@unwanted/matrix-sdk-mini 34.13.0 → 36.0.1

package/lib/client.js

@@ -46,7 +46,7 @@ import { NotificationCountType } from "./models/room.js";
 import { EventType, LOCAL_NOTIFICATION_SETTINGS_PREFIX, MSC3912_RELATION_BASED_REDACTIONS_PROP, MsgType, PUSHER_ENABLED, RelationType, RoomCreateTypeField, RoomType, UNSTABLE_MSC3088_ENABLED, UNSTABLE_MSC3088_PURPOSE, UNSTABLE_MSC3089_TREE_SUBTYPE } from "./@types/event.js";
 import { GuestAccess, HistoryVisibility, Preset } from "./@types/partials.js";
 import { eventMapperFor } from "./event-mapper.js";
-import { randomString } from "./randomstring.js";
+import { secureRandomString } from "./randomstring.js";
 import { DEFAULT_TREE_POWER_LEVELS_TEMPLATE, MSC3089TreeSpace } from "./models/MSC3089TreeSpace.js";
 import { SearchOrderBy } from "./@types/search.js";
 import { PushRuleActionName, PushRuleKind } from "./@types/PushRules.js";
@@ -63,6 +63,7 @@ import { getRelationsThreadFilter } from "./thread-utils.js";
 import { KnownMembership } from "./@types/membership.js";
 import { ServerCapabilities } from "./serverCapabilities.js";
 import { sha256 } from "./digest.js";
+import { discoverAndValidateOIDCIssuerWellKnown, validateAuthMetadataAndKeys } from "./oidc/index.js";
 var SCROLLBACK_DELAY_MS = 3000;
 export var UNSTABLE_MSC3852_LAST_SEEN_UA = new UnstableValue("last_seen_user_agent", "org.matrix.msc3852.last_seen_user_agent");
 export var PendingEventOrdering = /*#__PURE__*/function (PendingEventOrdering) {
@@ -115,16 +116,13 @@ var SSO_ACTION_PARAM = new UnstableValue("action", "org.matrix.msc3824.action");
  */
 export class MatrixClient extends TypedEventEmitter {
   constructor(opts) {
-    var _opts$logger, _opts$usingExternalCr, _this;
+    var _opts$logger, _this;
     // If a custom logger is provided, use it. Otherwise, default to the global
     // one in logger.ts.
     super();
     _this = this;
     _defineProperty(this, "logger", void 0);
     _defineProperty(this, "reEmitter", new TypedReEmitter(this));
-    _defineProperty(this, "olmVersion", null);
-    // populated after initCrypto
-    _defineProperty(this, "usingExternalCrypto", false);
     _defineProperty(this, "_store", void 0);
     _defineProperty(this, "deviceId", void 0);
     _defineProperty(this, "credentials", void 0);
@@ -208,10 +206,9 @@ export class MatrixClient extends TypedEventEmitter {
     this.baseUrl = opts.baseUrl;
     this.idBaseUrl = opts.idBaseUrl;
     this.identityServer = opts.identityServer;
-    this.usingExternalCrypto = (_opts$usingExternalCr = opts.usingExternalCrypto) !== null && _opts$usingExternalCr !== void 0 ? _opts$usingExternalCr : false;
     this.store = opts.store || new StubStore();
     this.deviceId = opts.deviceId || null;
-    this.sessionId = randomString(10);
+    this.sessionId = secureRandomString(10);
     var userId = opts.userId || null;
     this.credentials = {
       userId
@@ -775,7 +772,7 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns The array of users that are ignored (empty if none)
    */
   getIgnoredUsers() {
-    var event = this.getAccountData("m.ignored_user_list");
+    var event = this.getAccountData(EventType.IgnoredUserList);
     if (!(event !== null && event !== void 0 && event.getContent()["ignored_users"])) return [];
     return Object.keys(event.getContent()["ignored_users"]);
   }
@@ -793,7 +790,7 @@ export class MatrixClient extends TypedEventEmitter {
     userIds.forEach(u => {
       content.ignored_users[u] = {};
     });
-    return this.setAccountData("m.ignored_user_list", content);
+    return this.setAccountData(EventType.IgnoredUserList, content);
   }
 
