diff --git a/synapse/config/oidc2.py b/synapse/config/oidc2.py
index 07f400e0b3..5adeee5e33 100644
--- a/synapse/config/oidc2.py
+++ b/synapse/config/oidc2.py
@@ -60,6 +60,7 @@ class SSOAttributeRequirement(BaseModel):
class ClientSecretJWTKey(BaseModel):
class Config:
extra = "forbid"
+
# a pem-encoded signing key
# TODO: how should we handle key_file?
key: StrictStr
@@ -72,7 +73,6 @@ class ClientSecretJWTKey(BaseModel):
jwt_payload: Mapping[str, str] = {}
-
class OIDCProviderModel(BaseModel):
"""
Notes on Pydantic:
@@ -171,7 +171,7 @@ class OIDCProviderModel(BaseModel):
@validator("userinfo_endpoint", always=True)
def userinfo_endpoint_required_without_discovery_and_without_openid_scope(
- cls, userinfo_endpoint: Optional[str], values: Mapping[str, object]
+ cls, userinfo_endpoint: Optional[str], values: Mapping[str, Any]
) -> Optional[str]:
discovery_disabled = "discover" in values and not values["discover"]
openid_scope_not_requested = (
@@ -194,7 +194,7 @@ class OIDCProviderModel(BaseModel):
@validator("jwks_uri", always=True)
def jwks_uri_required_without_discovery_but_with_openid_scope(
- cls, jwks_uri: Optional[str], values: Mapping[str, object]
+ cls, jwks_uri: Optional[str], values: Mapping[str, Any]
) -> Optional[str]:
discovery_disabled = "discover" in values and not values["discover"]
openid_scope_requested = "scopes" in values and "openid" in values["scopes"]
diff --git a/tests/config/test_oidc2.py b/tests/config/test_oidc2.py
index c2d450e3c8..3bff60214c 100644
--- a/tests/config/test_oidc2.py
+++ b/tests/config/test_oidc2.py
@@ -345,7 +345,8 @@ class PydanticOIDCTestCase(TestCase):
len(model.attribute_requirements), 1, model.attribute_requirements
)
- # Bad tGypes should be rejected
+ # Bad types should be rejected
+ bad_value: object
for bad_value in 123, 456.0, False, None, {}, ["hello"]:
with self.assertRaises(ValidationError):
self.config["attribute_requirements"] = bad_value
|
