From bb428d4b38f9b581bc1182d608cee13abaa94ee3 Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Fri, 30 Jan 2026 18:26:30 +0100
Subject: [PATCH] fix(mana-core-auth): add Matrix Synapse as trusted OIDC
 client

Configure Matrix Synapse as a trusted client that skips the consent screen.
This enables seamless SSO login without requiring user consent for each login.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../mana-core-auth/src/auth/better-auth.config.ts     | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/services/mana-core-auth/src/auth/better-auth.config.ts b/services/mana-core-auth/src/auth/better-auth.config.ts
index b0f413981..6d618fe1a 100644
--- a/services/mana-core-auth/src/auth/better-auth.config.ts
+++ b/services/mana-core-auth/src/auth/better-auth.config.ts
@@ -323,6 +323,17 @@ export function createBetterAuth(databaseUrl: string) {
 				metadata: {
 					issuer: process.env.BASE_URL || 'http://localhost:3001',
 				},
+				// Trusted clients that skip consent screen
+				// These clients are considered first-party and don't need user consent
+				trustedClients: [
+					{
+						clientId: 'matrix-synapse',
+						clientSecret: process.env.SYNAPSE_OIDC_CLIENT_SECRET || '',
+						name: 'Matrix Synapse',
+						redirectUrls: ['https://matrix.mana.how/_synapse/client/oidc/callback'],
+						skipConsent: true,
+					},
+				],
 			}),
 		],
 	});