Make synapse-admin work with matrix-authentication-service

[xundeenergie]

Matrix-authrntication-service (MAS) is a real OIDC authentication system and you could authorize users with optional client-scope urn:synapse:admin:* to gain synapse admin privileges for a session to be able to use synapse-admin when MAS is configerd on a homeserver as auth-service.

Here is a referencing issue, what clients need. https://github.com/element-hq/matrix-authentication-service/issues/2187

And an upstream issue https://github.com/Awesome-Technologies/synapse-admin/issues/429

---

updated by maintainers

Temporary workaround - generate a correct access token using MAS CLI and use it with "access token" login in Synapse Admin:

mas-cli manage issue-compatibility-token --yes-i-want-to-grant-synapse-admin-privileges [username]

[sandhose]

We recently added a client implementation guide on areweoidcyet.com which should greatly help understand how the new login API work: https://areweoidcyet.com/client-implementation-guide/

The general API is very similar to m.login.sso, with some extra steps. The other difficulty might come from the fact that access tokens have a low TTL (5min by default) and need to be refreshed regularly.

[aine-etke]

Updated the issue's description to include access token workaround

[xundeenergie]

I tried this but the token does not work. Is there something to know, how to paste the token? Some quoting or make a json out of the output from mas-cli?