Put static OIDC client config into config file

Author: hughns

src/domain/login/StartOIDCLoginViewModel.js

@@ -30,6 +30,7 @@ export class StartOIDCLoginViewModel extends ViewModel {
             encoding: this.platform.encoding,
             crypto: this.platform.crypto,
             urlRouter: this.urlRouter,
+            staticClients: this.platform.config["staticOidcClients"],
         });
     }
 

src/matrix/Client.js

@@ -137,6 +137,7 @@ export class Client {
                         request: this._platform.request,
                         encoding: this._platform.encoding,
                         crypto: this._platform.crypto,
+                        staticClients: this._platform.config["staticOidcClients"],
                     });
                     await oidcApi.validate();
 

src/matrix/net/OidcApi.ts

@@ -15,7 +15,7 @@ limitations under the License.
 */
 
 import type {RequestFunction} from "../../platform/types/types";
-import type {IURLRouter} from "../../domain/navigation/URLRouter.js";
+import type {IURLRouter} from "../../domain/navigation/URLRouter";
 import type {SegmentType} from "../../domain/navigation";
 
 const WELL_KNOWN = ".well-known/openid-configuration";
@@ -54,40 +54,34 @@ function assert(condition: any, message: string): asserts condition {
     }
 };
 
-type IssuerUri = string;
-interface ClientConfig {
+export type IssuerUri = string;
+
+export interface OidcClientConfig {
     client_id: string;
-    client_secret?: string;
 }
 
-// These are statically configured OIDC client IDs for particular issuers:
-const clientIds: Record<IssuerUri, ClientConfig> = {
-    "https://dev-6525741.okta.com/": {
-        client_id: "0oa5x44w64wpNsxi45d7",
-    },
-    "https://keycloak-oidc.lab.element.dev/realms/master/": {
-        client_id: "hydrogen-oidc-playground"
-    },
-    "https://id.thirdroom.io/realms/thirdroom/": {
-        client_id: "hydrogen-oidc-playground"
-    },
-};
+export type StaticOidcClientsConfig = Record<IssuerUri, OidcClientConfig>;
 
 export class OidcApi<N extends object = SegmentType> {
-    _issuer: string;
+    _issuer: IssuerUri;
     _requestFn: RequestFunction;
     _encoding: any;
     _crypto: any;
     _urlRouter: IURLRouter<N>;
     _metadataPromise: Promise<any>;
     _registrationPromise: Promise<any>;
+    _staticClients: StaticOidcClientsConfig;
 
-    constructor({ issuer, request, encoding, crypto, urlRouter, clientId }) {
+    constructor({ issuer, request, encoding, crypto, urlRouter, clientId, staticClients = {} }: { issuer: IssuerUri, request: RequestFunction, encoding: any, crypto: any, urlRouter: IURLRouter<N>, clientId?: string, staticClients?: StaticOidcClientsConfig}) {
         this._issuer = issuer;
         this._requestFn = request;
         this._encoding = encoding;
         this._crypto = crypto;
         this._urlRouter = urlRouter;
+        this._staticClients = staticClients;
+
+        console.log(staticClients);
+        console.log(clientId);
 
         if (clientId) {
             this._registrationPromise = Promise.resolve({ client_id: clientId });
@@ -127,8 +121,8 @@ export class OidcApi<N extends object = SegmentType> {
                 // use static client if available
                 const authority = `${this.issuer}${this.issuer.endsWith('/') ? '' : '/'}`;
 
-                if (clientIds[authority]) {
-                    return clientIds[authority];
+                if (this._staticClients[authority]) {
+                    return this._staticClients[authority];
                 }
 
                 const headers = new Map();

src/platform/types/config.ts

@@ -14,6 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+import type { StaticOidcClientsConfig } from "../../matrix/net/OidcApi";
+
 export type Config = {
     /**
      * The default homeserver used by Hydrogen; auto filled in the login UI.
@@ -61,4 +63,12 @@ export type Config = {
         // See pushkey in above link
         applicationServerKey: string;
     };
+
+    /**
+     * Configuration for OIDC issuers where a static client_id has been issued for the app.
+     * Otherwise dynamic client registration is attempted.
+     * The issuer URL must have a trailing `/`.
+     * OPTIONAL
+     */
+    staticOidcClients?: StaticOidcClientsConfig;
 };

src/platform/web/assets/config.json

@@ -5,5 +5,16 @@
     "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"
   },
   "defaultHomeServer": "matrix.org",
-  "bugReportEndpointUrl": "https://element.io/bugreports/submit"
+  "bugReportEndpointUrl": "https://element.io/bugreports/submit",
+  "staticOidcClients": {
+    "https://dev-6525741.okta.com/": {
+        "client_id": "0oa5x44w64wpNsxi45d7"
+    },
+    "https://keycloak-oidc.lab.element.dev/realms/master/": {
+        "client_id": "hydrogen-oidc-playground"
+    },
+    "https://id.thirdroom.io/realms/thirdroom/": {
+        "client_id": "hydrogen-oidc-playground"
+    }
+  }
 }