Request all required OIDC scopes + grant_types (#154)

* Request all required OIDC scopes on auth * User real TOS and Policy URLs for OIDC * Request refresh_token grant type when registering client * Use unstable OIDC scope prefixes
element-hq · Aug 11, 2022 · 207cbde · 207cbde
1 parent 4349b8f
commit 207cbde
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/ElementX/Sources/Services/Authentication/AuthenticationServiceProxy.swift b/ElementX/Sources/Services/Authentication/AuthenticationServiceProxy.swift
@@ -81,7 +81,7 @@ class AuthenticationServiceProxy: AuthenticationServiceProxyProtocol {
             let registationResponse = try await oidcService.registerClient(metadata: configuration)
             let authResponse = try await oidcService.presentWebAuthentication(metadata: configuration,
                                                                               clientID: registationResponse.clientID,
-                                                                              scope: "urn:matrix:device:\(deviceID)",
+                                                                              scope: "openid urn:matrix:org.matrix.msc2967.client:api:* urn:matrix:org.matrix.msc2967.client:device:\(deviceID)",
                                                                               userAgent: userAgent)
             let tokenResponse = try await oidcService.redeemCodeForTokens(authResponse: authResponse)
 

diff --git a/ElementX/Sources/Services/Authentication/OIDCService.swift b/ElementX/Sources/Services/Authentication/OIDCService.swift
@@ -61,15 +61,15 @@ class OIDCService {
         let extraParams = [
             "client_name": "ElementX iOS",
             "client_uri": "https://element.io",
-            "tos_uri": "https://example.com/tos",
-            "policy_uri": "https://example.com/policy"
+            "tos_uri": "https://element.io/user-terms-of-service",
+            "policy_uri": "https://element.io/privacy"
         ]
 
         let nonTemplatizedRequest = OIDRegistrationRequest(
             configuration: metadata,
             redirectURIs: [redirectURI],
             responseTypes: nil,
-            grantTypes: [OIDGrantTypeAuthorizationCode],
+            grantTypes: [OIDGrantTypeAuthorizationCode, OIDGrantTypeRefreshToken],
             subjectType: nil,
             tokenEndpointAuthMethod: "none",
             additionalParameters: extraParams

diff --git a/changelog.d/pr-154.change b/changelog.d/pr-154.change
@@ -0,0 +1 @@
+Use unstable MSC2967 values for OIDC scopes + client registration metadata updates.