/_synapse/admin/v1/register ignores refresh_token

[cvwright]

Description

The admin API endpoint for registering users works almost just like the register client-server /register endpoint. However, it does not create a refreshable access token when one is requested.

The fix appears to be to change this call

synapse/synapse/rest/admin/users.py

Line 648 in 43d1aa7

result = await register._create_registration_details(user_id, body)

To something like this

should_issue_refresh_token = body.get("refresh_token", False)

result = await register._create_registration_details(user_id, body, should_issue_refresh_token=should_issue_refresh_token)

Steps to reproduce

• Make up a new username and password
• Get a nonce from GET /_synapse/admin/v1/register
• Compute the mac for your username, password, and nonce
• Send a request to POST /_synapse/admin/v1/register with valid username, password, nonce, and mac, and with refresh_token: true in the JSON body
• Observe that there is no refresh_token or expires_in_ms in the response body

Homeserver

Circles dev homeserver

Synapse Version

1.94.0

Installation Method

Docker (matrixdotorg/synapse)

Database

single PostgreSQL server

Workers

Multiple workers

Platform

Debian 12.2 x86, AMD EPYC, Hetzner cloud

Configuration

No response

Relevant log output

n/a

Anything else that would be useful to know?

No response

[cvwright]

Closed in #16642