OIDC: attempt dynamic client registration (#11074)

* add delegatedauthentication to validated server config

* dynamic client registration functions

* test OP registration functions

* add stubbed nativeOidc flow setup in Login

* cover more error cases in Login

* tidy

* test dynamic client registration in Login

* comment oidc_static_clients

* register oidc inside Login.getFlows

* strict fixes

* remove unused code

* and imports

* comments

* comments 2

* util functions to get static client id

* check static client ids in login flow

* remove dead code

* OidcRegistrationClientMetadata type

* use registerClient from js-sdk

* use OidcError from js-sdk

src/components/structures/auth/Login.tsx

@@ -50,7 +50,6 @@ _td("Invalid identity server discovery response");
 _td("Invalid base_url for m.identity_server");
 _td("Identity server URL does not appear to be a valid identity server");
 _td("General failure");
-
 interface IProps {
     serverConfig: ValidatedServerConfig;
     // If true, the component will consider itself busy.

src/utils/oidc/error.ts

@@ -1,24 +0,0 @@
-/*
-Copyright 2023 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-/**
- * OIDC error strings, intended for logging
- */
-export enum OidcClientError {
-    DynamicRegistrationNotSupported = "Dynamic registration not supported",
-    DynamicRegistrationFailed = "Dynamic registration failed",
-    DynamicRegistrationInvalid = "Dynamic registration invalid response",
-}

src/utils/oidc/registerClient.ts

@@ -15,9 +15,9 @@ limitations under the License.
 */
 
 import { logger } from "matrix-js-sdk/src/logger";
+import { registerOidcClient } from "matrix-js-sdk/src/oidc/register";
 
 import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
-import { OidcClientError } from "./error";
 
 /**
  * Get the statically configured clientId for the issuer
@@ -34,6 +34,7 @@ const getStaticOidcClientId = (issuer: string, staticOidcClients?: Record<string
 /**
  * Get the clientId for an OIDC OP
  * Checks statically configured clientIds first
+ * Then attempts dynamic registration with the OP
  * @param delegatedAuthConfig Auth config from ValidatedServerConfig
  * @param clientName Client name to register with the OP, eg 'Element'
  * @param baseUrl URL of the home page of the Client, eg 'https://app.element.io/'
@@ -44,8 +45,8 @@ const getStaticOidcClientId = (issuer: string, staticOidcClients?: Record<string
 export const getOidcClientId = async (
     delegatedAuthConfig: ValidatedDelegatedAuthConfig,
     // these are used in the following PR
-    _clientName: string,
-    _baseUrl: string,
+    clientName: string,
+    baseUrl: string,
     staticOidcClients?: Record<string, string>,
 ): Promise<string> => {
     const staticClientId = getStaticOidcClientId(delegatedAuthConfig.issuer, staticOidcClients);
@@ -53,8 +54,5 @@ export const getOidcClientId = async (
         logger.debug(`Using static clientId for issuer ${delegatedAuthConfig.issuer}`);
         return staticClientId;
     }
-
-    // TODO attempt dynamic registration
-    logger.error("Dynamic registration not yet implemented.");
-    throw new Error(OidcClientError.DynamicRegistrationNotSupported);
+    return await registerOidcClient(delegatedAuthConfig, clientName, baseUrl);
 };