matrix-org · MatMaul · Oct 5, 2021 · Oct 13, 2021
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
@@ -316,27 +316,6 @@ async def try_unbind_threepid_with_id_server(
                 "id_server must be a valid hostname with optional port and path components",
             )
 
-        url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
-        url_bytes = b"/_matrix/identity/api/v1/3pid/unbind"
-
-        content = {
-            "mxid": mxid,
-            "threepid": {"medium": threepid["medium"], "address": threepid["address"]},
-        }
-
-        # we abuse the federation http client to sign the request, but we have to send it
-        # using the normal http client since we don't want the SRV lookup and want normal
-        # 'browser-like' HTTPS.
-        url_bytes = "/_matrix/identity/api/v1/3pid/unbind".encode("ascii")
-        auth_headers = self.federation_http_client.build_auth_headers(
-            destination=None,
-            method=b"POST",
-            url_bytes=url_bytes,
-            content=content,
-            destination_is=id_server.encode("ascii"),
-        )
-        headers = {b"Authorization": auth_headers}
-
         # if we have a rewrite rule set for the identity server,
         # apply it now.
         #
@@ -346,8 +325,35 @@ async def try_unbind_threepid_with_id_server(
 
         if self.hs.config.bind_new_user_emails_to_sydent:
             id_server_url = self.hs.config.bind_new_user_emails_to_sydent
+            url = "%s/_matrix/identity/internal/unbind" % (id_server_url,)
+            content = {
+                "mxid": mxid,
+                "medium": threepid["medium"],
+                "address": threepid["address"],
+            }
+            headers = {}
+        else:
+            url_path = "/_matrix/identity/api/v1/3pid/unbind"
+            url = id_server_url + url_path
+            content = {
+                "mxid": mxid,
+                "threepid": {
+                    "medium": threepid["medium"],
+                    "address": threepid["address"],
+                },
+            }
 
-        url = "%s/_matrix/identity/api/v1/3pid/unbind" % (id_server_url,)
+            # we abuse the federation http client to sign the request, but we have to send it
+            # using the normal http client since we don't want the SRV lookup and want normal
+            # 'browser-like' HTTPS.
+            auth_headers = self.federation_http_client.build_auth_headers(
+                destination=None,
+                method=b"POST",
+                url_bytes=url_path.encode("ascii"),
+                content=content,
+                destination_is=id_server.encode("ascii"),
+            )
+            headers = {b"Authorization": auth_headers}
 
         try:
             # Use the blacklisting http client as this call is only to identity servers