From e5804c4203fc171995c7d540ac52c6970a962c36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Beno=C3=AEt=20Grimaldi?=
 <jbenoit.grimaldi+github@gmail.com>
Date: Mon, 30 Mar 2026 19:11:33 +0200
Subject: [PATCH] fix(mas): Don't fail if OpenID connect is setup in synapse
 while upgrading to MAS

---
 roles/custom/matrix-synapse/tasks/validate_config.yml           | 2 +-
 .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml
index 47df0834b..000e91fd6 100644
--- a/roles/custom/matrix-synapse/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/validate_config.yml
@@ -210,7 +210,7 @@
 - name: Fail if OpenID Connect is enabled for Synapse when auth is delegated to Matrix Authentication Service
   ansible.builtin.fail:
     msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable OpenID Connect (`matrix_synapse_oidc_enabled: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."
-  when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_oidc_enabled
+  when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_oidc_enabled and not matrix_authentication_service_migration_in_progress
 
 - name: Fail if CAS config is enabled for Synapse when auth is delegated to Matrix Authentication Service
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 25585fafd..f5d85d328 100644
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -2987,7 +2987,7 @@ background_updates:
     #default_batch_size: 50
 
 
-{% if matrix_synapse_matrix_authentication_service_enabled %}
+{% if matrix_synapse_matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress %}
 matrix_authentication_service:
   enabled: true
   endpoint: {{ matrix_synapse_matrix_authentication_service_endpoint | to_json }}