MSC3861: load the issuer and account management URLs from OIDC discovery (#17407)

This will help mitigating any discrepancies between the issuer configured and the one returned by the OIDC provider. This also removes the need for configuring the `account_management_url` explicitely, as it will now be loaded from the OIDC discovery, as per MSC2965. Because we may now fetch stuff for the .well-known/matrix/client endpoint, this also transforms the client well-known resource to be asynchronous.
author: Quentin Gliech <quenting@element.io> 2024-08-30 16:04:08 +0200
committer: GitHub <noreply@github.com> 2024-08-30 14:04:08 +0000
commit: ca69d0f57165ecb10204ee433992b20af71cbe91 (patch)
tree: b8914884249e221756efbe607a2b968eddbd1ce7 /tests/rest/client/test_auth_issuer.py
parent: Use custom stage UIA error for MAS cross-signing reset (#17509) (diff)
download: synapse-ca69d0f57165ecb10204ee433992b20af71cbe91.tar.xz
1 files changed, 19 insertions, 1 deletions
diff --git a/tests/rest/client/test_auth_issuer.py b/tests/rest/client/test_auth_issuer.py
index 964baeec32..299475a35c 100644
--- a/tests/rest/client/test_auth_issuer.py
+++ b/tests/rest/client/test_auth_issuer.py
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from http import HTTPStatus
+from unittest.mock import AsyncMock
 
 from synapse.rest.client import auth_issuer
 
@@ -50,10 +51,27 @@ class AuthIssuerTestCase(HomeserverTestCase):
         }
     )
     def test_returns_issuer_when_oidc_enabled(self) -> None:
-        # Make an unauthenticated request for the discovery info.
+        # Patch the HTTP client to return the issuer metadata
+        req_mock = AsyncMock(return_value={"issuer": ISSUER})
+        self.hs.get_proxied_http_client().get_json = req_mock  # type: ignore[method-assign]
+
+        channel = self.make_request(
+            "GET",
+            "/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
+        )
+
+        self.assertEqual(channel.code, HTTPStatus.OK)
+        self.assertEqual(channel.json_body, {"issuer": ISSUER})
+
+        req_mock.assert_called_with("https://account.example.com/.well-known/openid-configuration")
+        req_mock.reset_mock()
+
+        # Second call it should use the cached value
         channel = self.make_request(
             "GET",
             "/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
         )
+
         self.assertEqual(channel.code, HTTPStatus.OK)
         self.assertEqual(channel.json_body, {"issuer": ISSUER})
+        req_mock.assert_not_called()
author	Quentin Gliech <quenting@element.io>	2024-08-30 16:04:08 +0200
committer	GitHub <noreply@github.com>	2024-08-30 14:04:08 +0000
commit	ca69d0f57165ecb10204ee433992b20af71cbe91 (patch)
tree	b8914884249e221756efbe607a2b968eddbd1ce7 /tests/rest/client/test_auth_issuer.py
parent	Use custom stage UIA error for MAS cross-signing reset (#17509) (diff)
download	synapse-ca69d0f57165ecb10204ee433992b20af71cbe91.tar.xz