   /**
@@ -3338,8 +3335,7 @@ export class MatrixClient extends TypedEventEmitter {
       if (_room5) {
         // Copy over a known event sender if we can
         for (var ev of sr.context.getTimeline()) {
-          var sender = _room5.getMember(ev.getSender());
-          if (!ev.sender && sender) ev.sender = sender;
+          ev.setMetadata(_room5.currentState, false);
         }
       }
       searchResults.results.push(sr);
@@ -3835,7 +3831,7 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns A new client secret
    */
   generateClientSecret() {
-    return randomString(32);
+    return secureRandomString(32);
   }
 
   /**
@@ -4063,9 +4059,13 @@ export class MatrixClient extends TypedEventEmitter {
   /**
    * @returns Promise which resolves to a LoginResponse object
    * @returns Rejects: with an error response.
+   *
+   * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+   *    returned credentials. Instead, call {@link loginRequest} and create a new `MatrixClient` instance using the
+   *    results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
    */
   login(loginType, data) {
-    return this.http.authedRequest(Method.Post, "/login", undefined, _objectSpread(_objectSpread({}, data), {}, {
+    return this.loginRequest(_objectSpread(_objectSpread({}, data), {}, {
       type: loginType
     })).then(response => {
       if (response.access_token && response.user_id) {
@@ -4081,6 +4081,10 @@ export class MatrixClient extends TypedEventEmitter {
   /**
    * @returns Promise which resolves to a LoginResponse object
    * @returns Rejects: with an error response.
+   *
+   * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+   *   returned credentials. Instead, call {@link loginRequest} with `data.type: "m.login.password"`, and create a new
+   *   `MatrixClient` instance using the results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
    */
   loginWithPassword(user, password) {
     return this.login("m.login.password", {
@@ -4126,6 +4130,10 @@ export class MatrixClient extends TypedEventEmitter {
    * @param token - Login token previously received from homeserver
    * @returns Promise which resolves to a LoginResponse object
    * @returns Rejects: with an error response.
+   *
+   * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+   *   returned credentials. Instead, call {@link loginRequest} with `data.type: "m.login.token"`, and create a new
+   *   `MatrixClient` instance using the results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
    */
   loginWithToken(token) {
     return this.login("m.login.token", {
@@ -4133,6 +4141,23 @@ export class MatrixClient extends TypedEventEmitter {
     });
   }
 
+  /**
+   * Sends a `POST /login` request to the server.
+   *
+   * If successful, this will create a new device and access token for the user.
+   *
+   * @see {@link MatrixClient.loginFlows} which makes a `GET /login` request.
+   * @see https://spec.matrix.org/v1.13/client-server-api/#post_matrixclientv3login
+   *
+   * @param data - Credentials and other details for the login request.
+   */
+  loginRequest(data) {
+    var _this39 = this;
+    return _asyncToGenerator(function* () {
+      return yield _this39.http.authedRequest(Method.Post, "/login", undefined, data);
+    })();
+  }
+
   /**
    * Logs out the current session.
    * Obviously, further calls that require authorisation should fail after this
@@ -4144,14 +4169,14 @@ export class MatrixClient extends TypedEventEmitter {
    */
   logout() {
     var _arguments7 = arguments,
-      _this39 = this;
+      _this40 = this;
     return _asyncToGenerator(function* () {
       var stopClient = _arguments7.length > 0 && _arguments7[0] !== undefined ? _arguments7[0] : false;
       if (stopClient) {
-        _this39.stopClient();
-        _this39.http.abort();
+        _this40.stopClient();
+        _this40.http.abort();
       }
-      return _this39.http.authedRequest(Method.Post, "/logout");
+      return _this40.http.authedRequest(Method.Post, "/logout");
     })();
   }
 
@@ -4189,12 +4214,12 @@ export class MatrixClient extends TypedEventEmitter {
    * or UIA auth data.
    */
   requestLoginToken(auth) {
-    var _this40 = this;
+    var _this41 = this;
     return _asyncToGenerator(function* () {
       var body = {
         auth
       };
-      return _this40.http.authedRequest(Method.Post, "/login/get_token", undefined,
+      return _this41.http.authedRequest(Method.Post, "/login/get_token", undefined,
       // no query params
       body, {
         prefix: ClientPrefix.V1
@@ -4226,23 +4251,23 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: with an error response.
    */
   createRoom(options) {
-    var _this41 = this;
+    var _this42 = this;
     return _asyncToGenerator(function* () {
-      var _this41$identityServe;
+      var _this42$identityServe;
       // eslint-disable-line camelcase
       // some valid options include: room_alias_name, visibility, invite
 
