2016-07-12 18:22:33 +02:00
|
|
|
# Copyright 2016 OpenMarket Ltd
|
2018-08-10 22:19:17 +02:00
|
|
|
# Copyright 2018 New Vector Ltd
|
2022-05-10 21:09:27 +02:00
|
|
|
# Copyright 2022 The Matrix.org Foundation C.I.C.
|
2016-07-12 18:22:33 +02:00
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
2015-09-14 14:49:27 +02:00
|
|
|
swagger: '2.0'
|
|
|
|
|
info:
|
2015-12-04 12:09:35 +01:00
|
|
|
title: "Matrix Client-Server Registration and Login API"
|
2015-09-14 14:49:27 +02:00
|
|
|
version: "1.0.0"
|
|
|
|
|
host: localhost:8008
|
|
|
|
|
schemes:
|
|
|
|
|
- https
|
|
|
|
|
- http
|
2021-10-12 19:07:01 +02:00
|
|
|
basePath: /_matrix/client/v3
|
2015-09-14 14:49:27 +02:00
|
|
|
consumes:
|
|
|
|
|
- application/json
|
|
|
|
|
produces:
|
|
|
|
|
- application/json
|
|
|
|
|
securityDefinitions:
|
2016-05-03 14:57:16 +02:00
|
|
|
$ref: definitions/security.yaml
|
2015-09-14 14:49:27 +02:00
|
|
|
paths:
|
|
|
|
|
"/login":
|
2018-07-03 21:41:49 +02:00
|
|
|
get:
|
|
|
|
|
summary: Get the supported login types to authenticate users
|
|
|
|
|
description: |-
|
|
|
|
|
Gets the homeserver's supported login types to authenticate users. Clients
|
2021-01-27 21:14:31 +01:00
|
|
|
should pick one of these and supply it as the `type` when logging in.
|
2018-07-03 21:41:49 +02:00
|
|
|
operationId: getLoginFlows
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: The login types the homeserver supports
|
|
|
|
|
examples:
|
|
|
|
|
application/json: {
|
|
|
|
|
"flows": [
|
|
|
|
|
{"type": "m.login.password"}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
flows:
|
|
|
|
|
type: array
|
|
|
|
|
description: The homeserver's supported login types
|
|
|
|
|
items:
|
|
|
|
|
type: object
|
|
|
|
|
title: LoginFlow
|
|
|
|
|
properties:
|
|
|
|
|
type:
|
|
|
|
|
description: |-
|
2021-01-27 21:14:31 +01:00
|
|
|
The login type. This is supplied as the `type` when
|
2018-07-03 21:41:49 +02:00
|
|
|
logging in.
|
|
|
|
|
type: string
|
|
|
|
|
429:
|
|
|
|
|
description: This request was rate-limited.
|
|
|
|
|
schema:
|
2018-07-04 21:45:34 +02:00
|
|
|
"$ref": "definitions/errors/rate_limited.yaml"
|
2018-07-03 21:41:49 +02:00
|
|
|
tags:
|
|
|
|
|
- Session management
|
2015-09-14 14:49:27 +02:00
|
|
|
post:
|
|
|
|
|
summary: Authenticates the user.
|
|
|
|
|
description: |-
|
2016-05-06 17:51:31 +02:00
|
|
|
Authenticates the user, and issues an access token they can
|
2015-09-14 14:49:27 +02:00
|
|
|
use to authorize themself in subsequent requests.
|
2016-09-28 17:56:38 +02:00
|
|
|
|
2021-01-27 21:14:31 +01:00
|
|
|
If the client does not supply a `device_id`, the server must
|
2016-09-28 17:56:38 +02:00
|
|
|
auto-generate one.
