Description

Users that authenticate via oidc_provider do not have email notifications enabled by default, even though the server is configured correctly and they have an email address associated with their account.

The problem lies here, where access_token is set to None in post_registration_actions(). This leads to the call to _register_email_threepid() with a null access_token, which in turn causes the condition here to evaluate to false, thus preventing the email notification pusher from being added.

Steps to reproduce

• Configure Synapse to enable email notifications for new users: email.notif_for_new_users: true and email.enable_notifs: true.
• Log in a user for the first time using a custom oidc_provider (in our case Keycloak).
• Verify that they automatically have an email address associated with their account.
• Open the user settings and see that email notifications are disabled.

I expect the email notifications to be enabled upon first login.

Proposed Solution

One solution to this is to include LoginType.SSO in the auth_result object passed to the post_registration_actions() function here so that prior to the _register_email_threepid() call the access_token could be set to True if auth_result[LoginType.SSO] == True. (Disclaimer: I have not tried this to verify it is a good solution. The idea came from discussion with @kyrias.)

Version information

• Homeserver: independent self-hosted homeserver

If not matrix.org:

• Version: "server_version":"1.42.0", "python_version":"3.8.12"

• Install method: Docker image matrixdotorg/synapse:v1.42.0 (Helm chart: https://ananace.gitlab.io/charts/matrix-synapse:2.1.x)

• Platform: Kubernetes