       // inject the id_access_token if inviting 3rd party addresses
       var invitesNeedingToken = (options.invite_3pid || []).filter(i => !i.id_access_token);
-      if (invitesNeedingToken.length > 0 && (_this41$identityServe = _this41.identityServer) !== null && _this41$identityServe !== void 0 && _this41$identityServe.getAccessToken) {
-        var identityAccessToken = yield _this41.identityServer.getAccessToken();
+      if (invitesNeedingToken.length > 0 && (_this42$identityServe = _this42.identityServer) !== null && _this42$identityServe !== void 0 && _this42$identityServe.getAccessToken) {
+        var identityAccessToken = yield _this42.identityServer.getAccessToken();
         if (identityAccessToken) {
           for (var invite of invitesNeedingToken) {
             invite.id_access_token = identityAccessToken;
           }
         }
       }
-      return _this41.http.authedRequest(Method.Post, "/createRoom", undefined, options);
+      return _this42.http.authedRequest(Method.Post, "/createRoom", undefined, options);
     })();
   }
 
@@ -4426,7 +4451,7 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Promise which resolves: the empty object, `{}`.
    */
   setRoomReadMarkersHttpRequest(roomId, rmEventId, rrEventId, rpEventId) {
-    var _this42 = this;
+    var _this43 = this;
     return _asyncToGenerator(function* () {
       var path = utils.encodeUri("/rooms/$roomId/read_markers", {
         $roomId: roomId
@@ -4435,10 +4460,10 @@ export class MatrixClient extends TypedEventEmitter {
         [ReceiptType.FullyRead]: rmEventId,
         [ReceiptType.Read]: rrEventId
       };
-      if ((yield _this42.doesServerSupportUnstableFeature("org.matrix.msc2285.stable")) || (yield _this42.isVersionSupported("v1.4"))) {
+      if ((yield _this43.doesServerSupportUnstableFeature("org.matrix.msc2285.stable")) || (yield _this43.isVersionSupported("v1.4"))) {
         content[ReceiptType.ReadPrivate] = rpEventId;
       }
-      return _this42.http.authedRequest(Method.Post, path, undefined, content);
+      return _this43.http.authedRequest(Method.Post, path, undefined, content);
     })();
   }
 
@@ -4671,9 +4696,9 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns `true` if supported, otherwise `false`
    */
   doesServerSupportExtendedProfiles() {
-    var _this43 = this;
+    var _this44 = this;
     return _asyncToGenerator(function* () {
-      return _this43.doesServerSupportUnstableFeature(UNSTABLE_MSC4133_EXTENDED_PROFILES);
+      return _this44.doesServerSupportUnstableFeature(UNSTABLE_MSC4133_EXTENDED_PROFILES);
     })();
   }
 
