Add option to disable password authorization flow

src/api/client/session/mod.rs

@@ -78,7 +78,7 @@ pub(crate) async fn get_login_types_route(
 				| LoginType::Sso(SsoLoginType { identity_providers })
 					if list_idps && identity_providers.is_empty() =>
 					false,
-
+				| LoginType::Password(_) => services.config.login_with_password,
 				| _ => true,
 			})
 			.collect(),

src/core/config/mod.rs

@@ -984,6 +984,16 @@ pub struct Config {
 	#[serde(default = "true_fn")]
 	pub login_via_token: bool,
 
+	/// Whether to enable login using traditional user/password authorization
+	/// flow.
+	///
+	/// Set this option to false if you intend to allow logging in only using
+	/// other mechanisms, such as SSO.
+	///
+	/// default: true
+	#[serde(default = "true_fn")]
+	pub login_with_password: bool,
+
 	/// Login token expiration/TTL in milliseconds.
 	///
 	/// These are short-lived tokens for the m.login.token endpoint.

tuwunel-example.toml

@@ -810,6 +810,14 @@
 #
 #login_via_token = true
 
+# Whether to enable login using traditional user/password authorization
+# flow.
+#
+# Set this option to false if you intend to allow logging in only using
+# other mechanisms, such as SSO.
+#
+#login_with_password = true
+
 # Login token expiration/TTL in milliseconds.
 #
 # These are short-lived tokens for the m.login.token endpoint.