From c28410b7362eafbe0639dc37d610c8036d899675 Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Sun, 1 Feb 2026 03:25:59 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20chore:=20enable=20OIDC=20for=20M?=
 =?UTF-8?q?atrix=20Synapse?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add SYNAPSE_OIDC_CLIENT_SECRET to mana-core-auth env
- Enable OIDC provider config in homeserver.yaml
- Add matrix.mana.how and element.mana.how to CORS origins

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 docker-compose.macmini.yml    |  3 ++-
 docker/matrix/homeserver.yaml | 43 +++++++++++++++++------------------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/docker-compose.macmini.yml b/docker-compose.macmini.yml
index 2bbb5d73b..0a92d933d 100644
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@@ -99,8 +99,9 @@ services:
       SMTP_USER: ${SMTP_USER:-94cde5002@smtp-brevo.com}
       SMTP_PASSWORD: ${SMTP_PASSWORD}
       SMTP_FROM: Mana <noreply@mana.how>
-      CORS_ORIGINS: https://mana.how,https://chat.mana.how,https://todo.mana.how,https://calendar.mana.how,https://clock.mana.how,https://contacts.mana.how,https://storage.mana.how,https://presi.mana.how,https://nutriphi.mana.how,https://skilltree.mana.how
+      CORS_ORIGINS: https://mana.how,https://chat.mana.how,https://todo.mana.how,https://calendar.mana.how,https://clock.mana.how,https://contacts.mana.how,https://storage.mana.how,https://presi.mana.how,https://nutriphi.mana.how,https://skilltree.mana.how,https://matrix.mana.how,https://element.mana.how
       DUCKDB_PATH: /data/analytics/metrics.duckdb
+      SYNAPSE_OIDC_CLIENT_SECRET: ${SYNAPSE_OIDC_CLIENT_SECRET:-}
     volumes:
       - analytics_data:/data/analytics
     ports:
diff --git a/docker/matrix/homeserver.yaml b/docker/matrix/homeserver.yaml
index 3139b14ae..d4608a5e4 100644
--- a/docker/matrix/homeserver.yaml
+++ b/docker/matrix/homeserver.yaml
@@ -193,28 +193,27 @@ run_background_tasks_on: synapse
 # OIDC / SSO Configuration (Mana Core Auth)
 # ============================================
 
-# TEMPORARILY DISABLED - Fix OIDC client registration first
 # Enable SSO via Mana Core Auth OIDC Provider
-# oidc_providers:
-#   - idp_id: manacore
-#     idp_name: "Mana Core"
-#     idp_brand: "org.matrix.custom"
-#     discover: true
-#     issuer: "https://auth.mana.how"
-#     client_id: "matrix-synapse"
-#     client_secret: "ms-1ac3cfdd636e4688c927aa36feb1dfa79d84da73099a1dd9c9ceacb79a77e7cd"
-#     scopes: ["openid", "profile", "email"]
-#     user_mapping_provider:
-#       config:
-#         subject_claim: "sub"
-#         localpart_template: "{{ user.email.split('@')[0] }}"
-#         display_name_template: "{{ user.name }}"
-#         email_template: "{{ user.email }}"
-#     allow_existing_users: true
-#     enable_registration: true
+oidc_providers:
+  - idp_id: manacore
+    idp_name: "Mana Core"
+    idp_brand: "org.matrix.custom"
+    discover: true
+    issuer: "https://auth.mana.how"
+    client_id: "matrix-synapse"
+    client_secret: "6dc67d2dbea5c19409d21cbaec5ba77265b0296796d4ebb015d70209c68f3fd5"
+    scopes: ["openid", "profile", "email"]
+    user_mapping_provider:
+      config:
+        subject_claim: "sub"
+        localpart_template: "{{ user.email.split('@')[0] }}"
+        display_name_template: "{{ user.name }}"
+        email_template: "{{ user.email }}"
+    allow_existing_users: true
+    enable_registration: true
 
 # SSO UI Settings
-# sso:
-#   client_whitelist:
-#     - "https://element.mana.how"
-#     - "https://matrix.mana.how"
+sso:
+  client_whitelist:
+    - "https://element.mana.how"
+    - "https://matrix.mana.how"