refactor rtc transport discovery and auth

src/livekit/openIDSFU.ts

@@ -5,11 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
 Please see LICENSE in the repository root for full details.
 */
 
-import {
-  retryNetworkOperation,
-  type IOpenIDToken,
-  type MatrixClient,
-} from "matrix-js-sdk";
+import { type IOpenIDToken, type MatrixClient } from "matrix-js-sdk";
 import { type CallMembershipIdentityParts } from "matrix-js-sdk/lib/matrixrtc/EncryptionManager";
 import { type Logger } from "matrix-js-sdk/lib/logger";
 
@@ -70,6 +66,7 @@ export type OpenIDClientParts = Pick<
   MatrixClient,
   "getOpenIdToken" | "getDeviceId"
 >;
+
 /**
  * Gets a bearer token from the homeserver and then use it to authenticate
  * to the matrix RTC backend in order to get acces to the SFU.
@@ -113,9 +110,6 @@ export async function getSFUConfigWithOpenID(
     );
   }
   logger?.debug("Got openID token", openIdToken);
-
-  logger?.info(`Trying to get JWT for focus ${serviceUrl}...`);
-
   let sfuConfig: { url: string; jwt: string } | undefined;
 
   const tryBothJwtEndpoints = opts?.forceJwtEndpoint === undefined; // This is for SFUs where we do not publish.
@@ -127,7 +121,10 @@ export async function getSFUConfigWithOpenID(
   // if we can use both or if we are forced to use the new one.
   if (tryBothJwtEndpoints || forceMatrix2Jwt) {
     try {
-      sfuConfig = await getLiveKitJWTWithDelayDelegation(
+      logger?.info(
+        `Trying to get JWT with delegation for focus ${serviceUrl}...`,
+      );
+      const sfuConfig = await getLiveKitJWTWithDelayDelegation(
         membership,
         serviceUrl,
         roomId,
@@ -135,33 +132,36 @@ export async function getSFUConfigWithOpenID(
         opts?.delayEndpointBaseUrl,
         opts?.delayId,
       );
-      logger?.info(`Got JWT from call's active focus URL.`);
+
+      return extractFullConfigFromToken(sfuConfig);
     } catch (e) {
       logger?.debug(`Failed fetching jwt with matrix 2.0 endpoint:`, e);
-      if (e instanceof NotSupportedError) {
-        logger?.warn(
-          `Failed fetching jwt with matrix 2.0 endpoint (retry with legacy) Not supported`,
-          e,
-        );
-        sfuConfig = undefined;
-      } else {
-        logger?.warn(
-          `Failed fetching jwt with matrix 2.0 endpoint other issues ->`,
-          `(not going to try with legacy endpoint: forceOldJwtEndpoint is set to false, we did not get a not supported error from the sfu)`,
-          e,
-        );
-        // Make this throw a hard error in case we force the matrix2.0 endpoint.
-        if (forceMatrix2Jwt)
-          throw new NoMatrix2AuthorizationService(e as Error);
-        // NEVER get bejond this point if we forceMatrix2 and it failed!
-      }
+      // Make this throw a hard error in case we force the matrix2.0 endpoint.
+      if (forceMatrix2Jwt) throw new NoMatrix2AuthorizationService(e as Error);
+
+      // if (e instanceof NotSupportedError) {
+      //   logger?.warn(
+      //     `Failed fetching jwt with matrix 2.0 endpoint (retry with legacy) Not supported`,
+      //     e,
+      //   );
+      // } else {
+      //   logger?.warn(
+      //     `Failed fetching jwt with matrix 2.0 endpoint other issues ->`,
+      //     `(not going to try with legacy endpoint: forceOldJwtEndpoint is set to false, we did not get a not supported error from the sfu)`,
+      //     e,
+      //   );
+      //   // NEVER get bejond this point if we forceMatrix2 and it failed!
+      // }
     }
   }
 
   // DEPRECATED
-  // here we either have a sfuConfig or we alredy exited because of `if (forceMatrix2) throw ...`
+  // here we either have a sfuConfig or we already exited because of `if (forceMatrix2) throw ...`
   // The only case we can get into this condition is, if `forceMatrix2` is `false`
-  if (sfuConfig === undefined) {
+  try {
+    logger?.info(
+      `Trying to get JWT with legacy endpoint for focus ${serviceUrl}...`,
+    );
     sfuConfig = await getLiveKitJWT(
       membership.deviceId,
       serviceUrl,
@@ -169,15 +169,19 @@ export async function getSFUConfigWithOpenID(
       openIdToken,
     );
     logger?.info(`Got JWT from call's active focus URL.`);
+    return extractFullConfigFromToken(sfuConfig);
+  } catch (ex) {
+    throw new FailToGetOpenIdToken(
+      ex instanceof Error ? ex : new Error(`Unknown error ${ex}`),
+    );
   }
+}
 
