Allow explicit configuration of OIDC dynamic registration metadata (#12514)

* Fix `element-desktop-ssoid being` included in OIDC Authorization call

Signed-off-by: Michael Telatynski <[email protected]>

* Split out oidc callback url into its own method

Signed-off-by: Michael Telatynski <[email protected]>

* Allow explicit configuration of OIDC dynamic registration metadata

Signed-off-by: Michael Telatynski <[email protected]>

* Fix test

Signed-off-by: Michael Telatynski <[email protected]>

* Fix unexpected hash on oidc callback url

Signed-off-by: Michael Telatynski <[email protected]>

* undefined > []

Signed-off-by: Michael Telatynski <[email protected]>

---------

Signed-off-by: Michael Telatynski <[email protected]>

Author: t3chguy

src/BasePlatform.ts

@@ -430,23 +430,31 @@ export default abstract class BasePlatform {
         return window.location.origin + window.location.pathname;
     }
 
+    /**
+     * Fallback Client URI to use for OIDC client registration for if one is not specified in config.json
+     */
+    public get defaultOidcClientUri(): string {
+        return window.location.origin;
+    }
+
     /**
      * Metadata to use for dynamic OIDC client registrations
      */
     public async getOidcClientMetadata(): Promise<OidcRegistrationClientMetadata> {
         const config = SdkConfig.get();
         return {
             clientName: config.brand,
-            clientUri: this.baseUrl,
+            clientUri: config.oidc_metadata?.client_uri ?? this.defaultOidcClientUri,
             redirectUris: [this.getOidcCallbackUrl().href],
-            logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
+            logoUri: config.oidc_metadata?.logo_uri ?? new URL("vector-icons/1024.png", this.baseUrl).href,
             applicationType: "web",
             // XXX: We break the spec by not consistently supplying these required fields
-            // contacts: [],
             // @ts-ignore
-            tosUri: config.terms_and_conditions_links?.[0]?.url,
+            contacts: config.oidc_metadata?.contacts,
+            // @ts-ignore
+            tosUri: config.oidc_metadata?.tos_uri ?? config.terms_and_conditions_links?.[0]?.url,
             // @ts-ignore
-            policyUri: config.privacy_policy_url,
+            policyUri: config.oidc_metadata?.policy_uri ?? config.privacy_policy_url,
         };
     }
 

src/IConfigOptions.ts

@@ -200,12 +200,20 @@ export interface IConfigOptions {
      * The issuer URL must have a trailing `/`.
      * OPTIONAL
      */
-    oidc_static_clients?: Record<
-        string,
-        {
-            client_id: string;
-        }
-    >;
+    oidc_static_clients?: {
+        [issuer: string]: { client_id: string };
+    };
+
+    /**
+     * Configuration for OIDC dynamic registration where a static OIDC client is not configured.
+     */
+    oidc_metadata?: {
+        client_uri?: string;
+        logo_uri?: string;
+        tos_uri?: string;
+        policy_uri?: string;
+        contacts?: string[];
+    };
 }
 
 export interface ISsoRedirectOptions {

test/utils/oidc/registerClient-test.ts

@@ -44,6 +44,11 @@ describe("getOidcClientId()", () => {
                 return baseUrl;
             },
         });
+        Object.defineProperty(PlatformPeg.get(), "defaultOidcClientUri", {
+            get(): string {
+                return baseUrl;
+            },
+        });
         Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
             value: () => ({
                 href: baseUrl,