|
|
|
|
|
|
2021-01-27 21:14:31 +01:00
|
|
|
The returned access token must be associated with the `device_id`
|
2016-09-28 17:56:38 +02:00
|
|
|
supplied by the client or generated by the server. The server may
|
|
|
|
|
invalidate any access token previously associated with that device. See
|
2021-01-29 01:00:39 +01:00
|
|
|
[Relationship between access tokens and devices](/client-server-api/#relationship-between-access-tokens-and-devices).
|
2017-08-03 01:19:34 +02:00
|
|
|
operationId: login
|
2015-09-14 14:49:27 +02:00
|
|
|
parameters:
|
|
|
|
|
- in: body
|
|
|
|
|
name: body
|
2020-05-25 19:08:17 +02:00
|
|
|
required: true
|
2015-09-14 14:49:27 +02:00
|
|
|
schema:
|
|
|
|
|
type: object
|
2017-09-26 18:53:28 +02:00
|
|
|
example: {
|
2016-01-05 03:47:55 +01:00
|
|
|
"type": "m.login.password",
|
2018-08-10 22:19:17 +02:00
|
|
|
"identifier": {
|
|
|
|
|
"type": "m.id.user",
|
|
|
|
|
"user": "cheeky_monkey"
|
|
|
|
|
},
|
2016-09-28 17:56:38 +02:00
|
|
|
"password": "ilovebananas",
|
|
|
|
|
"initial_device_display_name": "Jungle Phone"
|
2015-09-14 14:49:27 +02:00
|
|
|
}
|
|
|
|
|
properties:
|
2015-10-14 14:38:28 +02:00
|
|
|
type:
|
|
|
|
|
type: string
|
2016-08-09 13:02:38 +02:00
|
|
|
enum: ["m.login.password", "m.login.token"]
|
|
|
|
|
description: The login type being used.
|
2018-08-10 22:19:17 +02:00
|
|
|
identifier:
|
|
|
|
|
"$ref": "definitions/user_identifier.yaml"
|
2015-10-14 14:38:28 +02:00
|
|
|
user:
|
2015-09-14 14:49:27 +02:00
|
|
|
type: string
|
2021-01-27 21:14:31 +01:00
|
|
|
description: The fully qualified user ID or just local part of the user ID, to log in. Deprecated in favour of `identifier`.
|
2016-05-06 17:51:31 +02:00
|
|
|
medium:
|
|
|
|
|
type: string
|
2023-03-08 10:58:29 +01:00
|
|
|
description: When logging in using a third-party identifier, the medium of the identifier. Must be 'email'. Deprecated in favour of `identifier`.
|
2016-05-06 17:51:31 +02:00
|
|
|
address:
|
|
|
|
|
type: string
|
2023-03-08 10:58:29 +01:00
|
|
|
description: Third-party identifier for the user. Deprecated in favour of `identifier`.
|
2015-09-14 14:49:27 +02:00
|
|
|
password:
|
|
|
|
|
type: string
|
2016-08-08 18:33:48 +02:00
|
|
|
description: |-
|
2021-01-27 21:14:31 +01:00
|
|
|
Required when `type` is `m.login.password`. The user's
|
2016-08-08 18:33:48 +02:00
|
|
|
password.
|
|
|
|
|
token:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
2021-01-29 01:00:39 +01:00
|
|
|
Required when `type` is `m.login.token`. Part of Token-based login.
|
2016-09-28 17:56:38 +02:00
|
|
|
device_id:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
|
|
|
|
ID of the client device. If this does not correspond to a
|
2020-10-17 00:36:02 +02:00
|
|
|
known client device, a new device will be created. The given
|
2021-01-29 01:00:39 +01:00
|
|
|
device ID must not be the same as a
|
|
|
|
|
[cross-signing](/client-server-api/#cross-signing) key ID.
|
|
|
|
|
The server will auto-generate a device_id
|
2020-10-17 00:36:02 +02:00
|
|
|
if this is not specified.
|
2016-09-28 17:56:38 +02:00
|
|
|
initial_device_display_name:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
|
|
|
|
A display name to assign to the newly-created device. Ignored
|
2021-01-27 21:14:31 +01:00
|
|
|
if `device_id` corresponds to a known device.