-  if (!sfuConfig) {
-    throw new Error("No `sfuConfig` after trying with old and new endpoints");
-  }
-
-  // Pull the details from the JWT
+function extractFullConfigFromToken(sfuConfig: {
+  url: string;
+  jwt: string;
+}): SFUConfig {
   const [, payloadStr] = sfuConfig.jwt.split(".");
-  // TODO: Prefer Uint8Array.fromBase64 when widely available
   const payload = JSON.parse(global.atob(payloadStr)) as SFUJWTPayload;
   return {
     jwt: sfuConfig.jwt,
@@ -189,16 +193,15 @@ export async function getSFUConfigWithOpenID(
     livekitIdentity: payload.sub,
   };
 }
-const RETRIES = 4;
+
 async function getLiveKitJWT(
   deviceId: string,
   livekitServiceURL: string,
   matrixRoomId: string,
   openIDToken: IOpenIDToken,
 ): Promise<{ url: string; jwt: string }> {
-  let res: Response | undefined;
-  await retryNetworkOperation(RETRIES, async () => {
-    res = await fetch(livekitServiceURL + "/sfu/get", {
+  const res = await doNetworkOperationWithRetry(async () => {
+    return await fetch(livekitServiceURL + "/sfu/get", {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -211,11 +214,7 @@ async function getLiveKitJWT(
       }),
     });
   });
-  if (!res) {
-    throw new Error(
-      `Network error while connecting to jwt service after ${RETRIES} retries`,
-    );
-  }
+
   if (!res.ok) {
     throw new Error("SFU Config fetch failed with status code " + res.status);
   }
@@ -262,10 +261,8 @@ export async function getLiveKitJWTWithDelayDelegation(
     };
   }
 
-  let res: Response | undefined;
-
-  await retryNetworkOperation(RETRIES, async () => {
-    res = await fetch(livekitServiceURL + "/get_token", {
+  const res = await doNetworkOperationWithRetry(async () => {
+    return await fetch(livekitServiceURL + "/get_token", {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -274,11 +271,6 @@ export async function getLiveKitJWTWithDelayDelegation(
     });
   });
 
-  if (!res) {
-    throw new Error(
-      `Network error while connecting to jwt service after ${RETRIES} retries`,
-    );
-  }
   if (!res.ok) {
     const msg = "SFU Config fetch failed with status code " + res.status;
     if (res.status === 404) {

src/state/CallViewModel/localMember/LocalTransport.ts

@@ -8,11 +8,11 @@ Please see LICENSE in the repository root for full details.
 import {
   type CallMembership,
   isLivekitTransportConfig,
-  type Transport,
   type LivekitTransportConfig,
 } from "matrix-js-sdk/lib/matrixrtc";
-import { MatrixError, type MatrixClient } from "matrix-js-sdk";
+import { type MatrixClient } from "matrix-js-sdk";
 import {
+  combineLatest,
   distinctUntilChanged,
   first,
   from,
@@ -42,6 +42,7 @@ import {
 } from "../../../livekit/openIDSFU.ts";
 import { areLivekitTransportsEqual } from "../remoteMembers/MatrixLivekitMembers.ts";
 import { customLivekitUrl } from "../../../settings/settings.ts";
+import { RtcTransportAutoDiscovery } from "./RtcTransportAutoDiscovery.ts";
 
 const logger = rootLogger.getChild("[LocalTransport]");
 
@@ -171,57 +172,82 @@ export const createLocalTransport$ = ({
     ),
   );
 
