diff --git a/setup/mscs/msc3861/msc3861_user_verifier.go b/setup/mscs/msc3861/msc3861_user_verifier.go index 597b844e..c0f4342b 100644 --- a/setup/mscs/msc3861/msc3861_user_verifier.go +++ b/setup/mscs/msc3861/msc3861_user_verifier.go @@ -127,7 +127,7 @@ func (m *MSC3861UserVerifier) VerifyUserFromRequest(req *http.Request) (*api.Dev // Do not record requests from MAS using the virtual `__oidc_admin` user. if token != m.cfg.AdminToken { - // TODO: not sure which exact data we should record here. See the link for reference + // XXX: not sure which exact data we should record here. See the link for reference // https://github.com/element-hq/synapse/blob/develop/synapse/api/auth/base.py#L365 } @@ -156,7 +156,6 @@ func (m *MSC3861UserVerifier) getUserByAccessToken(ctx context.Context, token st // XXX: This is a temporary solution so that the admin API can be called by // the OIDC provider. This will be removed once we have OIDC client // credentials grant support in matrix-authentication-service. - logger.Info("Admin token used") // XXX: that user doesn't exist and won't be provisioned. adminUser, err := createUserID("__oidc_admin", m.serverName) if err != nil { @@ -165,7 +164,7 @@ func (m *MSC3861UserVerifier) getUserByAccessToken(ctx context.Context, token st return &requester{ UserID: adminUser, Scope: []string{"urn:synapse:admin:*"}, - Device: &api.Device{UserID: adminUser.Local(), AccountType: api.AccountTypeAdmin}, + Device: &api.Device{UserID: adminUser.Local(), AccountType: api.AccountTypeOIDCService}, }, nil } diff --git a/userapi/api/api.go b/userapi/api/api.go index 5387276b..2efa8976 100644 --- a/userapi/api/api.go +++ b/userapi/api/api.go @@ -529,6 +529,8 @@ const ( AccountTypeAdmin AccountType = 3 // AccountTypeAppService indicates this is an appservice account AccountTypeAppService AccountType = 4 + // AccountTypeOIDC indicates this is an account belonging to Matrix Authentication Service (MAS) + AccountTypeOIDCService AccountType = 5 ) type QueryPushersRequest struct {