1 files changed, 11 insertions, 0 deletions

diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go
index c2928e9e5..df9f5b0c8 100644
--- a/internal/api/client/user/passwordchange.go
+++ b/internal/api/client/user/passwordchange.go
@@ -24,10 +24,13 @@ import (
 	"github.com/gin-gonic/gin"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
+const OIDCPasswordHelp = "password change request cannot be processed by GoToSocial as this instance is running with OIDC enabled; you must change password using your OIDC provider"
+
 // PasswordChangePOSTHandler swagger:operation POST /api/v1/user/password_change userPasswordChange
 //
 // Change the password of authenticated user.
@@ -62,6 +65,8 @@ import (
 //			description: forbidden
 //		'406':
 //			description: not acceptable
+//		'422':
+//			description: unprocessable request because instance is running with OIDC backend
 //		'500':
 //			description: internal error
 func (m *Module) PasswordChangePOSTHandler(c *gin.Context) {
@@ -76,6 +81,12 @@ func (m *Module) PasswordChangePOSTHandler(c *gin.Context) {
 		return
 	}
 
+	if config.GetOIDCEnabled() {
+		err := errors.New("instance running with OIDC")
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnprocessableEntity(err, OIDCPasswordHelp), m.processor.InstanceGetV1)
+		return
+	}
+
 	form := &apimodel.PasswordChangeRequest{}
 	if err := c.ShouldBind(form); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)