-  /**
-   * The transport that we would personally prefer to publish on (if not for the
-   * transport preferences of others, perhaps). `null` until fetched and
-   * validated.
-   *
-   * @throws MatrixRTCTransportMissingError | FailToGetOpenIdToken
-   */
-  const preferredTransport$ =
-    scope.behavior<LocalTransportWithSFUConfig | null>(
-      // preferredTransport$ (used for multi sfu) needs to know if we are using the old or new
-      // jwt endpoint (`get_token` vs `sfu/get`) based on that the jwt endpoint will compute the rtcBackendIdentity
-      // differently. (sha(`${userId}|${deviceId}|${memberId}`) vs `${userId}|${deviceId}|${memberId}`)
-      // When using sticky events (we need to use the new endpoint).
-      customLivekitUrl.value$.pipe(
-        switchMap((customUrl) =>
-          startWith<LocalTransportWithSFUConfig | null>(null)(
-            // Fetch the SFU config, and repeat this asynchronously for every
-            // change in delay ID.
-            delayId$.pipe(
-              switchMap(async (delayId) => {
-                logger.info(
-                  "Creating preferred transport based on: ",
-                  "customUrl: ",
-                  customUrl,
-                  "delayId: ",
-                  delayId,
-                  "forceJwtEndpoint: ",
-                  forceJwtEndpoint,
-                );
-                return makeTransport(
-                  client,
-                  ownMembershipIdentity,
-                  roomId,
-                  customUrl,
-                  forceJwtEndpoint,
-                  delayId ?? undefined,
-                );
-              }),
-              // We deliberately hide any changes to the SFU config because we
-              // do not actually want the app to reconnect whenever the JWT
-              // token changes due to us delegating a new delayed event. The
-              // initial SFU config for the transport is all the app needs.
-              distinctUntilChanged((prev, next) =>
-                areLivekitTransportsEqual(prev.transport, next.transport),
-              ),
-            ),
-          ),
-        ),
-      ),
+  const transportDiscovery = new RtcTransportAutoDiscovery({
+    client: client,
+    resolvedConfig: Config.get(),
+    wellKnownFetcher: AutoDiscovery.getRawClientConfig.bind(AutoDiscovery),
+    logger: logger,
+  });
+
+  const discoveredTransport$ = from(
+    transportDiscovery.discoverPreferredTransport(),
+  );
+
+  const preferredConfig$ = customLivekitUrl.value$
+    .pipe(
+      startWith(null),
+      switchMap((customUrl) => {
+        if (customUrl) {
+          return of({
+            type: "livekit",
+            livekit_service_url: customUrl,
+          } as LivekitTransportConfig);
+        } else {
+          return discoveredTransport$;
+        }
+      }),
+    )
+    .pipe(
+      map((config) => {
+        if (!config) {
+          // Bubbled up from the preferredConfig$ observable.
+          throw new MatrixRTCTransportMissingError(client.getDomain() ?? "");
+        }
+        return config;
+      }),
+      distinctUntilChanged(areLivekitTransportsEqual),
     );
 
+  const preferredTransport$ = combineLatest([preferredConfig$, delayId$]).pipe(
+    switchMap(async ([transport, delayId]) => {
+      try {
+        return await doOpenIdAndJWTFromUrl(
+          transport.livekit_service_url,
+          forceJwtEndpoint,
+          ownMembershipIdentity,
+          roomId,
+          client,
+          delayId ?? undefined,
+        );
+      } catch (e) {
+        if (
+          e instanceof FailToGetOpenIdToken ||
+          e instanceof NoMatrix2AuthorizationService
+        ) {
+          // rethrow as is
+          throw e;
+        }
+        // Catch others and rethrow as FailToGetOpenIdToken that has user friendly message.
+        logger.error("Failed to get JWT from preferred transport", e);
+        throw new FailToGetOpenIdToken(
+          e instanceof Error ? e : new Error(String(e)),
+        );
+      }
+    }),
+    // TODO: I don't think this is needed anymore.
+    // TODO: The advertised$ will filter distinct until changed to ignore delayId, because
+    // we just want to check that we can authenticate with the transport, not that we
+    // can use the "credentials" to publish.
+
+    // We deliberately hide any changes to the SFU config because we
+    // do not actually want the app to reconnect whenever the JWT
+    // token changes due to us delegating a new delayed event. The
+    // initial SFU config for the transport is all the app needs.
+    // distinctUntilChanged((prev, next) =>
+    //   areLivekitTransportsEqual(prev.transport, next.transport),
+    // ),
+  );
+
   if (useOldestMember) {
     // --- Oldest member mode ---
     return {
@@ -232,7 +258,7 @@ export const createLocalTransport$ = ({
       advertised$: scope.behavior(
         merge(
           oldestMemberTransport$,
-          preferredTransport$.pipe(map((t) => t?.transport ?? null)),
+          preferredTransport$.pipe(map((t) => t.transport)),
         ).pipe(
           first((t) => t !== null),
           tap((t) =>
@@ -268,6 +294,7 @@ export const createLocalTransport$ = ({
             ),
           ),
         ),
+        null,
       ),
     };
   }
@@ -280,222 +307,50 @@ export const createLocalTransport$ = ({
         map((t) => t?.transport ?? null),
         distinctUntilChanged(areLivekitTransportsEqual),
       ),
+      null,
     ),
-    active$: preferredTransport$,
+    active$: scope.behavior(preferredTransport$, null),
   };
 };
 
