app/matrix: force non-id_token flow to fix SSO Presence of id_token in IDP token response causes synapse to demand jwks_uri to be present in config/metadata. (login flow failing with <<Missing "jwks_uri" in metadata>> message) This behaviour was introduced somewhere between 1.42.0 and 1.56.0. This is currently not set up correctly on sso.hackerspace.pl (we hand out hs256 tokens instead of proper rsa ones) so this change will make it fall back to non-oidc/plain oauth2 flow. Change-Id: I4ff8aa175b4f0bbdcb3ee993b7cbd4545eac561a Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1302 Reviewed-by: informatic <informatic@hackerspace.pl> Reviewed-by: q3k <q3k@hackerspace.pl>

commit: 5ff2ccf5dfded755ec90e5b84bcaf38eb82bb49b [log] [tgz]
author: Piotr Dobrowolski <informatic@hackerspace.pl> Wed Apr 27 03:39:36 2022 +0200
committer: informatic <informatic@hackerspace.pl> Sun May 01 08:17:57 2022 +0000
tree: a3283950ccdbb6b88dba0297e04f6cf8c2cd367f
parent: 8bd24f4a968e7aa2d44a216cb63f82c478359e4d [diff]
diff --git a/app/matrix/matrix.hackerspace.pl.jsonnet b/app/matrix/matrix.hackerspace.pl.jsonnet
index 3af255c..14a0366 100644
--- a/app/matrix/matrix.hackerspace.pl.jsonnet
+++ b/app/matrix/matrix.hackerspace.pl.jsonnet

@@ -17,7 +17,9 @@
                 client_id: "matrix",
                 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
                 user_profile_method: "userinfo_endpoint",
+                userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
                 client_auth_method: "client_secret_post",
+                scopes: ["profile:read"],
             },
         },
         mediaRepo+: {
commit	5ff2ccf5dfded755ec90e5b84bcaf38eb82bb49b	[log] [tgz]
author	Piotr Dobrowolski <informatic@hackerspace.pl>	Wed Apr 27 03:39:36 2022 +0200
committer	informatic <informatic@hackerspace.pl>	Sun May 01 08:17:57 2022 +0000
tree	a3283950ccdbb6b88dba0297e04f6cf8c2cd367f
parent	8bd24f4a968e7aa2d44a216cb63f82c478359e4d [diff]