From c6e85805112667b8d9dec3e3bc1e2640e8229b92 Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Fri, 6 Feb 2026 09:42:56 +0100
Subject: [PATCH] Make the compat login SSO redirect query parameters ignore
 invalid values

---
 crates/handlers/src/compat/login_sso_redirect.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crates/handlers/src/compat/login_sso_redirect.rs b/crates/handlers/src/compat/login_sso_redirect.rs
index 1ad47c55e..f8b4435a1 100644
--- a/crates/handlers/src/compat/login_sso_redirect.rs
+++ b/crates/handlers/src/compat/login_sso_redirect.rs
@@ -13,18 +13,21 @@ use mas_router::{CompatLoginSsoAction, CompatLoginSsoComplete, UrlBuilder};
 use mas_storage::{BoxRepository, compat::CompatSsoLoginRepository};
 use rand::distributions::{Alphanumeric, DistString};
 use serde::Deserialize;
-use serde_with::serde;
+use serde_with::{DefaultOnError, serde, serde_as};
 use thiserror::Error;
 use url::Url;
 
 use crate::impl_from_error_for_route;
 
+#[serde_as]
 #[derive(Debug, Deserialize)]
 pub struct Params {
     #[serde(rename = "redirectUrl")]
     redirect_url: Option<String>,
+    #[serde_as(deserialize_as = "DefaultOnError")]
     action: Option<CompatLoginSsoAction>,
 
+    #[serde_as(deserialize_as = "DefaultOnError")]
     #[serde(rename = "org.matrix.msc3824.action")]
     unstable_action: Option<CompatLoginSsoAction>,
 }