Closed matrixbot closed 1 week ago
This comment was originally posted by @daniellekirkwood at https://github.com/matrix-org/matrix-authentication-service/issues/1582#issuecomment-1702413109.
A customer today was asking how one would make a user a Synapse Admin from within the Synapse Admin console -- this is possible when not using OIDC or when users are created not using OIDC. I think it's an extremely important feature (being able to toggle and control Synapse admin users from inside the synapse admin console).
Let me know how I can help here or what your expectations are of how we might handle this in the future (I'm not tied to a specific UI, just think it should be doable and today it isn't)
Thank you!
This comment was originally posted by @sandhose at https://github.com/matrix-org/matrix-authentication-service/issues/1582#issuecomment-1757589989.
Fixed by #1920
This issue was originally created by @hughns at https://github.com/matrix-org/matrix-authentication-service/issues/1582.
Currently a user can only allowed to be issued a
urn:synapse:admin
scope token from MAS by a setting in the YAML config.It should be possible to be able to read and change this at runtime using the GraphQL API.
A simple flag stored against the user is sufficient rather than some group capability.