diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2023-08-21 21:32:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-21 19:32:17 +0000 |
commit | d6ae4041a4c014a8c234f1afccc80867bf5b7df0 (patch) | |
tree | cf6c959146ed4bf2cef7d6a6b56e8e719099c27b /synapse/config/oidc.py | |
parent | Implements a task scheduler for resumable potentially long running tasks (#15... (diff) | |
download | synapse-d6ae4041a4c014a8c234f1afccc80867bf5b7df0.tar.xz |
Add `client_secret_path` as alternative for `client_secret` for OIDC config (#16030)
Diffstat (limited to 'synapse/config/oidc.py')
-rw-r--r-- | synapse/config/oidc.py | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/synapse/config/oidc.py b/synapse/config/oidc.py index 77c1d1dc8e..574d6afb95 100644 --- a/synapse/config/oidc.py +++ b/synapse/config/oidc.py @@ -280,6 +280,20 @@ def _parse_oidc_config_dict( for x in oidc_config.get("attribute_requirements", []) ] + # Read from either `client_secret_path` or `client_secret`. If both exist, error. + client_secret = oidc_config.get("client_secret") + client_secret_path = oidc_config.get("client_secret_path") + if client_secret_path is not None: + if client_secret is None: + client_secret = read_file( + client_secret_path, config_path + ("client_secret_path",) + ).rstrip("\n") + else: + raise ConfigError( + "Cannot specify both client_secret and client_secret_path", + config_path + ("client_secret",), + ) + return OidcProviderConfig( idp_id=idp_id, idp_name=oidc_config.get("idp_name", "OIDC"), @@ -288,7 +302,7 @@ def _parse_oidc_config_dict( discover=oidc_config.get("discover", True), issuer=oidc_config["issuer"], client_id=oidc_config["client_id"], - client_secret=oidc_config.get("client_secret"), + client_secret=client_secret, client_secret_jwt_key=client_secret_jwt_key, client_auth_method=oidc_config.get("client_auth_method", "client_secret_basic"), pkce_method=oidc_config.get("pkce_method", "auto"), |