@@ -4683,9 +4708,9 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns The prefix for use with `authedRequest`
    */
   getExtendedProfileRequestPrefix() {
-    var _this44 = this;
+    var _this45 = this;
     return _asyncToGenerator(function* () {
-      if (yield _this44.doesServerSupportUnstableFeature("uk.tcpip.msc4133.stable")) {
+      if (yield _this45.doesServerSupportUnstableFeature("uk.tcpip.msc4133.stable")) {
         return ClientPrefix.V3;
       }
       return "/_matrix/client/unstable/uk.tcpip.msc4133";
@@ -4703,15 +4728,15 @@ export class MatrixClient extends TypedEventEmitter {
    * @throws A M_NOT_FOUND error if the profile could not be found.
    */
   getExtendedProfile(userId) {
-    var _this45 = this;
+    var _this46 = this;
     return _asyncToGenerator(function* () {
-      if (!(yield _this45.doesServerSupportExtendedProfiles())) {
+      if (!(yield _this46.doesServerSupportExtendedProfiles())) {
         throw new Error("Server does not support extended profiles");
       }
-      return _this45.http.authedRequest(Method.Get, utils.encodeUri("/profile/$userId", {
+      return _this46.http.authedRequest(Method.Get, utils.encodeUri("/profile/$userId", {
         $userId: userId
       }), undefined, undefined, {
-        prefix: yield _this45.getExtendedProfileRequestPrefix()
+        prefix: yield _this46.getExtendedProfileRequestPrefix()
       });
     })();
   }
@@ -4728,16 +4753,16 @@ export class MatrixClient extends TypedEventEmitter {
    * @throws A M_NOT_FOUND error if the key was not set OR the profile could not be found.
    */
   getExtendedProfileProperty(userId, key) {
-    var _this46 = this;
+    var _this47 = this;
     return _asyncToGenerator(function* () {
-      if (!(yield _this46.doesServerSupportExtendedProfiles())) {
+      if (!(yield _this47.doesServerSupportExtendedProfiles())) {
         throw new Error("Server does not support extended profiles");
       }
-      var profile = yield _this46.http.authedRequest(Method.Get, utils.encodeUri("/profile/$userId/$key", {
+      var profile = yield _this47.http.authedRequest(Method.Get, utils.encodeUri("/profile/$userId/$key", {
         $userId: userId,
         $key: key
       }), undefined, undefined, {
-        prefix: yield _this46.getExtendedProfileRequestPrefix()
+        prefix: yield _this47.getExtendedProfileRequestPrefix()
       });
       return profile[key];
     })();
@@ -4753,19 +4778,19 @@ export class MatrixClient extends TypedEventEmitter {
    * @throws An error if the server does not support MSC4133 OR the server disallows editing the user profile.
    */
   setExtendedProfileProperty(key, value) {
-    var _this47 = this;
+    var _this48 = this;
     return _asyncToGenerator(function* () {
-      if (!(yield _this47.doesServerSupportExtendedProfiles())) {
+      if (!(yield _this48.doesServerSupportExtendedProfiles())) {
         throw new Error("Server does not support extended profiles");
       }
-      var userId = _this47.getUserId();
-      yield _this47.http.authedRequest(Method.Put, utils.encodeUri("/profile/$userId/$key", {
+      var userId = _this48.getUserId();
+      yield _this48.http.authedRequest(Method.Put, utils.encodeUri("/profile/$userId/$key", {
         $userId: userId,
         $key: key
       }), undefined, {
         [key]: value
       }, {
-        prefix: yield _this47.getExtendedProfileRequestPrefix()
+        prefix: yield _this48.getExtendedProfileRequestPrefix()
       });
     })();
   }
@@ -4779,17 +4804,17 @@ export class MatrixClient extends TypedEventEmitter {
    * @throws An error if the server does not support MSC4133 OR the server disallows editing the user profile.
    */
   deleteExtendedProfileProperty(key) {
-    var _this48 = this;
+    var _this49 = this;
     return _asyncToGenerator(function* () {
-      if (!(yield _this48.doesServerSupportExtendedProfiles())) {
+      if (!(yield _this49.doesServerSupportExtendedProfiles())) {
         throw new Error("Server does not support extended profiles");
       }
-      var userId = _this48.getUserId();
-      yield _this48.http.authedRequest(Method.Delete, utils.encodeUri("/profile/$userId/$key", {
+      var userId = _this49.getUserId();
+      yield _this49.http.authedRequest(Method.Delete, utils.encodeUri("/profile/$userId/$key", {
         $userId: userId,
         $key: key
       }), undefined, undefined, {
-        prefix: yield _this48.getExtendedProfileRequestPrefix()
+        prefix: yield _this49.getExtendedProfileRequestPrefix()
       });
     })();
   }
@@ -4805,16 +4830,16 @@ export class MatrixClient extends TypedEventEmitter {
    * @throws An error if the server does not support MSC4133 OR the server disallows editing the user profile.
    */
   patchExtendedProfile(profile) {
-    var _this49 = this;
+    var _this50 = this;
     return _asyncToGenerator(function* () {
-      if (!(yield _this49.doesServerSupportExtendedProfiles())) {
+      if (!(yield _this50.doesServerSupportExtendedProfiles())) {
         throw new Error("Server does not support extended profiles");
       }
-      var userId = _this49.getUserId();
-      return _this49.http.authedRequest(Method.Patch, utils.encodeUri("/profile/$userId", {
+      var userId = _this50.getUserId();
+      return _this50.http.authedRequest(Method.Patch, utils.encodeUri("/profile/$userId", {
         $userId: userId
       }), {}, profile, {
-        prefix: yield _this49.getExtendedProfileRequestPrefix()
+        prefix: yield _this50.getExtendedProfileRequestPrefix()
       });
     })();
   }
@@ -4829,16 +4854,16 @@ export class MatrixClient extends TypedEventEmitter {
    * @throws An error if the server does not support MSC4133 OR the server disallows editing the user profile.
    */
   setExtendedProfile(profile) {
-    var _this50 = this;
+    var _this51 = this;
     return _asyncToGenerator(function* () {
-      if (!(yield _this50.doesServerSupportExtendedProfiles())) {
+      if (!(yield _this51.doesServerSupportExtendedProfiles())) {
         throw new Error("Server does not support extended profiles");
       }
-      var userId = _this50.getUserId();
-      yield _this50.http.authedRequest(Method.Put, utils.encodeUri("/profile/$userId", {
+      var userId = _this51.getUserId();
+      yield _this51.http.authedRequest(Method.Put, utils.encodeUri("/profile/$userId", {
         $userId: userId
       }), {}, profile, {
-        prefix: yield _this50.getExtendedProfileRequestPrefix()
+        prefix: yield _this51.getExtendedProfileRequestPrefix()
       });
     })();
   }
@@ -4861,10 +4886,10 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: with an error response.
    */
   addThreePidOnly(data) {
-    var _this51 = this;
+    var _this52 = this;
     return _asyncToGenerator(function* () {
       var path = "/account/3pid/add";
-      return _this51.http.authedRequest(Method.Post, path, undefined, data);
+      return _this52.http.authedRequest(Method.Post, path, undefined, data);
     })();
   }
 
