Description:

I have moved my users to SSO via OIDC. The user accounts previously existed on synapse and I do not want the users to be confused by any remnants of the native synapse account. I have therefore disabled local passwords in the password_config section of synapse's homeserver.yaml - enabled: false in addition to configuring the oidc_provider.

However, when a user logs in to synapse from element-web or element-desktop, they are still shown UI elements for changing their (local synapse) password. Trying to do this leads to an error.

From element-hq/element-web#16499, I learned that the clients are responding to the capabilities passed by synapse - in this case because they receive enabled: true for the parameter m.change_password in their capabilities query.

From the Synapse Admins room on matrix, I learned that enabled:true is sent whenever there is a password hash present in the database (which in my case there is, as the users previously authenticated against the local DB) - see here

The feature request is that enabled:false is sent for the capability m.change_password whenever the config option password_config.enabled is set to false in homeserver.yaml.