Element-web: Client asks for non-existent password when using SSO

Description

Element asks for the account password for various operations like enabling key backup, and cross-signing, or terminating other sessions. However, when using SSO via OAuth 2.0 as configured in the Synapse homeserver via the "oidc_config" directive, no password has been set, and hence cannot be provided, so the operations fail.

Steps to reproduce

• Configure fresh Synapse homeserver with "oidc_config" configured for an OAuth 2.0 provider
• Log onto the server with Element (Web, Desktop, Android) via SSO
• Attempt to enable key backup. The client will ask for the account password.

There should be either no password prompt or an additional SSO flow, although the latter would appear somewhat redundant in this scenario.

Version information

I can reproduce this with the web and desktop client as well as the Android app. Happens in version 1.7.4 and also in a build made from the current state of the development branch. Happens with both Firefox and Chromium.

Workaround

A way to work around this issue is by setting a password manually in the Synapse database after* the SSO login has succeeded for the first before (and thus the user account has been created), but **before triggering any of the operations that would require a password (e.g. enabling key backup). Then use that newly created password to enable key backup and cross-signing, and it will work as expected.

Setting the password after an operation requiring it has been attempted does not seem to work.

This has been verified on the development branch build.