While implementing OAuth login in Continuwuity, I discovered that reset_cross_signing, and specifically OAuthCrossSigningResetInfo, does not track the necessary data to correctly perform user-interactive authentication when uploading cross-signing keys if the server returns a flow with a m.oauth stage. Because OAuthCrossSigningResetInfo only contains the reset URL, handle.auth can't be called with an AuthData struct containing a session property, and therefore the SDK will repeatedly start new UIA sessions instead of checking if the existing session has succeeded. Because Synapse does not track sessions for OAuth clients, this will work fine with Synapse, but it doesn't comply with the spec and doesn't work with Continuwuity.
While implementing OAuth login in Continuwuity, I discovered that
reset_cross_signing, and specificallyOAuthCrossSigningResetInfo, does not track the necessary data to correctly perform user-interactive authentication when uploading cross-signing keys if the server returns a flow with am.oauthstage. BecauseOAuthCrossSigningResetInfoonly contains the reset URL,handle.authcan't be called with anAuthDatastruct containing asessionproperty, and therefore the SDK will repeatedly start new UIA sessions instead of checking if the existing session has succeeded. Because Synapse does not track sessions for OAuth clients, this will work fine with Synapse, but it doesn't comply with the spec and doesn't work with Continuwuity.