@@ -4880,10 +4905,10 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: with an error response.
    */
   bindThreePid(data) {
-    var _this52 = this;
+    var _this53 = this;
     return _asyncToGenerator(function* () {
       var path = "/account/3pid/bind";
-      return _this52.http.authedRequest(Method.Post, path, undefined, data);
+      return _this53.http.authedRequest(Method.Post, path, undefined, data);
     })();
   }
 
@@ -4901,15 +4926,15 @@ export class MatrixClient extends TypedEventEmitter {
   unbindThreePid(medium, address
   // eslint-disable-next-line camelcase
   ) {
-    var _this53 = this;
+    var _this54 = this;
     return _asyncToGenerator(function* () {
       var path = "/account/3pid/unbind";
       var data = {
         medium,
         address,
-        id_server: _this53.getIdentityServerUrl(true)
+        id_server: _this54.getIdentityServerUrl(true)
       };
-      return _this53.http.authedRequest(Method.Post, path, undefined, data);
+      return _this54.http.authedRequest(Method.Post, path, undefined, data);
     })();
   }
 
@@ -5031,13 +5056,13 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: with an error response.
    */
   getPushers() {
-    var _this54 = this;
+    var _this55 = this;
     return _asyncToGenerator(function* () {
-      var response = yield _this54.http.authedRequest(Method.Get, "/pushers");
+      var response = yield _this55.http.authedRequest(Method.Get, "/pushers");
 
       // Migration path for clients that connect to a homeserver that does not support
       // MSC3881 yet, see https://github.com/matrix-org/matrix-spec-proposals/blob/kerry/remote-push-toggle/proposals/3881-remote-push-notification-toggling.md#migration
-      if (!(yield _this54.doesServerSupportUnstableFeature("org.matrix.msc3881"))) {
+      if (!(yield _this55.doesServerSupportUnstableFeature("org.matrix.msc3881"))) {
         response.pushers = response.pushers.map(pusher => {
           if (!pusher.hasOwnProperty(PUSHER_ENABLED.name)) {
             pusher[PUSHER_ENABLED.name] = true;
@@ -5377,7 +5402,7 @@ export class MatrixClient extends TypedEventEmitter {
    * found MXIDs. Results where no user could be found will not be listed.
    */
   identityHashedLookup(addressPairs, identityAccessToken) {
-    var _this55 = this;
+    var _this56 = this;
     return _asyncToGenerator(function* () {
       var params = {
         // addresses: ["email@example.org", "10005550000"],
@@ -5386,7 +5411,7 @@ export class MatrixClient extends TypedEventEmitter {
       };
 
