feat(oauth): add flow for logging in using a QR code generated on the logged out device

[Johennes]

This pull request is a step towards adding the complementary QR login variant where the new device is the one generating the QR code and the existing device is the one scanning the QR code. Only the establishment of the secure channel and the completion of the login by the new device are covered in this change.

Naming feels really hard here. The new identifiers are all prefixed Generated.... We could prefix the existing identifiers Scanned... but I haven't bothered doing this yet in case someone has better ideas.

• Public API changes documented in changelogs (optional)

[codecov]

Codecov Report

❌ Patch coverage is 90.68736% with 42 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.44%. Comparing base (ef440ee) to head (1383ff8).
⚠️ Report is 62 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...atrix-sdk/src/authentication/oauth/qrcode/login.rs	91.19%	20 Missing and 17 partials ⚠️
crates/matrix-sdk/src/client/mod.rs	66.66%	1 Missing and 3 partials ⚠️
.../src/authentication/oauth/qrcode/secure_channel.rs	90.90%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5711      +/-   ##
==========================================
+ Coverage   88.43%   88.44%   +0.01%     
==========================================
  Files         360      360              
  Lines       99770   100214     +444     
  Branches    99770   100214     +444     
==========================================
+ Hits        88232    88637     +405     
- Misses       7402     7419      +17     
- Partials     4136     4158      +22     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[codspeed-hq]

CodSpeed Performance Report

Merging #5711 will not alter performance

_{Comparing Johennes:johannes/qr-login-1 (1383ff8) with main (a11daf2)}

Summary

✅ 50 untouched

[poljar]

Could we split this PR up a bit?

• Commit 1 is an easy code move.
• Commit 2 is a breaking change lacking a changelog entry
• Commit 3 is a breaking change lacking a changelog entry and a motivation in the commit message.
• Commit 4 is the meat of the PR.

Ideally we would merge 1-3 as separate PRs and then discuss 4 in a more detailed manner.

[Johennes]

Ok, sure. I'll put this one back into draft until the others have landed.

[Johennes]

This is now reduced to the formerly last commit with the previous ones having landed on main.

[poljar]

Ok, this looks mostly good though needs a bit more work.

I'd like to change the public API a bit so we don't increase the number of methods.

The biggest problem is that the login is broken if the client chooses to use a default homeserver for the rendezvous.

[Johennes]

Sorry, took me a bit longer to address everything and unbreak the CI. Should be ready for re-review now.

[poljar]

There's still a step missing when we replace the homeserver.

But I think that this is good to go after we add the last step.

[poljar]

Don't we need to throw an error here, otherwise this turns into a no-op if we can't parse the URL.

Am I missing something?

[Johennes]

Hm, I think you're right. I guess that should throw in maybe_update_login_well_known, too, then?

[Johennes]

Stopped swallowing the error in this method with 1383ff8.

[poljar]

maybe_update_login_well_known sounds like a best effort method, so it might be fine there.

Though looking at the place where it's used it might make more sense to error out there as well.

[poljar]

Alright, this looks good now. Thanks for patiently working on this.

I know it's a bit slow and annoying but looking at the resulting code/docs/comments I think it was very much worth it.

Let me know if you'd like to clean up the history or if I should just squash merge.

[Johennes]

I know it's a bit slow and annoying but looking at the resulting code/docs/comments I think it was very much worth it.

Oh, not annoying at all and a lot better than the initial PR. Thanks for the review. 👍

Let me know if you'd like to clean up the history or if I should just squash merge.

If squash-merging is an option, I'll take it. Otherwise, I would squash it into a single commit locally .. which sort of leads to the same result.