* util functions to get static client id
* check static client ids in login flow
* remove dead code
* add trailing slash
* comment error enum
* spacing
* PR tidying
* more comments
* add ValidatedDelegatedAuthConfig type
* Update src/Login.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/Login.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/utils/ValidatedServerConfig.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* rename oidc_static_clients to oidc_static_client_ids
* comment
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fully move auth types to js-sdk
The SSO buttons were the only consumer of these types, so let's just move them. They've been in the js-sdk for a while now, and webpack is screaming about missing exports (because they're all interfaces and types, which don't exist after transpiling).
* Fix the other cases too
* Add test case for null identity_providers for SSO
* Fix typing for identity_providers
* Make null idp explicit and handle in analytics
* chore: whitespace fix
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
MSC: https://github.com/matrix-org/matrix-doc/pull/2918
Fixes https://github.com/vector-im/element-web/issues/18698
Fixes https://github.com/vector-im/element-web/issues/20648
**Requires https://github.com/matrix-org/matrix-js-sdk/pull/2178**
**Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date).
----
This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens.
If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again.
This additionally contains a change to fix soft logout not working, per the issue links above.
Of interest may be the IPC approach which was ultimately declined in favour of this change instead: https://github.com/matrix-org/matrix-react-sdk/pull/7803
Turns out a lot of the typescript warnings about improper warnings were correct. TypeScript appears to be pulling in two copies of the js-sdk when we do this, which can lead to type conflicts (or worse: the wrong code entirely). We fix this at the webpack level by explicitly importing from `src`, but some alternative build structures have broken tests because of this - jest ends up pulling in the "wrong" js-sdk, breaking things.
This adds various customisations point in the app for security related
decisions. By default, these do nothing, but would be customised at the
app level via module replacement (so that no changes are needed here in the
SDK).
Fixes https://github.com/vector-im/element-web/issues/15350