       // Get hash information first before trying to do a lookup
-      var hashes = yield _this55.getIdentityHashDetails(identityAccessToken);
+      var hashes = yield _this56.getIdentityHashDetails(identityAccessToken);
       if (!hashes || !hashes["lookup_pepper"] || !hashes["algorithms"]) {
         throw new Error("Unsupported identity server: bad response");
       }
@@ -5429,7 +5454,7 @@ export class MatrixClient extends TypedEventEmitter {
       } else {
         throw new Error("Unsupported identity server: unknown hash algorithm");
       }
-      var response = yield _this55.http.idServerRequest(Method.Post, "/lookup", params, IdentityPrefix.V2, identityAccessToken);
+      var response = yield _this56.http.idServerRequest(Method.Post, "/lookup", params, IdentityPrefix.V2, identityAccessToken);
       if (!(response !== null && response !== void 0 && response["mappings"])) return []; // no results
 
       var foundAddresses = [];
@@ -5463,12 +5488,12 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: with an error response.
    */
   lookupThreePid(medium, address, identityAccessToken) {
-    var _this56 = this;
+    var _this57 = this;
     return _asyncToGenerator(function* () {
       // Note: we're using the V2 API by calling this function, but our
       // function contract requires a V1 response. We therefore have to
       // convert it manually.
-      var response = yield _this56.identityHashedLookup([[address, medium]], identityAccessToken);
+      var response = yield _this57.identityHashedLookup([[address, medium]], identityAccessToken);
       var result = response.find(p => p.address === address);
       if (!result) {
         return {};
@@ -5500,12 +5525,12 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: with an error response.
    */
   bulkLookupThreePids(query, identityAccessToken) {
-    var _this57 = this;
+    var _this58 = this;
     return _asyncToGenerator(function* () {
       // Note: we're using the V2 API by calling this function, but our
       // function contract requires a V1 response. We therefore have to
       // convert it manually.
-      var response = yield _this57.identityHashedLookup(
+      var response = yield _this58.identityHashedLookup(
       // We have to reverse the query order to get [address, medium] pairs
       query.map(p => [p[1], p[0]]), identityAccessToken);
       var v1results = [];
@@ -5706,16 +5731,16 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Promise which resolves to the created space.
    */
   unstableCreateFileTree(name) {
-    var _this58 = this;
+    var _this59 = this;
     return _asyncToGenerator(function* () {
       var {
         room_id: roomId
-      } = yield _this58.createRoom({
+      } = yield _this59.createRoom({
         name: name,
         preset: Preset.PrivateChat,
         power_level_content_override: _objectSpread(_objectSpread({}, DEFAULT_TREE_POWER_LEVELS_TEMPLATE), {}, {
           users: {
-            [_this58.getUserId()]: 100
+            [_this59.getUserId()]: 100
           }
         }),
         creation_content: {
@@ -5729,7 +5754,7 @@ export class MatrixClient extends TypedEventEmitter {
           }
         }]
       });
-      return new MSC3089TreeSpace(_this58, roomId);
+      return new MSC3089TreeSpace(_this59, roomId);
     })();
   }
 
@@ -5806,7 +5831,7 @@ export class MatrixClient extends TypedEventEmitter {
    * @param via - The list of servers which know about the room if only an ID was provided.
    */
   getRoomSummary(roomIdOrAlias, via) {
-    var _this59 = this;
+    var _this60 = this;
     return _asyncToGenerator(function* () {
       var paramOpts = {
         prefix: "/_matrix/client/unstable/im.nheko.summary"
@@ -5815,7 +5840,7 @@ export class MatrixClient extends TypedEventEmitter {
         var path = utils.encodeUri("/summary/$roomid", {
           $roomid: roomIdOrAlias
         });
-        return yield _this59.http.authedRequest(Method.Get, path, {
+        return yield _this60.http.authedRequest(Method.Get, path, {
           via
         }, undefined, paramOpts);
       } catch (e) {
@@ -5823,7 +5848,7 @@ export class MatrixClient extends TypedEventEmitter {
           var _path = utils.encodeUri("/rooms/$roomid/summary", {
             $roomid: roomIdOrAlias
           });
-          return yield _this59.http.authedRequest(Method.Get, _path, {
+          return yield _this60.http.authedRequest(Method.Get, _path, {
             via
           }, undefined, paramOpts);
         } else {
@@ -5875,9 +5900,9 @@ export class MatrixClient extends TypedEventEmitter {
    * Fetches information about the user for the configured access token.
    */
   whoami() {
-    var _this60 = this;
+    var _this61 = this;
     return _asyncToGenerator(function* () {
-      return _this60.http.authedRequest(Method.Get, "/account/whoami");
+      return _this61.http.authedRequest(Method.Get, "/account/whoami");
     })();
   }
 
