Ditch the account management URL in new endpoint

synapse/config/experimental.py

@@ -423,14 +423,3 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
         self.msc4069_profile_inhibit_propagation = experimental.get(
             "msc4069_profile_inhibit_propagation", False
         )
-
-    def get_msc2965_discovery_data(self) -> Optional[JsonDict]:
-        # We use the MSC3861 values as they are used by multiple MSCs
-        if not self.msc3861.enabled:
-            return None
-
-        result = {"issuer": self.msc3861.issuer}
-        if self.msc3861.account_management_url is not None:
-            result["account"] = self.msc3861.account_management_url
-
-        return result

synapse/rest/client/auth_issuer.py

@@ -45,16 +45,16 @@ def __init__(self, hs: "HomeServer"):
         self._config = hs.config
 
     async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
-        discovery_data = self._config.experimental.get_msc2965_discovery_data()
-        if discovery_data is None:
+        if self._config.experimental.msc3861.enabled:
+            return 200, {"issuer": self._config.experimental.msc3861.issuer}
+        else:
             # Wouldn't expect this to be reached: the servelet shouldn't have been
             # registered. Still, fail gracefully if we are registered for some reason.
             raise SynapseError(
                 404,
                 "OIDC discovery has not been configured on this homeserver",
                 Codes.NOT_FOUND,
             )
-        return 200, discovery_data
 
 
 def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:

synapse/rest/well_known.py

@@ -44,9 +44,15 @@ def get_well_known(self) -> Optional[JsonDict]:
                 "base_url": self._config.registration.default_identity_server
             }
 
-        discovery_data = self._config.experimental.get_msc2965_discovery_data()
-        if discovery_data is not None:
-            result["org.matrix.msc2965.authentication"] = discovery_data
+        # We use the MSC3861 values as they are used by multiple MSCs
+        if self._config.experimental.msc3861.enabled:
+            result["org.matrix.msc2965.authentication"] = {
+                "issuer": self._config.experimental.msc3861.issuer
+            }
+            if self._config.experimental.msc3861.account_management_url is not None:
+                result["org.matrix.msc2965.authentication"][
+                    "account"
+                ] = self._config.experimental.msc3861.account_management_url
 
         if self._config.server.extra_well_known_client_content:
             for (

tests/rest/client/test_auth_issuer.py

@@ -18,7 +18,6 @@
 from tests.unittest import HomeserverTestCase, override_config
 
 ISSUER = "https://account.example.com/"
-ACCOUNT_MANAGEMENT_URL = "https://account.example.com/myaccount/"
 
 
 class AuthIssuerTestCase(HomeserverTestCase):
@@ -41,21 +40,18 @@ def test_returns_404_when_msc3861_disabled(self) -> None:
                 "msc3861": {
                     "enabled": True,
                     "issuer": ISSUER,
-                    "account_management_url": ACCOUNT_MANAGEMENT_URL,
                     "client_id": "David Lister",
                     "client_auth_method": "client_secret_post",
                     "client_secret": "Who shot Mister Burns?",
                 }
             },
         }
     )
-    def test_returns_discovery_data_when_oidc_enabled(self) -> None:
+    def test_returns_issuer_when_oidc_enabled(self) -> None:
         # Make an unauthenticated request for the discovery info.
         channel = self.make_request(
             "GET",
             "/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
         )
         self.assertEqual(channel.code, HTTPStatus.OK)
-        self.assertEqual(
-            channel.json_body, {"issuer": ISSUER, "account": ACCOUNT_MANAGEMENT_URL}
-        )
+        self.assertEqual(channel.json_body, {"issuer": ISSUER})