Documentation of MAS is missing information on how to connect with Synapse if both services are on different servers and using reverse proxy

[lukasz-zaroda]

Describe the bug
At https://element-hq.github.io/matrix-authentication-service/setup/index.html by using different domains, doc suggests that MAS and Matrix server could/should be put on different servers.

However, if Synapse is configured with a reverse proxy and nginx configuration from: https://element-hq.github.io/synapse/latest/reverse_proxy.html MAS won't be able to authenticate with Synapse. Why? Because MAS needs to connect to the /_synapse/admin/v1/username_available endpoint to check if a user exists, but it cannot do this not for one, but for TWO reasons:

1. Synapse nginx configuration doesn't expose this endpoint at all: location ~ ^(/_matrix|/_synapse/client) {
2. Synapse nginx configuration doesn't pass headers, so even if the missing location is added, then MAS won't be able to authenticate because of the missing Authorization header. To fix this, proxy_pass_request_headers on; has to be added to the Synapse's nginx configuration in the location scope.

To Reproduce
Follow official docs and get stuck because things do not work together.

Expected behavior
MAS docs should explain what changes have to be done to the Synapse's configuration/what requirements have to be met, for MAS to be able to connect to Synapse, so users won't get stuck at the very start.

UPDATE:
Actually proxy_pass_request_headers is not an issue and it's on by default. So the only thing missing seems to be additional endpoints that have to be made available for MAS on Synapse's nginx configuration.