From 2f732e4234cba5db64e590edf08c9162822ef87a Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 19 Feb 2021 11:36:14 +0200
Subject: [PATCH] Update Synapse worker endpoints

---
 roles/matrix-synapse/vars/workers.yml | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml
index a3b50dc4..3adfd9c3 100644
--- a/roles/matrix-synapse/vars/workers.yml
+++ b/roles/matrix-synapse/vars/workers.yml
@@ -51,7 +51,6 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
-  - ^/_synapse/client/password_reset/email/submit_token$
 
   # Registration/login requests
   - ^/_matrix/client/(api/v1|r0|unstable)/login$
@@ -86,28 +85,33 @@ matrix_synapse_workers_generic_worker_endpoints:
   # to use SSO (you only need to include the ones for whichever SSO provider you're
   # using):
 
+  # for all SSO providers
+  # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
+  # ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect
+  # ^/_synapse/client/pick_idp$
+  # ^/_synapse/client/pick_username
+  # ^/_synapse/client/new_user_consent$
+  # ^/_synapse/client/sso_register$
+
   # OpenID Connect requests.
   # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
-  # ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect$
-  # ^/_synapse/oidc/callback$
+  # ^/_synapse/client/oidc/callback$
 
   # SAML requests.
   # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
-  # ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect$
-  # ^/_matrix/saml2/authn_response$
+  # ^/_synapse/client/saml2/authn_response$
 
   # CAS requests.
   # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
-  # ^/_matrix/client/(api/v1|r0|unstable)/login/(cas|sso)/redirect$
   # ^/_matrix/client/(api/v1|r0|unstable)/login/cas/ticket$
 
+  # Ensure that all SSO logins go to a single process.
+  # For multiple workers not handling the SSO endpoints properly, see
+  # [#7530](https://github.com/matrix-org/synapse/issues/7530).
+
   # Note that a HTTP listener with `client` and `federation` resources must be
   # configured in the `worker_listeners` option in the worker config.
 
-  # Ensure that all SSO logins go to a single process (usually the main process). 
-  # For multiple workers not handling the SSO endpoints properly, see
-  # [#7530](https://github.com/matrix-org/synapse/issues/7530).
-
   # #### Load balancing
 
   # It is possible to run multiple instances of this worker app, with incoming requests