diff options
| author | Erik Johnston <erikj@element.io> | 2024-01-10 17:16:49 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-10 17:16:49 +0000 |
| commit | a986f86c827879f26abd574da6c7d12ac9578dd8 (patch) | |
| tree | e678a8e07f88d0e684c2407987b69b5c13e0f98f /changelog.d | |
| parent | Faster load recents for sync (#16783) (diff) | |
| download | synapse-a986f86c827879f26abd574da6c7d12ac9578dd8.tar.xz | |
Correctly handle OIDC config with no `client_secret` set (#16806)
In previous versions of authlib using `client_secret_basic` without a `client_secret` would result in an invalid auth header. Since authlib 1.3 it throws an exception. The configuration may be accepted in by very lax servers, so we don't want to deny it outright. Instead, let's default the `client_auth_method` to `none`, which does the right thing. If the config specifies `client_auth_method` and no `client_secret` then that is going to be bogus and we should reject it
Diffstat (limited to 'changelog.d')
| -rw-r--r-- | changelog.d/16806.misc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/16806.misc b/changelog.d/16806.misc new file mode 100644 index 0000000000..623338268b --- /dev/null +++ b/changelog.d/16806.misc @@ -0,0 +1 @@ +Reject OIDC config when `client_secret` isn't specified, but the auth method requires one. |