summary refs log tree commit diff
path: root/synapse/config
diff options
context:
space:
mode:
authorJason Robinson <jasonr@matrix.org>2019-01-21 01:54:43 +0200
committerJason Robinson <jasonr@matrix.org>2019-01-23 10:32:41 +0200
commit82e13662c03a41c085e784a594b423711e0caffa (patch)
tree7bdeb6ff332305f216a2ea9b95cb750f5db2096b /synapse/config
parentAdd tests for the openid lister for SynapseHomeServer (diff)
downloadsynapse-82e13662c03a41c085e784a594b423711e0caffa.tar.xz
Split federation OpenID userinfo endpoint out of the federation resource
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.

The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.

Signed-off-by: Jason Robinson <jasonr@matrix.org>
Diffstat (limited to 'synapse/config')
-rw-r--r--synapse/config/server.py9
1 files changed, 5 insertions, 4 deletions
diff --git a/synapse/config/server.py b/synapse/config/server.py
index fb57791098..556f1efee5 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -151,7 +151,7 @@ class ServerConfig(Config):
                         "compress": gzip_responses,
                     },
                     {
-                        "names": ["federation"],
+                        "names": ["federation", "openid"],
                         "compress": False,
                     }
                 ]
@@ -170,7 +170,7 @@ class ServerConfig(Config):
                             "compress": gzip_responses,
                         },
                         {
-                            "names": ["federation"],
+                            "names": ["federation", "openid"],
                             "compress": False,
                         }
                     ]
@@ -328,7 +328,7 @@ class ServerConfig(Config):
                 # that can do automatic compression.
                 compress: true
 
-              - names: [federation]  # Federation APIs
+              - names: [federation, openid]  # Federation APIs
                 compress: false
 
             # optional list of additional endpoints which can be loaded via
@@ -350,7 +350,7 @@ class ServerConfig(Config):
             resources:
               - names: [client]
                 compress: true
-              - names: [federation]
+              - names: [federation, openid]
                 compress: false
 
           # Turn on the twisted ssh manhole service on localhost on the given
@@ -477,6 +477,7 @@ KNOWN_RESOURCES = (
     'keys',
     'media',
     'metrics',
+    'openid',
     'replication',
     'static',
     'webclient',