-const FOCI_WK_KEY = "org.matrix.msc4143.rtc_foci";
-
-/**
- * Determine the correct Transport for the current session, including
- * validating auth against the service to ensure it's correct.
- * Prefers in order:
- *
-
- * 1. The `urlFromDevSettings` value. If this cannot be validated, the function will throw.
- * 2. The transports returned via the homeserver.
- * 3. The transports returned via .well-known.
- * 4. The transport configured in Element Call's config.
- *
- * @param client The authenticated Matrix client for the current user
- * @param membership The membership identity of the user.
- * @param roomId The ID of the room to be connected to.
- * @param urlFromDevSettings Override URL provided by the user's local config.
- * @param forceJwtEndpoint Whether to force a specific JWT endpoint
- *  - `Legacy` / `Matrix_2_0`
- *  - `get_token` / `sfu/get`
- *  -  not hashing / hashing the backendIdentity
- * @param delayId the delay id passed to the jwt service.
- *
- * @returns A fully validated transport config.
- * @throws MatrixRTCTransportMissingError | FailToGetOpenIdToken
- */
-async function makeTransport(
+// Utility to ensure the user can authenticate with the SFU.
+//
+// We will call `getSFUConfigWithOpenID` once per transport here as it's our
+// only mechanism of validation. This means we will also ask the
+// homeserver for a OpenID token a few times. Since OpenID tokens are single
+// use we don't want to risk any issues by re-using a token.
+//
+// If the OpenID request were to fail, then it's acceptable for us to fail
+// this function early, as we assume the homeserver has got some problems.
+async function doOpenIdAndJWTFromUrl(
+  url: string,
+  forceJwtEndpoint: JwtEndpointVersion,
+  membership: CallMembershipIdentityParts,
+  roomId: string,
   client: Pick<
     MatrixClient,
     "getDomain" | "baseUrl" | "_unstable_getRTCTransports" | "getAccessToken"
   > &
     OpenIDClientParts,
-  membership: CallMembershipIdentityParts,
-  roomId: string,
-  urlFromDevSettings: string | null,
-  forceJwtEndpoint: JwtEndpointVersion,
   delayId?: string,
 ): Promise<LocalTransportWithSFUConfig> {
-  logger.trace("Searching for a preferred transport");
-
-  async function doOpenIdAndJWTFromUrl(
-    url: string,
-  ): Promise<LocalTransportWithSFUConfig> {
-    const sfuConfig = await getSFUConfigWithOpenID(
-      client,
-      membership,
-      url,
-      roomId,
-      {
-        forceJwtEndpoint: forceJwtEndpoint,
-        delayEndpointBaseUrl: client.baseUrl,
-        delayId,
-      },
-      logger,
-    );
-    return {
-      transport: {
-        type: "livekit",
-        livekit_service_url: url,
-      },
-      sfuConfig,
-    };
-  }
-  // We will call `getSFUConfigWithOpenID` once per transport here as it's our
-  // only mechanism of valiation. This means we will also ask the
-  // homeserver for a OpenID token a few times. Since OpenID tokens are single
-  // use we don't want to risk any issues by re-using a token.
-  //
-  // If the OpenID request were to fail then it's acceptable for us to fail
-  // this function early, as we assume the homeserver has got some problems.
-
-  // DEVTOOL: Highest priority: Load from devtool setting
-  if (urlFromDevSettings !== null) {
-    // Validate that the SFU is up. Otherwise, we want to fail on this
-    // as we don't permit other SFUs.
-    // This will call the jwt/sfu/get endpoint to pre create the livekit room.
-    logger.info("Using LiveKit transport from dev tools: ", urlFromDevSettings);
-    return await doOpenIdAndJWTFromUrl(urlFromDevSettings);
-  }
-
-  async function getFirstUsableTransport(
-    transports: Transport[],
-  ): Promise<LocalTransportWithSFUConfig | null> {
-    for (const potentialTransport of transports) {
-      if (isLivekitTransportConfig(potentialTransport)) {
-        try {
-          logger.info(
-            `makeTransport: check transport authentication for "${potentialTransport.livekit_service_url}"`,
-          );
-          // This will call the jwt/sfu/get endpoint to pre create the livekit room.
-          return await doOpenIdAndJWTFromUrl(
-            potentialTransport.livekit_service_url,
-          );
-        } catch (ex) {
-          logger.debug(
-            `makeTransport: Could not use SFU service "${potentialTransport.livekit_service_url}" as SFU`,
-            ex,
-          );
-          // Explictly throw these
-          if (ex instanceof FailToGetOpenIdToken) {
-            throw ex;
-          }
-          if (ex instanceof NoMatrix2AuthorizationService) {
-            throw ex;
