Run Complement and Sytest against a MAS-enabled Synapse deployment

[sandhose]

We need to be able to run complement and sytest a MAS-enabled Synapse deployment

Because those are running in headless environments, we need an automated way to create and revoke tokens, an alternative to the C-S /login API. The plan to do this is to leverage MAS' GraphQL admin API to do this.
A prerequisite for Complement/Sytest to be able to call this admin API is to have the Client Credentials grant (which we need anyway in other contexts). Once that is done, we need to add an API to issue (and revoke) access tokens through the GraphQL API, which will let Complement/Sytest issue and revoke token for arbitrary users in an automated way.

• Implement the Client Credentials grant #1584
• API for adding a user #1583
• API for issuing access tokens
• Adapt Sytest
• Adapt Complement

[erikjohnston]

As a first step could we write a sytest or complement test that logs in with OIDC? Basically have a small, new test suite just for Synapse + MAS combo?

[matrixbot]

For your information, this issue has been copied over to the Element fork of matrix-authentication-service: element-hq/matrix-authentication-service#1686