Allow explicit configuration of OIDC dynamic registration metadata (#12514)

* Fix `element-desktop-ssoid being` included in OIDC Authorization call Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Split out oidc callback url into its own method Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Allow explicit configuration of OIDC dynamic registration metadata Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix test Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix unexpected hash on oidc callback url Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * undefined > [] Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-11-22 01:05:42 +03:00 · 2024-05-14 10:38:33 +01:00 · 2024-05-14 10:38:33 +01:00 · d0b30d1631
commit d0b30d1631
parent 357f882ff5
3 changed files with 32 additions and 11 deletions
--- a/src/BasePlatform.ts
+++ b/src/BasePlatform.ts
@ -430,6 +430,13 @@ export default abstract class BasePlatform {
        return window.location.origin + window.location.pathname;
    }

+    /**
+     * Fallback Client URI to use for OIDC client registration for if one is not specified in config.json
+     */
+    public get defaultOidcClientUri(): string {
+        return window.location.origin;
+    }
+
    /**
     * Metadata to use for dynamic OIDC client registrations
     */
@ -437,16 +444,17 @@ export default abstract class BasePlatform {
        const config = SdkConfig.get();
        return {
            clientName: config.brand,
-            clientUri: this.baseUrl,
+            clientUri: config.oidc_metadata?.client_uri ?? this.defaultOidcClientUri,
            redirectUris: [this.getOidcCallbackUrl().href],
-            logoUri: new URL("vector-icons/1024.png", this.baseUrl).href,
+            logoUri: config.oidc_metadata?.logo_uri ?? new URL("vector-icons/1024.png", this.baseUrl).href,
            applicationType: "web",
            // XXX: We break the spec by not consistently supplying these required fields
-            // contacts: [],
            // @ts-ignore
-            tosUri: config.terms_and_conditions_links?.[0]?.url,
+            contacts: config.oidc_metadata?.contacts,
            // @ts-ignore
-            policyUri: config.privacy_policy_url,
+            tosUri: config.oidc_metadata?.tos_uri ?? config.terms_and_conditions_links?.[0]?.url,
+            // @ts-ignore
+            policyUri: config.oidc_metadata?.policy_uri ?? config.privacy_policy_url,
        };
    }

--- a/src/IConfigOptions.ts
+++ b/src/IConfigOptions.ts
@ -200,12 +200,20 @@ export interface IConfigOptions {
     * The issuer URL must have a trailing `/`.
     * OPTIONAL
     */
-    oidc_static_clients?: Record<
-        string,
-        {
-            client_id: string;
-        }
-    >;
+    oidc_static_clients?: {
+        [issuer: string]: { client_id: string };
+    };
+
+    /**
+     * Configuration for OIDC dynamic registration where a static OIDC client is not configured.
+     */
+    oidc_metadata?: {
+        client_uri?: string;
+        logo_uri?: string;
+        tos_uri?: string;
+        policy_uri?: string;
+        contacts?: string[];
+    };
 }

 export interface ISsoRedirectOptions {
--- a/test/utils/oidc/registerClient-test.ts
+++ b/test/utils/oidc/registerClient-test.ts
@ -44,6 +44,11 @@ describe("getOidcClientId()", () => {
                return baseUrl;
            },
        });
+        Object.defineProperty(PlatformPeg.get(), "defaultOidcClientUri", {
+            get(): string {
+                return baseUrl;
+            },
+        });
        Object.defineProperty(PlatformPeg.get(), "getOidcCallbackUrl", {
            value: () => ({
                href: baseUrl,