-          }
-        }
-      } else {
-        logger.info(
-          `makeTransport: "${potentialTransport.livekit_service_url}" is not a valid livekit transport  as SFU`,
-        );
-      }
-    }
-    return null;
-  }
-
-  let lastError: Error | undefined = undefined;
-  // MSC4143: Attempt to fetch transports from backend.
-  // TODO: Workaround for an issue in the js-sdk RoomWidgetClient that
-  // is not yet implementing _unstable_getRTCTransports properly (via widget API new action).
-  // For now we just skip this call if we are in a widget.
-  // In widget mode the client is a `RoomWidgetClient` which has no access token (it is using the widget API).
-  // Could be removed once the js-sdk is fixed (https://github.com/matrix-org/matrix-js-sdk/issues/5245)
-  const isSPA = !!client.getAccessToken();
-  if (isSPA && "_unstable_getRTCTransports" in client) {
-    logger.info(
-      "makeTransport: First try to use getRTCTransports end point ...",
-    );
-    try {
-      // TODO This should also check for server support?
-      const transportList = await client._unstable_getRTCTransports();
-      const selectedTransport = await getFirstUsableTransport(transportList);
-      if (selectedTransport) {
-        logger.info(
-          "makeTransport: ...Using backend-configured (client.getRTCTransports) SFU",
-          selectedTransport,
-        );
-        return selectedTransport;
-      }
-    } catch (ex) {
-      lastError = ex as Error;
-      if (ex instanceof MatrixError && ex.httpStatus === 404) {
-        // Expected, this is an unstable endpoint and it's not required.
-        // There will be expected 404 errors in the console. When we check if synapse supports the endpoint.
-        logger.debug(
-          "Matrix homeserver does not provide any RTC transports via `/rtc/transports` (will retry with well-known.)",
-        );
-      } else if (ex instanceof FailToGetOpenIdToken) {
-        logger.error(`makeTransport: Failed to validate backend SFU`, ex);
-        throw ex;
-      } else {
-        // We got an error that wasn't just missing support for the feature, so log it loudly.
-        logger.error(
-          "Unexpected error fetching RTC transports from backend",
-          ex,
-        );
-      }
-    }
-  }
-
-  logger.info(
-    `makeTransport: Trying to get transports from .well-known/matrix/client on domain ${client.getDomain()} ...`,
+  const sfuConfig = await getSFUConfigWithOpenID(
+    client,
+    membership,
+    url,
+    roomId,
+    {
+      forceJwtEndpoint: forceJwtEndpoint,
+      delayEndpointBaseUrl: client.baseUrl,
+      delayId,
+    },
+    logger,
   );
-
-  // Legacy MSC4143 (to be removed) WELL_KNOWN: Prioritize the .well-known/matrix/client, if available.
-  const domain = client.getDomain();
-  if (domain) {
-    // we use AutoDiscovery instead of relying on the MatrixClient having already
-    // been fully configured and started
-    const wellKnownFoci = (await AutoDiscovery.getRawClientConfig(domain))?.[
-      FOCI_WK_KEY
-    ];
-    let selectedTransport: LocalTransportWithSFUConfig | null = null;
-    if (Array.isArray(wellKnownFoci)) {
-      try {
-        selectedTransport = await getFirstUsableTransport(wellKnownFoci);
-      } catch (ex) {
-        lastError = ex as Error;
-        if (ex instanceof FailToGetOpenIdToken) {
-          throw ex;
-        }
-        logger.error(`makeTransport: Failed to validate .well-known SFU`, ex);
-      }
-    } else {
-      selectedTransport = null;
-    }
-    if (selectedTransport) {
-      logger.info("Using .well-known SFU", selectedTransport);
-      return selectedTransport;
-    }
-  }
-
-  logger.info(
-    `makeTransport: No valid transport found via backend or .well-known, falling back to config if available.`,
-  );
-
-  // CONFIG: Least prioritized; Load from config file
-  const urlFromConf = Config.get().livekit?.livekit_service_url;
-  if (urlFromConf) {
-    try {
-      // This will call the jwt/sfu/get endpoint to pre create the livekit room.
-      logger.info("Using config SFU", urlFromConf);
-      return await doOpenIdAndJWTFromUrl(urlFromConf);
-    } catch (ex) {
-      if (ex instanceof FailToGetOpenIdToken) {
-        throw ex;
-      }
-      lastError = ex as Error;
-      logger.error("Failed to validate config SFU", ex);
-    }
-  }
-
-  // If we do not have returned a transport by now we throw an error
-  throw new MatrixRTCTransportMissingError(domain ?? "", lastError);
+  return {
+    transport: {
+      type: "livekit",
+      livekit_service_url: url,
+    },
+    sfuConfig,
+  };
 }

