Skip to content

Move oidc.load_metadata() startup into _base.start() #19056

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Nov 3, 2025
+11 −8
Merged

Move oidc.load_metadata() startup into _base.start() #19056

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
608a116
Move `oidc.load_metadata()` startup into `_base.start()`
MadLittleMods Oct 13, 2025
ac3a514
Describe specifics
MadLittleMods Oct 13, 2025
91c0685
More specific comment
MadLittleMods Oct 13, 2025
b142996
Add changelog
MadLittleMods Oct 13, 2025
f450a68
Use correct changelog number
MadLittleMods Oct 13, 2025
3385725
Merge branch 'develop' into madlittlemods/move-oidc-startup-metadata-…
MadLittleMods Oct 30, 2025
938f2ec
Merge branch 'develop' into madlittlemods/move-oidc-startup-metadata-…
MadLittleMods Oct 30, 2025
b0279b9
Merge branch 'develop' into madlittlemods/move-oidc-startup-metadata-…
MadLittleMods Oct 31, 2025
9960a39
Merge branch 'develop' into madlittlemods/move-oidc-startup-metadata-…
MadLittleMods Nov 3, 2025
89fd70f
Merge branch 'develop' into madlittlemods/move-oidc-startup-metadata-…
MadLittleMods Nov 3, 2025
bc8c429
Fix merge
MadLittleMods Nov 3, 2025
707b97c
Merge branch 'develop' into madlittlemods/move-oidc-startup-metadata-…
MadLittleMods Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions synapse/app/_base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,16 @@ def run_sighup(*args: Any, **kwargs: Any) -> None:
# Apply the cache config.
hs.config.caches.resize_all_caches()

# Load the OIDC provider metadatas, if OIDC is enabled.
if hs.config.oidc.oidc_enabled:
oidc = hs.get_oidc_handler()
# Loading the provider metadata also ensures the provider config is valid.
#
# FIXME: It feels a bit strange to validate and block on startup as one of these
# OIDC providers could be temporarily unavailable and cause Synapse to be unable
# to start.
await oidc.load_metadata()
Comment on lines +651 to +659
Copy link
Contributor Author

@MadLittleMods MadLittleMods Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Previously, this lived in synapse/app/homeserver.py -> setup() which is only for the SynapseHomeServer (main Synapse instance).

This has now moved to _base.start() which means it will run on workers and the main Synapse instance.

I can't really tell if this should be only be run on the main instance or not. Kinda feels like we should validate the provider config on any Synapse instance. This will cause every instance to contact the providers to fetch the metadata.

Copy link
Member

@sandhose sandhose Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm, the intent was to show any misconfiguration early, plus making sure that it was already loaded on the first login, but indeed blocking startup on this might not be the best. I'm fine with moving this to a background task and just logging, but if this is the case, we should probably put in the note that Synapse doesn't block startup on OIDC misconfiguration anymore?

This is also less important for servers delegating to MAS.

Copy link
Contributor Author

@MadLittleMods MadLittleMods Nov 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll leave moving this to a background task to a future PR.

Sounds like it's fine to call this on the main instance and workers ⏩


# Load the certificate from disk.
refresh_certificate(hs)

Expand Down
12 changes: 5 additions & 7 deletions synapse/app/homeserver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,13 +425,11 @@ def setup(
handle_startup_exception(e)

async def _start_when_reactor_running() -> None:
# TODO: Feels like this should be moved somewhere else.
#
# Load the OIDC provider metadatas, if OIDC is enabled.
if hs.config.oidc.oidc_enabled:
oidc = hs.get_oidc_handler()
# Loading the provider metadata also ensures the provider config is valid.
await oidc.load_metadata()
"""
Specific to the `SynapseHomeServer` (main homeserver process).

Should be called once the reactor is running.
"""

await _base.start(hs, freeze)

Expand Down
Loading