diff --git a/src/domain/login/StartOIDCLoginViewModel.js b/src/domain/login/StartOIDCLoginViewModel.js index e70a7487..d6424f74 100644 --- a/src/domain/login/StartOIDCLoginViewModel.js +++ b/src/domain/login/StartOIDCLoginViewModel.js @@ -42,12 +42,13 @@ export class StartOIDCLoginViewModel extends ViewModel { async discover() { // Ask for the metadata once so it gets discovered and cached await this._api.metadata() - await this._api.ensureRegistered(); + await this._api.registration(); } async startOIDCLogin() { + const deviceScope = this._api.generateDeviceScope(); const p = this._api.generateParams({ - scope: "openid", + scope: `openid ${deviceScope}`, redirectUri: this.urlCreator.createOIDCRedirectURL(), }); const clientId = await this._api.clientId(); diff --git a/src/matrix/net/OidcApi.ts b/src/matrix/net/OidcApi.ts index 57168622..b8d459b3 100644 --- a/src/matrix/net/OidcApi.ts +++ b/src/matrix/net/OidcApi.ts @@ -203,6 +203,11 @@ export class OidcApi { return metadata["registration_endpoint"]; } + generateDeviceScope(): String { + const deviceId = randomString(10); + return `urn:matrix:device:${deviceId}`; + } + generateParams({ scope, redirectUri }: { scope: string, redirectUri: string }): AuthorizationParams { return { scope,