synapse/changelog.d
Erik Johnston a986f86c82
Correctly handle OIDC config with no client_secret set (#16806)
In previous versions of authlib using `client_secret_basic` without a
`client_secret` would result in an invalid auth header. Since authlib
1.3 it throws an exception.

The configuration may be accepted in by very lax servers, so we don't
want to deny it outright. Instead, let's default the
`client_auth_method` to `none`, which does the right thing. If the
config specifies `client_auth_method` and no `client_secret` then that
is going to be bogus and we should reject it
2024-01-10 17:16:49 +00:00
..
.gitignore Correct attrs package name in requirements (#3492) 2018-07-07 10:46:59 +10:00
7.misc Faster partial join to room with complex auth graph (#7) 2024-01-10 12:29:42 +00:00
16766.misc Split up deleting devices into batches (#16766) 2024-01-10 13:55:16 +00:00
16776.misc Remove CI check for sign off (#16776) 2024-01-10 13:53:20 +00:00
16778.doc Add a link to the Request log format page from Logging Sample Config (#16778) 2024-01-10 13:34:55 +00:00
16781.misc Fix auto-merge CI to correctly wait for linting. (#16781) 2024-01-10 13:53:44 +00:00
16783.misc Faster load recents for sync (#16783) 2024-01-10 15:11:59 +00:00
16785.misc Reduce amount of state pulled out when querying federation hierachy (#16785) 2024-01-10 14:31:35 +00:00
16788.misc Pull less state out if we fail to backfill (#16788) 2024-01-10 14:42:13 +00:00
16806.misc Correctly handle OIDC config with no client_secret set (#16806) 2024-01-10 17:16:49 +00:00