From 890b7c6c57fde33209fa3bbc360375e1af9577ae Mon Sep 17 00:00:00 2001 From: Sienna Meridian Satterwhite Date: Fri, 20 Mar 2026 14:50:23 +0000 Subject: [PATCH] =?UTF-8?q?fix(oidc):=20Element=20X=20compatibility=20?= =?UTF-8?q?=E2=80=94=20drop=20openid=20scope=20requirement,=20use=20regist?= =?UTF-8?q?ered=20client=20name?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Element X doesn't request the openid scope (which is not mandatory per OIDC spec). The id_token is still only generated when openid IS in scope. Also use the DCR-registered client name as the device display name instead of the hardcoded "OIDC Client" fallback. Ref: https://github.com/matrix-construct/tuwunel/pull/342#issuecomment-2737905329 --- src/api/client/oidc.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/api/client/oidc.rs b/src/api/client/oidc.rs index 73eaac2a..b79e53fc 100644 --- a/src/api/client/oidc.rs +++ b/src/api/client/oidc.rs @@ -76,8 +76,6 @@ pub(crate) async fn authorize_route(State(services): State, reques oidc.validate_redirect_uri(¶ms.client_id, ¶ms.redirect_uri).await?; - if !scope_contains_token(¶ms.scope, "openid") { return Err!(Request(InvalidParam("openid scope is required"))); } - let req_id = utils::random_string(OIDC_REQ_ID_LENGTH); let now = SystemTime::now(); @@ -148,7 +146,9 @@ async fn token_authorization_code(services: &tuwunel_service::Services, body: &T let refresh_token = generate_refresh_token(); let device_id: Option = extract_device_id(&session.scope).map(OwnedDeviceId::from); - let device_id = services.users.create_device(user_id, device_id.as_deref(), (Some(&access_token), expires_in), Some(&refresh_token), Some("OIDC Client"), None).await?; + let client_name = oidc.get_client(client_id).await.ok().and_then(|c| c.client_name); + let device_display_name = client_name.as_deref().unwrap_or("OIDC Client"); + let device_id = services.users.create_device(user_id, device_id.as_deref(), (Some(&access_token), expires_in), Some(&refresh_token), Some(device_display_name), None).await?; info!("{user_id} logged in via OIDC (device {device_id})");