🔧 chore: enable OIDC for Matrix Synapse

- Add SYNAPSE_OIDC_CLIENT_SECRET to mana-core-auth env - Enable OIDC provider config in homeserver.yaml - Add matrix.mana.how and element.mana.how to CORS origins Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-14 21:21:10 +02:00 · 2026-02-01 03:25:59 +01:00 · 2026-02-01 03:25:59 +01:00 · c28410b736
commit c28410b736
parent cd28a83007
2 changed files with 23 additions and 23 deletions
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@ -99,8 +99,9 @@ services:
      SMTP_USER: ${SMTP_USER:-94cde5002@smtp-brevo.com}
      SMTP_PASSWORD: ${SMTP_PASSWORD}
      SMTP_FROM: Mana <noreply@mana.how>
-      CORS_ORIGINS: https://mana.how,https://chat.mana.how,https://todo.mana.how,https://calendar.mana.how,https://clock.mana.how,https://contacts.mana.how,https://storage.mana.how,https://presi.mana.how,https://nutriphi.mana.how,https://skilltree.mana.how
+      CORS_ORIGINS: https://mana.how,https://chat.mana.how,https://todo.mana.how,https://calendar.mana.how,https://clock.mana.how,https://contacts.mana.how,https://storage.mana.how,https://presi.mana.how,https://nutriphi.mana.how,https://skilltree.mana.how,https://matrix.mana.how,https://element.mana.how
      DUCKDB_PATH: /data/analytics/metrics.duckdb
+      SYNAPSE_OIDC_CLIENT_SECRET: ${SYNAPSE_OIDC_CLIENT_SECRET:-}
    volumes:
      - analytics_data:/data/analytics
    ports:
--- a/docker/matrix/homeserver.yaml
+++ b/docker/matrix/homeserver.yaml
@ -193,28 +193,27 @@ run_background_tasks_on: synapse
 # OIDC / SSO Configuration (Mana Core Auth)
 # ============================================

-# TEMPORARILY DISABLED - Fix OIDC client registration first
 # Enable SSO via Mana Core Auth OIDC Provider
-# oidc_providers:
-#   - idp_id: manacore
-#     idp_name: "Mana Core"
-#     idp_brand: "org.matrix.custom"
-#     discover: true
-#     issuer: "https://auth.mana.how"
-#     client_id: "matrix-synapse"
-#     client_secret: "ms-1ac3cfdd636e4688c927aa36feb1dfa79d84da73099a1dd9c9ceacb79a77e7cd"
-#     scopes: ["openid", "profile", "email"]
-#     user_mapping_provider:
-#       config:
-#         subject_claim: "sub"
-#         localpart_template: "{{ user.email.split('@')[0] }}"
-#         display_name_template: "{{ user.name }}"
-#         email_template: "{{ user.email }}"
-#     allow_existing_users: true
-#     enable_registration: true
+oidc_providers:
+  - idp_id: manacore
+    idp_name: "Mana Core"
+    idp_brand: "org.matrix.custom"
+    discover: true
+    issuer: "https://auth.mana.how"
+    client_id: "matrix-synapse"
+    client_secret: "6dc67d2dbea5c19409d21cbaec5ba77265b0296796d4ebb015d70209c68f3fd5"
+    scopes: ["openid", "profile", "email"]
+    user_mapping_provider:
+      config:
+        subject_claim: "sub"
+        localpart_template: "{{ user.email.split('@')[0] }}"
+        display_name_template: "{{ user.name }}"
+        email_template: "{{ user.email }}"
+    allow_existing_users: true
+    enable_registration: true

 # SSO UI Settings
-# sso:
-#   client_whitelist:
-#     - "https://element.mana.how"
-#     - "https://matrix.mana.how"
+sso:
+  client_whitelist:
+    - "https://element.mana.how"
+    - "https://matrix.mana.how"