src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.test.ts

@@ -0,0 +1,233 @@
+/*
+Copyright 2025 Element Creations Ltd.
+
+SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+Please see LICENSE in the repository root for full details.
+*/
+
+import {
+  beforeEach,
+  describe,
+  expect,
+  it,
+  type MockedObject,
+  vi,
+} from "vitest";
+import { type IClientWellKnown, MatrixError } from "matrix-js-sdk";
+import { logger as rootLogger } from "matrix-js-sdk/lib/logger";
+import {
+  type LivekitTransportConfig,
+  type Transport,
+} from "matrix-js-sdk/lib/matrixrtc";
+
+import type { ResolvedConfigOptions } from "../../../config/ConfigOptions.ts";
+import {
+  RtcTransportAutoDiscovery,
+  type RtcTransportAutoDiscoveryProps,
+} from "./RtcTransportAutoDiscovery.ts";
+
+type DiscoveryClient = RtcTransportAutoDiscoveryProps["client"];
+
+const backendTransport: LivekitTransportConfig = {
+  type: "livekit",
+  livekit_service_url: "https://backend.example.org",
+};
+
+const wellKnownTransport: LivekitTransportConfig = {
+  type: "livekit",
+  livekit_service_url: "https://well-known.example.org",
+};
+
+function makeClient(): MockedObject<DiscoveryClient> {
+  return {
+    getDomain: vi.fn().mockReturnValue("example.org"),
+    baseUrl: "https://matrix.example.org",
+    _unstable_getRTCTransports: vi.fn().mockResolvedValue([]),
+    getAccessToken: vi.fn().mockReturnValue("access_token"),
+    getOpenIdToken: vi.fn(),
+    getDeviceId: vi.fn(),
+  } as unknown as MockedObject<DiscoveryClient>;
+}
+
+function makeResolvedConfig(livekitServiceUrl?: string): ResolvedConfigOptions {
+  return {
+    livekit: livekitServiceUrl
+      ? {
+          livekit_service_url: livekitServiceUrl,
+        }
+      : undefined,
+  } as ResolvedConfigOptions;
+}
+
+function makeWellKnown(rtcFoci?: Transport[]): IClientWellKnown {
+  return {
+    "org.matrix.msc4143.rtc_foci": rtcFoci,
+  } as unknown as IClientWellKnown;
+}
+
+describe("RtcTransportAutoDiscovery", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  const VALID_TEST_CASES: Array<{ transports: Transport[] }> = [
+    { transports: [backendTransport] },
+    // will pick the first livekit transport in the list, even if there are other non-livekit transports
+    { transports: [{ type: "not_livekit" }, backendTransport] },
+  ];
+  it.each(VALID_TEST_CASES)(
+    "prefers backend transport over well-known and app config $transports",
+    async ({ transports }) => {
+      // it("prefers backend transport over well-known and app config", async () => {
+      const client = makeClient();
+      client._unstable_getRTCTransports.mockResolvedValue(transports);
+
+      const wellKnownFetcher = vi
+        .fn<(domain: string) => Promise<IClientWellKnown>>()
+        .mockResolvedValue(makeWellKnown([wellKnownTransport]));
+
+      const discovery = new RtcTransportAutoDiscovery({
+        client,
+        resolvedConfig: makeResolvedConfig("https://config.example.org"),
+        wellKnownFetcher,
+        logger: rootLogger,
+      });
+
+      await expect(
+        discovery.discoverPreferredTransport(),
+      ).resolves.toStrictEqual(backendTransport);
+
+      expect(client._unstable_getRTCTransports).toHaveBeenCalledTimes(1);
+      expect(wellKnownFetcher).not.toHaveBeenCalled();
+    },
+  );
+
+  it("Retries limit_exceeded backend transport over well-known", async () => {
+    const client = makeClient();
+    client._unstable_getRTCTransports
+      .mockRejectedValueOnce(
+        new MatrixError(
+          {
+            errcode: "M_LIMIT_EXCEEDED",
+            error: "Too many requests",
+            retry_after_ms: 100,
+          },
+          429,
+        ),
+      )
+      .mockResolvedValue([backendTransport]);
+
+    const wellKnownFetcher = vi
+      .fn<(domain: string) => Promise<IClientWellKnown>>()
