From e23be443457fcf48056a705ef07c54063c604fba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Commaille?= <zecakeh@tedomum.fr>
Date: Thu, 16 Mar 2023 10:21:40 +0100
Subject: [PATCH] sdk: Store OIDC issuer as a String rather than a Url
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The url crate normalizes the string, but during OIDC verification steps,
the issuer verification must be made against the exact string that was
provided.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
---
 bindings/matrix-sdk-ffi/src/client.rs   | 2 +-
 crates/matrix-sdk/src/client/builder.rs | 7 +++----
 crates/matrix-sdk/src/client/mod.rs     | 4 ++--
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/bindings/matrix-sdk-ffi/src/client.rs b/bindings/matrix-sdk-ffi/src/client.rs
index ef28c730c..96c33168f 100644
--- a/bindings/matrix-sdk-ffi/src/client.rs
+++ b/bindings/matrix-sdk-ffi/src/client.rs
@@ -251,7 +251,7 @@ impl Client {
     /// The OIDC Provider that is trusted by the homeserver. `None` when
     /// not configured.
     pub async fn authentication_issuer(&self) -> Option<String> {
-        self.client.authentication_issuer().await.map(|server| server.to_string())
+        self.client.authentication_issuer().await
     }
 
     /// The sliding sync proxy that is trusted by the homeserver. `None` when
diff --git a/crates/matrix-sdk/src/client/builder.rs b/crates/matrix-sdk/src/client/builder.rs
index a4ec7370a..d9112b04c 100644
--- a/crates/matrix-sdk/src/client/builder.rs
+++ b/crates/matrix-sdk/src/client/builder.rs
@@ -378,7 +378,7 @@ impl ClientBuilder {
         let base_client = BaseClient::with_store_config(store_config);
         let http_client = HttpClient::new(inner_http_client.clone(), self.request_config);
 
-        let mut authentication_issuer: Option<Url> = None;
+        let mut authentication_issuer = None;
         #[cfg(feature = "experimental-sliding-sync")]
         let mut sliding_sync_proxy: Option<Url> = None;
         let homeserver = match homeserver_cfg {
@@ -402,9 +402,8 @@ impl ClientBuilder {
                         err => ClientBuildError::Http(err),
                     })?;
 
-                if let Some(issuer) = well_known.authentication.map(|auth| auth.issuer) {
-                    authentication_issuer = Url::parse(&issuer).ok();
-                }
+                authentication_issuer = well_known.authentication.map(|auth| auth.issuer);
+
                 #[cfg(feature = "experimental-sliding-sync")]
                 if let Some(proxy) = well_known.sliding_sync_proxy.map(|p| p.url) {
                     sliding_sync_proxy = Url::parse(&proxy).ok();
diff --git a/crates/matrix-sdk/src/client/mod.rs b/crates/matrix-sdk/src/client/mod.rs
index 5d44f88a2..fe4bf926a 100644
--- a/crates/matrix-sdk/src/client/mod.rs
+++ b/crates/matrix-sdk/src/client/mod.rs
@@ -145,7 +145,7 @@ pub(crate) struct ClientInner {
     /// The URL of the homeserver to connect to.
     homeserver: RwLock<Url>,
     /// The OIDC Provider that is trusted by the homeserver.
-    authentication_issuer: Option<RwLock<Url>>,
+    authentication_issuer: Option<RwLock<String>>,
     /// The sliding sync proxy that is trusted by the homeserver.
     #[cfg(feature = "experimental-sliding-sync")]
     sliding_sync_proxy: Option<RwLock<Url>>,
@@ -330,7 +330,7 @@ impl Client {
     }
 
     /// The OIDC Provider that is trusted by the homeserver.
-    pub async fn authentication_issuer(&self) -> Option<Url> {
+    pub async fn authentication_issuer(&self) -> Option<String> {
         let server = self.inner.authentication_issuer.as_ref()?;
         Some(server.read().await.clone())
     }