Save the OIDC session ID (sid) with the device on login (#11482)

As a step towards allowing back-channel logout for OIDC.
author: Quentin Gliech <quenting@element.io> 2021-12-06 18:43:06 +0100
committer: GitHub <noreply@github.com> 2021-12-06 12:43:06 -0500
commit: a15a893df8428395df7cb95b729431575001c38a (patch)
tree: 7572abf2fa680c942dc882cc05e9062bb63b55b8 /synapse/rest
parent: Add admin API to get some information about federation status (#11407) (diff)
download: synapse-a15a893df8428395df7cb95b729431575001c38a.tar.xz
1 files changed, 5 insertions, 2 deletions
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index a66ee4fb3d..1b23fa18cf 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -303,6 +303,7 @@ class LoginRestServlet(RestServlet):
         ratelimit: bool = True,
         auth_provider_id: Optional[str] = None,
         should_issue_refresh_token: bool = False,
+        auth_provider_session_id: Optional[str] = None,
     ) -> LoginResponse:
         """Called when we've successfully authed the user and now need to
         actually login them in (e.g. create devices). This gets called on
@@ -318,10 +319,10 @@ class LoginRestServlet(RestServlet):
             create_non_existent_users: Whether to create the user if they don't
                 exist. Defaults to False.
             ratelimit: Whether to ratelimit the login request.
-            auth_provider_id: The SSO IdP the user used, if any (just used for the
-                prometheus metrics).
+            auth_provider_id: The SSO IdP the user used, if any.
             should_issue_refresh_token: True if this login should issue
                 a refresh token alongside the access token.
+            auth_provider_session_id: The session ID got during login from the SSO IdP.
 
         Returns:
             result: Dictionary of account information after successful login.
@@ -354,6 +355,7 @@ class LoginRestServlet(RestServlet):
             initial_display_name,
             auth_provider_id=auth_provider_id,
             should_issue_refresh_token=should_issue_refresh_token,
+            auth_provider_session_id=auth_provider_session_id,
         )
 
         result = LoginResponse(
@@ -399,6 +401,7 @@ class LoginRestServlet(RestServlet):
             self.auth_handler._sso_login_callback,
             auth_provider_id=res.auth_provider_id,
             should_issue_refresh_token=should_issue_refresh_token,
+            auth_provider_session_id=res.auth_provider_session_id,
         )
 
     async def _do_jwt_login(
author	Quentin Gliech <quenting@element.io>	2021-12-06 18:43:06 +0100
committer	GitHub <noreply@github.com>	2021-12-06 12:43:06 -0500
commit	a15a893df8428395df7cb95b729431575001c38a (patch)
tree	7572abf2fa680c942dc882cc05e9062bb63b55b8 /synapse/rest
parent	Add admin API to get some information about federation status (#11407) (diff)
download	synapse-a15a893df8428395df7cb95b729431575001c38a.tar.xz