+      .mockResolvedValue(makeWellKnown([wellKnownTransport]));
+
+    const discovery = new RtcTransportAutoDiscovery({
+      client,
+      resolvedConfig: makeResolvedConfig("https://config.example.org"),
+      wellKnownFetcher,
+      logger: rootLogger,
+    });
+
+    await expect(discovery.discoverPreferredTransport()).resolves.toStrictEqual(
+      backendTransport,
+    );
+
+    expect(client._unstable_getRTCTransports).toHaveBeenCalledTimes(2);
+    expect(wellKnownFetcher).not.toHaveBeenCalled();
+  });
+
+  const INVALID_TEST_CASES: Array<{ transports: Transport[] }> = [
+    { transports: [] },
+    { transports: [{ type: "not_livekit" }] },
+  ];
+  it.each(INVALID_TEST_CASES)(
+    "falls back to well-known when backend has no (valid) livekit transports $transports",
+    async ({ transports }) => {
+      const client = makeClient();
+      client._unstable_getRTCTransports.mockResolvedValue(transports);
+
+      const wellKnownFetcher = vi
+        .fn<(domain: string) => Promise<IClientWellKnown>>()
+        .mockResolvedValue(makeWellKnown([wellKnownTransport]));
+
+      const discovery = new RtcTransportAutoDiscovery({
+        client,
+        resolvedConfig: makeResolvedConfig("https://config.example.org"),
+        wellKnownFetcher,
+        logger: rootLogger,
+      });
+
+      await expect(
+        discovery.discoverPreferredTransport(),
+      ).resolves.toStrictEqual(wellKnownTransport);
+
+      expect(wellKnownFetcher).toHaveBeenCalledWith("example.org");
+    },
+  );
+
+  it("skips backend discovery in widget mode and uses well-known", async () => {
+    const client = makeClient();
+    // widget mode is detected by the absence of an access token
+    client.getAccessToken.mockReturnValue(null);
+
+    const wellKnownFetcher = vi
+      .fn<(domain: string) => Promise<IClientWellKnown>>()
+      .mockResolvedValue(makeWellKnown([wellKnownTransport]));
+
+    const discovery = new RtcTransportAutoDiscovery({
+      client,
+      resolvedConfig: makeResolvedConfig("https://config.example.org"),
+      wellKnownFetcher,
+      logger: rootLogger,
+    });
+
+    await expect(discovery.discoverPreferredTransport()).resolves.toStrictEqual(
+      wellKnownTransport,
+    );
+
+    expect(client._unstable_getRTCTransports).not.toHaveBeenCalled();
+    expect(wellKnownFetcher).toHaveBeenCalledWith("example.org");
+  });
+
+  it("falls back to app config when backend fails and well-known has no rtc_foci", async () => {
+    const client = makeClient();
+    client._unstable_getRTCTransports.mockRejectedValue(
+      new MatrixError({ errcode: "M_UNKNOWN" }, 404),
+    );
+
+    const wellKnownFetcher = vi
+      .fn<(domain: string) => Promise<IClientWellKnown>>()
+      .mockResolvedValue({} as IClientWellKnown);
+
+    const discovery = new RtcTransportAutoDiscovery({
+      client,
+      resolvedConfig: makeResolvedConfig("https://config.example.org"),
+      wellKnownFetcher,
+      logger: rootLogger,
+    });
+
+    await expect(discovery.discoverPreferredTransport()).resolves.toStrictEqual(
+      {
+        type: "livekit",
+        livekit_service_url: "https://config.example.org",
+      },
+    );
+  });
+
+  it("returns null when backend, well-known and config are all unavailable", async () => {
+    const client = makeClient();
+    client._unstable_getRTCTransports.mockResolvedValue([]);
+
+    const wellKnownFetcher = vi
+      .fn<(domain: string) => Promise<IClientWellKnown>>()
+      .mockResolvedValue({} as IClientWellKnown);
+
+    const discovery = new RtcTransportAutoDiscovery({
+      client,
+      resolvedConfig: makeResolvedConfig(undefined),
+      wellKnownFetcher,
+      logger: rootLogger,
+    });
+
+    await expect(discovery.discoverPreferredTransport()).resolves.toBeNull();
+  });
+});

