Add `client_secret_path` as alternative for `client_secret` for OIDC config #16030

Ma27 · 2023-07-30T20:21:20Z

That way you don't have to leak your bind password into your config. Useful for e.g. NixOS where config is stored in a world-readable location.

Tested against a live synapse instance with authentik as OIDC provider.

Pull Request Checklist

Pull request is based on the develop branch
Pull request includes a changelog file. The entry should:
- Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
- Use markdown where necessary, mostly for code blocks.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
Pull request includes a sign off
Code style is correct
(run the linters)

clokep

Looks pretty reasonable; I wish we had a more abstract way of doing this instead of manually each time we want something to be a file.

docs/usage/configuration/config_documentation.md

synapse/config/oidc.py

That way you don't have to leak your bind password into your config. Useful for e.g. NixOS where config is stored in a world-readable location. Tested against a live synapse instance with authentik as OIDC provider. Signed-off-by: Maximilian Bosch <[email protected]>

changelog.d/16030.feature

docs/usage/configuration/config_documentation.md

synapse/config/oidc.py

Co-authored-by: Patrick Cloke <[email protected]> Signed-off-by: Maximilian Bosch <[email protected]>

Ma27 · 2023-08-21T13:32:00Z

Added relevant notes and squashed this and the previous commit together :)

clokep

Thanks! Sorry for the back-and-forth here.

docs/usage/configuration/config_documentation.md

Ma27 requested a review from a team as a code owner July 30, 2023 20:21

github-actions bot deployed to PR Documentation Preview July 30, 2023 20:22 View deployment

Ma27 force-pushed the oidc-client_secret_file branch from fcdc6a6 to 989688c Compare July 30, 2023 20:23

github-actions bot deployed to PR Documentation Preview July 30, 2023 20:24 View deployment

Ma27 force-pushed the oidc-client_secret_file branch from 989688c to 3cbce56 Compare July 30, 2023 20:27

github-actions bot deployed to PR Documentation Preview July 30, 2023 20:28 View deployment

clokep suggested changes Aug 3, 2023

View reviewed changes

docs/usage/configuration/config_documentation.md Outdated Show resolved Hide resolved

synapse/config/oidc.py Outdated Show resolved Hide resolved

synapse/config/oidc.py Outdated Show resolved Hide resolved

synapse/config/oidc.py Outdated Show resolved Hide resolved

Ma27 force-pushed the oidc-client_secret_file branch from 3cbce56 to b1197c0 Compare August 12, 2023 16:51

github-actions bot deployed to PR Documentation Preview August 12, 2023 16:52 View deployment

clokep requested review from clokep and a team August 14, 2023 12:02

clokep changed the title ~~oidc: add client_secret_file as alternative for client_secret~~ Add client_secret_path as alternative for client_secret for OIDC config Aug 15, 2023

clokep reviewed Aug 15, 2023

View reviewed changes

changelog.d/16030.feature Outdated Show resolved Hide resolved

clokep reviewed Aug 15, 2023

View reviewed changes

docs/usage/configuration/config_documentation.md Show resolved Hide resolved

clokep reviewed Aug 15, 2023

View reviewed changes

docs/usage/configuration/config_documentation.md Outdated Show resolved Hide resolved

clokep reviewed Aug 15, 2023

View reviewed changes

synapse/config/oidc.py Show resolved Hide resolved

github-actions bot deployed to PR Documentation Preview August 16, 2023 11:10 View deployment

docs & changelog: improve wording

8061107

Co-authored-by: Patrick Cloke <[email protected]> Signed-off-by: Maximilian Bosch <[email protected]>

Ma27 force-pushed the oidc-client_secret_file branch from 343e5b2 to 8061107 Compare August 21, 2023 13:31

github-actions bot deployed to PR Documentation Preview August 21, 2023 13:32 View deployment

Ma27 requested a review from clokep August 21, 2023 13:32

clokep approved these changes Aug 21, 2023

View reviewed changes

clokep reviewed Aug 21, 2023

View reviewed changes

docs/usage/configuration/config_documentation.md Show resolved Hide resolved

Note version added.

4a401dd

clokep enabled auto-merge (squash) August 21, 2023 16:31

github-actions bot deployed to PR Documentation Preview August 21, 2023 16:31 View deployment

clokep merged commit d6ae404 into matrix-org:develop Aug 21, 2023

Ma27 deleted the oidc-client_secret_file branch August 21, 2023 19:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add `client_secret_path` as alternative for `client_secret` for OIDC config #16030

Add `client_secret_path` as alternative for `client_secret` for OIDC config #16030

Ma27 commented Jul 30, 2023 •

edited

Loading

clokep left a comment

Ma27 commented Aug 21, 2023

clokep left a comment

Add client_secret_path as alternative for client_secret for OIDC config #16030

Add client_secret_path as alternative for client_secret for OIDC config #16030

Conversation

Ma27 commented Jul 30, 2023 • edited Loading

Pull Request Checklist

clokep left a comment

Choose a reason for hiding this comment

Ma27 commented Aug 21, 2023

clokep left a comment

Choose a reason for hiding this comment

Add `client_secret_path` as alternative for `client_secret` for OIDC config #16030

Add `client_secret_path` as alternative for `client_secret` for OIDC config #16030

Ma27 commented Jul 30, 2023 •

edited

Loading