synapse: Support configuring login via oidc provider

roles/synapse/defaults/main.yaml

@@ -18,3 +18,4 @@ synapse_auto_accept_invites:
 synapse_auto_join_rooms: []
 
 synapse_smtp_server: ""
+synapse_oidc_provider_client_id: ""

roles/synapse/meta/argument_specs.yaml

@@ -88,6 +88,29 @@ argument_specs:
         default: []
         elements: str
 
+      synapse_oidc_provider_client_id:
+        type: str
+        required: false
+        default: ""
+      synapse_oidc_provider_name:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: str
+      synapse_oidc_provider_client_secret:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: str
+      synapse_oidc_provider_issuer:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: str
+      synapse_oidc_provider_scope:
+        description: Required if synapse_oidc_provider_client_id is set
+        type: list
+        elements: str
+      synapse_oidc_provider_mas_claims_imports:
+        description:
+          - Passed to matrix authentication service.
+          - See https://element-hq.github.io/matrix-authentication-service/setup/sso.html#user-attributes-mapping
+        type: dict
+
       synapse_postgres_tag:
         description: Postgres tag to use for synapse postgres container
         type: str

roles/synapse/tasks/main.yaml

@@ -75,3 +75,10 @@
     matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
     matrix_authentication_service_email_smtp_password: "{{ synapse_email_smtp_password }}"
     matrix_authentication_service_email_from: "{{ synapse_email_from | replace('%(app)s', synapse_email_app_name) }}"
+
+    matrix_authentication_service_upstream_oauth2_client_id: "{{ synapse_oidc_provider_client_id }}"
+    matrix_authentication_service_upstream_oauth2_client_secret: "{{ synapse_oidc_provider_client_secret }}"
+    matrix_authentication_service_upstream_oauth2_issuer: "{{ synapse_oidc_provider_issuer }}"
+    matrix_authentication_service_upstream_oauth2_scope: "{{ synapse_oidc_provider_scopes | join(' ') }}"
+    matrix_authentication_service_upstream_oauth2_claims_imports: "{{ synapse_oidc_provider_mas_claims_imports }}"
+    matrix_authentication_service_upstream_oauth2_human_name: "{{ synapse_oidc_provider_name }}"