Dedicated MAS API #18520
Dedicated MAS API #18520
Conversation
sandhose
force-pushed
the
quenting/dedicated-mas-api
branch
from
38c521d to
bd442af
Compare
sandhose
force-pushed
the
quenting/dedicated-mas-api
branch
from
8c26530 to
46a4f9d
Compare
sandhose
force-pushed
the
quenting/dedicated-mas-api
branch
from
46a4f9d to
25fade5
Compare
| # XXX: This is a temporary solution so that the admin API can be called by | ||
| # the OIDC provider. This will be removed once we have OIDC client | ||
| # credentials grant support in matrix-authentication-service. |
There was a problem hiding this comment.
Has this plan changed? It looks like the new approach uses a shared secret
There was a problem hiding this comment.
This will likely get refactored as part of stabilising MAS support, getting it out of experimental features. The plan is to keep using a shared secret both ways as it simplifies configuration and avoids weird roundtrips
synapse/rest/synapse/mas/devices.py
Outdated
|
|
||
| self.device_handler = hs.get_device_handler() | ||
|
|
||
| class PostBody(BaseModel): |
There was a problem hiding this comment.
| class PostBody(BaseModel): | |
| class PostBody(RequestBodyModel): |
(applies elsewhere)
There was a problem hiding this comment.
Have done that in c1f666e (except for the query user response as it's a response, not a request 🤷)
There was a problem hiding this comment.
(except for the query user response as it's a response, not a request 🤷)
We can still use ParseModel for anything else.
For the query user response case, I'm not sure Pydantic is thing to use since we're not parsing anything. And since we convert it to a dict anyway, perhaps it should be a TypedDict 🤷
There was a problem hiding this comment.
You're right, have done that in 7e8c19e
synapse/rest/synapse/mas/users.py
Outdated
| user_id=user_id.to_string() | ||
| ) | ||
| current_email_list = { | ||
| t.address for t in current_threepid_list if t.medium == "email" |
There was a problem hiding this comment.
"email" could be a constant
There was a problem hiding this comment.
There is no global constant to grab, so I made it a local one in f91a698
There was a problem hiding this comment.
Better than before but ideally, we'd probably share this everywhere. We could add it to synapse/api/constants.py
Doesn't have to be a thing to change in this PR
Co-Authored-By: Eric Eastwood <erice@element.io>
sandhose
force-pushed
the
quenting/dedicated-mas-api
branch
from
6567a84 to
31b32b3
Compare
Also add a doc comment explaining what the method does.
Co-authored-by: Eric Eastwood <erice@element.io>
|
@MadLittleMods thanks for the review! I think I fixed everything you've raised, plus fixed the test suite not running on olddeps |
| # Importing this module requires authlib, which is an optional | ||
| # dependency but required if msc3861 is enabled | ||
| from synapse.api.auth.msc3861_delegated import MSC3861DelegatedAuth |
There was a problem hiding this comment.
Looks good. This is backed up by
synapse/synapse/config/experimental.py
Lines 116 to 122 in 875269e
Co-authored-by: Eric Eastwood <erice@element.io>
This introduces a dedicated API for MAS to consume. Companion PR on the MAS side: element-hq/matrix-authentication-service#4801
This has a few advantages over the previous admin API:
The next MAS version should support it, but will be opt-in. The version after that should use this new API by default