src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.ts

@@ -0,0 +1,162 @@
+/*
+Copyright 2026 Element Creations Ltd.
+
+SPDX-License-IdFentifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+Please see LICENSE in the repository root for full details.
+*/
+import {
+  isLivekitTransportConfig,
+  type LivekitTransportConfig,
+} from "matrix-js-sdk/lib/matrixrtc";
+import { type IClientWellKnown, type MatrixClient } from "matrix-js-sdk";
+import { type Logger } from "matrix-js-sdk/lib/logger";
+
+import type { ResolvedConfigOptions } from "../../../config/ConfigOptions.ts";
+import { doNetworkOperationWithRetry } from "../../../utils/matrix.ts";
+
+type TransportDiscoveryClient = Pick<
+  MatrixClient,
+  "getDomain" | "_unstable_getRTCTransports" | "getAccessToken"
+>;
+
+export interface RtcTransportAutoDiscoveryProps {
+  client: TransportDiscoveryClient;
+  resolvedConfig: ResolvedConfigOptions;
+  wellKnownFetcher: (domain: string) => Promise<IClientWellKnown>;
+  logger: Logger;
+}
+
+export class RtcTransportAutoDiscovery {
+  private readonly client: TransportDiscoveryClient;
+  private readonly resolvedConfig: ResolvedConfigOptions;
+  private readonly wellKnownFetcher: (
+    domain: string,
+  ) => Promise<IClientWellKnown>;
+  private readonly logger: Logger;
+
+  public constructor({
+    client,
+    resolvedConfig,
+    wellKnownFetcher,
+    logger,
+  }: RtcTransportAutoDiscoveryProps) {
+    this.client = client;
+    this.resolvedConfig = resolvedConfig;
+    this.wellKnownFetcher = wellKnownFetcher;
+    this.logger = logger.getChild("[RtcTransportAutoDiscovery]");
+  }
+
+  public async discoverPreferredTransport(): Promise<LivekitTransportConfig | null> {
+    // 1) backend transports
+    const backendTransport = await this.tryBackendTransports();
+    if (backendTransport) {
+      this.logger.info(
+        `Found backend transport: ${backendTransport.livekit_service_url}`,
+      );
+      return backendTransport;
+    }
+
+    this.logger.info("No backend transport found, falling back to well-known");
+    // 2) .well-known transports
+    const wellKnownTransport = await this.tryWellKnownTransports();
+    if (wellKnownTransport) {
+      this.logger.info(
+        `Found .well-known transport: ${wellKnownTransport.livekit_service_url}`,
+      );
+      return wellKnownTransport;
+    }
+
+    this.logger.info(
+      "No .well-known transport found, falling back to app config",
+    );
+
+    // 3) app config URL
+    const configTransport = this.tryConfigTransport();
+    if (configTransport) {
+      this.logger.info(
+        `Found app config transport: ${configTransport.livekit_service_url}`,
+      );
+      return configTransport;
+    }
+
+    return null;
+  }
+
+  private async tryBackendTransports(): Promise<LivekitTransportConfig | null> {
+    const client = this.client;
+    // MSC4143: Attempt to fetch transports from backend.
+    // TODO: Workaround for an issue in the js-sdk RoomWidgetClient that
+    // is not yet implementing _unstable_getRTCTransports properly (via widget API new action).
+    // For now we just skip this call if we are in a widget.
+    // In widget mode the client is a `RoomWidgetClient` which has no access token (it is using the widget API).
+    // Could be removed once the js-sdk is fixed (https://github.com/matrix-org/matrix-js-sdk/issues/5245)
+    const isSPA = !!client.getAccessToken();
+    if (isSPA && "_unstable_getRTCTransports" in client) {
+      this.logger.info("First try to use getRTCTransports end point ...");
+      try {
+        const transportList = await doNetworkOperationWithRetry(async () =>
+          client._unstable_getRTCTransports(),
+        );
+        const first = transportList.filter(isLivekitTransportConfig)[0];
+        if (first) {
+          return first;
+        } else {
+          this.logger.info(
+            `No livekit transport found in getRTCTransports end point`,
+            transportList,
+          );
+        }
+      } catch (ex) {
+        this.logger.info(`Failed to use getRTCTransports end point: ${ex}`);
+      }
+    } else {
+      this.logger.debug(`getRTCTransports end point not available`);
+    }
+
+    return null;
+  }
+
+  private async tryWellKnownTransports(): Promise<LivekitTransportConfig | null> {
+    // Legacy MSC4143 (to be removed) WELL_KNOWN: Prioritize the .well-known/matrix/client, if available.
+    const client = this.client;
+    const domain = client.getDomain();
+    if (domain) {
+      // we use AutoDiscovery instead of relying on the MatrixClient having already
+      // been fully configured and started
+
+      const wellKnownFoci = await this.wellKnownFetcher(domain);
+
+      const fociConfig = wellKnownFoci["org.matrix.msc4143.rtc_foci"];
+      if (fociConfig) {
+        if (!Array.isArray(fociConfig)) {
+          this.logger.warn(
+            `org.matrix.msc4143.rtc_foci is not an array in .well-known`,
+          );
+        } else {
+          return fociConfig[0];
+        }
+      } else {
+        this.logger.info(
+          `No .well-known "org.matrix.msc4143.rtc_foci" found for ${domain}`,
+          wellKnownFoci,
+        );
+      }
+    } else {
+      // Should never happen, but just in case
+      this.logger.warn(`No domain configured for client`);
+    }
+
+    return null;
+  }
+
+  private tryConfigTransport(): LivekitTransportConfig | null {
+    const url = this.resolvedConfig.livekit?.livekit_service_url;
+    if (url) {
+      return {
+        type: "livekit",
+        livekit_service_url: url,
+      };
+    }
+    return null;
+  }
+}