got sso working

modules/machine/yshtola/configuration.nix

@@ -1,4 +1,5 @@
 {
+  lib,
   pkgs,
   config,
   userName,
@@ -194,19 +195,19 @@ in {
         #   1. Visit https://social.wyattjmiller.com/settings/applications
         #   2. Create a new application with the redirect URI:
         #        https://chat.wyattjmiller.com/_matrix/client/v3/login/sso/redirect/oidc-mastodon
-        #      and scopes: read:accounts
-        #   3. Write the Application ID  → /var/lib/tuwunel/mastodon-oauth-client-id  (chmod 400, owned by tuwunel)
-        #      Write the Client Secret   → /var/lib/tuwunel/mastodon-oauth-client-secret
+        #      and scopes: profile
+        #   3. Write the Client Key      → /var/lib/private/tuwunel/matrix-oauth-client-id  (chmod 400, owned by tuwunel)
+        #      Write the Client Secret   → /var/lib/private/tuwunel/matrix-oauth-client-secret
         #   4. nixos-rebuild switch (or restart tuwunel.service)
-        identity_provider= [
+        identity_provider = [
           {
             brand = "Mastodon";
             issuer_url = "https://${mastodonFqdn}";
-            id = mastodonOauthClientId;
-            callback_url = "https://${matrixFqdn}/_matrix/client/v3/login/sso/callback/${mastodonOauthClientId}";
+            # id = mastodonOauthClientId;
+            callback_url = "https://${matrixFqdn}/_matrix/client/unstable/login/sso/callback/${lib.removeSuffix "\n" (mastodonOauthClientId)}";
             discovery_url = "https://${mastodonFqdn}/.well-known/oauth-authorization-server";
-            client_id = mastodonOauthClientId;
-            client_secret = mastodonOauthClientSecret;
+            client_id = lib.removeSuffix "\n" (mastodonOauthClientId);
+            client_secret = lib.removeSuffix "\n" (mastodonOauthClientSecret);
             scope = ["profile"];
             userid_claims = ["preferred_username"];
           }