OIDC: doesn't discover wk config for default server

[kerryarchibald]

Steps to reproduce

1. open https://element-oidc.lab.element.dev/, which has default server https://synapse-oidc.lab.element.dev
2. click continue to authenticate
3. notice that you are redirected to a compatibility login on MAS, and that there is no wk request in network
4. change the server to 'synapse-oidc.lab.element.dev' (same server, without https)
5. click continue
6. notice you are redirected to native OIDC login

Outcome

What did you expect?

What happened instead?

/config

{
    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://synapse-oidc.lab.element.dev",
            "server_name": "synapse-oidc.lab.element.dev"
        }
    },
    "disable_guests": true,
    "dummy_end": "placeholder",
    "embedded_pages": {
        "login_for_welcome": true
    },
    "features": {
        **"feature_oidc_native_flow": true**
    },
    "show_labs_settings": true
}

Reasoning here: matrix-org/matrix-js-sdk#3426

Operating system

No response

Browser information

No response

URL for webapp

No response

Application version

No response

Homeserver

No response

Will you send logs?

No

[Johennes]

I spoke to @pixlwave today and the logic on EIX is:

• Drop the URL scheme (but remember if its using TLS or not) and take whatever the user input as a server name, trying to do the .well-known look-up
• If it succeeds yay. If not, deny login with an error message (copy being dependent on whether the input is a valid URL or not)

IIUC this is essentially what was attempted to be implemented in matrix-org/matrix-js-sdk#3426.

Other than it being possible that there is no .well-known on the home server URL (as on matrix.org), @t3chguy raised in matrix-org/matrix-js-sdk#3426 (comment) that different server names with different .well-knowns could be pointing to the same home server URL.

So I think we're right in not implementing this logic and should rather pursue a holistic solution on the spec level.

Given that EX already has the same problem, this shouldn't block us from offering native OIDC as a labsed feature on EW though.

[Johennes]

Descoping from https://github.com/vector-im/element-internal/issues/412 since EX has the same problem (not considered blocking there) and a spec change is needed to fix this.

[t3chguy]

This is by design,

"default_server_config": {
        "m.homeserver": {
            "base_url": "https://synapse-oidc.lab.element.dev/",
            "server_name": "synapse-oidc.lab.element.dev"
        }
    },

means do not make the request, here is the value. As per the docs. I suggest using default_server_name if you want a WK look-up