Remove some useless oidc variables and /_synapse/oidc route handling

After some checking, it seems like there's `/_synapse/client/oidc`, but no such thing as `/_synapse/oidc`. I'm not sure why we've been reverse-proxying these paths for so long (even in as far back as the `matrix-nginx-proxy` days), but it's time we put a stop to it. The OIDC docs have been simplified. There's no need to ask people to expose the useless `/_synapse/oidc` endpoint. OIDC requires `/_synapse/client/oidc` and `/_synapse/client` is exposed by default already.
2024-01-17 14:45:19 +02:00
parent f3a9a2b35e
commit 042c74f90c
9 changed files with 22 additions and 88 deletions
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@ -73,8 +73,6 @@ matrix_synapse_oidc_providers:
    backchannel_logout_enabled: true # Optional
 ```

-**NOTE**: if you inject the OIDC configuration using `matrix_synapse_configuration_extension_yaml` (instead of `matrix_synapse_oidc_enabled: true` + `matrix_synapse_oidc_providers` as explained above), then the OIDC routes (`/_synapse/oidc`) will not be publicly exposed automatically. In such a case, you'd need to expose them manually by toggling: `matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled: true`.
-

 ## Customizing templates