_signing_reset": { "url": url, },