@@ -5888,7 +5913,7 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Rejects: when the request fails (module:http-api.MatrixError)
    */
   timestampToEvent(roomId, timestamp, dir) {
-    var _this61 = this;
+    var _this62 = this;
     return _asyncToGenerator(function* () {
       var path = utils.encodeUri("/rooms/$roomId/timestamp_to_event", {
         $roomId: roomId
@@ -5898,7 +5923,7 @@ export class MatrixClient extends TypedEventEmitter {
         dir: dir
       };
       try {
-        return yield _this61.http.authedRequest(Method.Get, path, queryParams, undefined, {
+        return yield _this62.http.authedRequest(Method.Get, path, queryParams, undefined, {
           prefix: ClientPrefix.V1
         });
       } catch (err) {
@@ -5914,7 +5939,7 @@ export class MatrixClient extends TypedEventEmitter {
         // both indicate that this endpoint+verb combination is
         // not supported.
         err.httpStatus === 404 || err.httpStatus === 405)) {
-          return yield _this61.http.authedRequest(Method.Get, path, queryParams, undefined, {
+          return yield _this62.http.authedRequest(Method.Get, path, queryParams, undefined, {
             prefix: "/_matrix/client/unstable/org.matrix.msc3030"
           });
         }
@@ -5928,15 +5953,48 @@ export class MatrixClient extends TypedEventEmitter {
    * @returns Resolves: A promise of an object containing the OIDC issuer if configured
    * @returns Rejects: when the request fails (module:http-api.MatrixError)
    * @experimental - part of MSC2965
+   * @deprecated in favour of getAuthMetadata
    */
   getAuthIssuer() {
-    var _this62 = this;
+    var _this63 = this;
     return _asyncToGenerator(function* () {
-      return _this62.http.request(Method.Get, "/auth_issuer", undefined, undefined, {
+      return _this63.http.request(Method.Get, "/auth_issuer", undefined, undefined, {
         prefix: ClientPrefix.Unstable + "/org.matrix.msc2965"
       });
     })();
   }
+
+  /**
+   * Discover and validate delegated auth configuration
+   * - delegated auth issuer openid-configuration is reachable
+   * - delegated auth issuer openid-configuration is configured correctly for us
+   * Fetches /auth_metadata falling back to legacy implementation using /auth_issuer followed by
+   * https://oidc-issuer.example.com/.well-known/openid-configuration and other files linked therein.
+   * When successful, validated metadata is returned
+   * @returns validated authentication metadata and optionally signing keys
+   * @throws when delegated auth config is invalid or unreachable
+   * @experimental - part of MSC2965
+   */
+  getAuthMetadata() {
+    var _this64 = this;
+    return _asyncToGenerator(function* () {
+      var authMetadata;
+      try {
+        authMetadata = yield _this64.http.request(Method.Get, "/auth_metadata", undefined, undefined, {
+          prefix: ClientPrefix.Unstable + "/org.matrix.msc2965"
+        });
+      } catch (e) {
+        if (e instanceof MatrixError && e.errcode === "M_UNRECOGNIZED") {
+          var {
+            issuer
+          } = yield _this64.getAuthIssuer();
+          return discoverAndValidateOIDCIssuerWellKnown(issuer);
+        }
+        throw e;
+      }
+      return validateAuthMetadataAndKeys(authMetadata);
+    })();
+  }
 }
 _defineProperty(MatrixClient, "RESTORE_BACKUP_ERROR_BAD_KEY", "RESTORE_BACKUP_ERROR_BAD_KEY");
 function getUnstableDelayQueryOpts(delayOpts) {