diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index 09f378f919..f9994658c4 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -72,7 +72,7 @@ class LoginRestServlet(RestServlet):
JWT_TYPE_DEPRECATED = "m.login.jwt"
APPSERVICE_TYPE = "m.login.application_service"
APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service"
- REFRESH_TOKEN_PARAM = "org.matrix.msc2918.refresh_token"
+ REFRESH_TOKEN_PARAM = "refresh_token"
def __init__(self, hs: "HomeServer"):
super().__init__()
@@ -90,7 +90,7 @@ class LoginRestServlet(RestServlet):
self.saml2_enabled = hs.config.saml2.saml2_enabled
self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc.oidc_enabled
- self._msc2918_enabled = (
+ self._refresh_tokens_enabled = (
hs.config.registration.refreshable_access_token_lifetime is not None
)
@@ -163,17 +163,16 @@ class LoginRestServlet(RestServlet):
async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]:
login_submission = parse_json_object_from_request(request)
- if self._msc2918_enabled:
- # Check if this login should also issue a refresh token, as per MSC2918
- should_issue_refresh_token = login_submission.get(
- "org.matrix.msc2918.refresh_token", False
- )
- if not isinstance(should_issue_refresh_token, bool):
- raise SynapseError(
- 400, "`org.matrix.msc2918.refresh_token` should be true or false."
- )
- else:
- should_issue_refresh_token = False
+ # Check to see if the client requested a refresh token.
+ client_requested_refresh_token = login_submission.get(
+ LoginRestServlet.REFRESH_TOKEN_PARAM, False
+ )
+ if not isinstance(client_requested_refresh_token, bool):
+ raise SynapseError(400, "`refresh_token` should be true or false.")
+
+ should_issue_refresh_token = (
+ self._refresh_tokens_enabled and client_requested_refresh_token
+ )
try:
if login_submission["type"] in (
@@ -303,6 +302,7 @@ class LoginRestServlet(RestServlet):
ratelimit: bool = True,
auth_provider_id: Optional[str] = None,
should_issue_refresh_token: bool = False,
+ auth_provider_session_id: Optional[str] = None,
) -> LoginResponse:
"""Called when we've successfully authed the user and now need to
actually login them in (e.g. create devices). This gets called on
@@ -318,10 +318,10 @@ class LoginRestServlet(RestServlet):
create_non_existent_users: Whether to create the user if they don't
exist. Defaults to False.
ratelimit: Whether to ratelimit the login request.
- auth_provider_id: The SSO IdP the user used, if any (just used for the
- prometheus metrics).
+ auth_provider_id: The SSO IdP the user used, if any.
should_issue_refresh_token: True if this login should issue
a refresh token alongside the access token.
+ auth_provider_session_id: The session ID got during login from the SSO IdP.
Returns:
result: Dictionary of account information after successful login.
@@ -354,6 +354,7 @@ class LoginRestServlet(RestServlet):
initial_display_name,
auth_provider_id=auth_provider_id,
should_issue_refresh_token=should_issue_refresh_token,
+ auth_provider_session_id=auth_provider_session_id,
)
result = LoginResponse(
@@ -399,6 +400,7 @@ class LoginRestServlet(RestServlet):
self.auth_handler._sso_login_callback,
auth_provider_id=res.auth_provider_id,
should_issue_refresh_token=should_issue_refresh_token,
+ auth_provider_session_id=res.auth_provider_session_id,
)
async def _do_jwt_login(
@@ -460,9 +462,7 @@ def _get_auth_flow_dict_for_idp(idp: SsoIdentityProvider) -> JsonDict:
class RefreshTokenServlet(RestServlet):
- PATTERNS = client_patterns(
- "/org.matrix.msc2918.refresh_token/refresh$", releases=(), unstable=True
- )
+ PATTERNS = (re.compile("^/_matrix/client/v1/refresh$"),)
def __init__(self, hs: "HomeServer"):
self._auth_handler = hs.get_auth_handler()
@@ -513,7 +513,7 @@ class SsoRedirectServlet(RestServlet):
re.compile(
"^"
+ CLIENT_API_PREFIX
- + "/r0/login/sso/redirect/(?P<idp_id>[A-Za-z0-9_.~-]+)$"
+ + "/(r0|v3)/login/sso/redirect/(?P<idp_id>[A-Za-z0-9_.~-]+)$"
)
]
|