|
2022-05-10 21:09:27 +02:00
|
|
|
refresh_token:
|
|
|
|
|
type: boolean
|
|
|
|
|
description: |-
|
|
|
|
|
If true, the client supports refresh tokens.
|
|
|
|
|
x-addedInMatrixVersion: "1.3"
|
2016-08-08 18:33:48 +02:00
|
|
|
required: ["type"]
|
2016-05-06 17:51:31 +02:00
|
|
|
|
2015-09-14 14:49:27 +02:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: The user has been authenticated.
|
|
|
|
|
examples:
|
2017-09-26 18:53:28 +02:00
|
|
|
application/json: {
|
2015-09-14 14:49:27 +02:00
|
|
|
"user_id": "@cheeky_monkey:matrix.org",
|
|
|
|
|
"access_token": "abc123",
|
2022-05-10 21:09:27 +02:00
|
|
|
"refresh_token": "def456",
|
|
|
|
|
"expires_in_ms": 60000,
|
2019-01-09 23:05:27 +01:00
|
|
|
"device_id": "GHTYAJCE",
|
|
|
|
|
"well_known": {
|
|
|
|
|
"m.homeserver": {
|
|
|
|
|
"base_url": "https://example.org"
|
|
|
|
|
},
|
|
|
|
|
"m.identity_server": {
|
|
|
|
|
"base_url": "https://id.example.org"
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-09-14 14:49:27 +02:00
|
|
|
}
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
user_id:
|
|
|
|
|
type: string
|
2020-06-02 16:13:07 +02:00
|
|
|
description: The fully-qualified Matrix ID for the account.
|
2015-09-14 14:49:27 +02:00
|
|
|
access_token:
|
|
|
|
|
type: string
|
2015-09-15 17:23:19 +02:00
|
|
|
description: |-
|
|
|
|
|
An access token for the account.
|
|
|
|
|
This access token can then be used to authorize other requests.
|
2022-05-10 21:09:27 +02:00
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
|
|
|
|
A refresh token for the account. This token can be used to
|
|
|
|
|
obtain a new access token when it expires by calling the
|
|
|
|
|
`/refresh` endpoint.
|
|
|
|
|
x-addedInMatrixVersion: "1.3"
|
|
|
|
|
expires_in_ms:
|
|
|
|
|
type: integer
|
|
|
|
|
description: |-
|
|
|
|
|
The lifetime of the access token, in milliseconds. Once
|
|
|
|
|
the access token has expired a new access token can be
|
|
|
|
|
obtained by using the provided refresh token. If no
|
2022-06-02 22:17:46 +02:00
|
|
|
refresh token is provided, the client will need to re-log in
|
2022-05-10 21:09:27 +02:00
|
|
|
to obtain a new access token. If not given, the client can
|
|
|
|
|
assume that the access token will not expire.
|
|
|
|
|
x-addedInMatrixVersion: "1.3"
|
2015-09-14 14:49:27 +02:00
|
|
|
home_server:
|
|
|
|
|
type: string
|
2017-12-18 14:34:26 +01:00
|
|
|
description: |-
|
2017-12-18 15:48:56 +01:00
|
|
|
The server_name of the homeserver on which the account has
|
|
|
|
|
been registered.
|
2017-12-18 14:34:26 +01:00
|
|
|
|
|
|
|
|
**Deprecated**. Clients should extract the server_name from
|
2021-01-27 21:14:31 +01:00
|
|
|
`user_id` (by splitting at the first colon) if they require
|
|
|
|
|
it. Note also that `homeserver` is not spelt this way.
|
2016-09-28 17:56:38 +02:00
|
|
|
device_id:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
|
|
|
|
ID of the logged-in device. Will be the same as the
|
|
|
|
|
corresponding parameter in the request, if one was specified.
|
2019-01-09 23:05:27 +01:00
|
|
|
well_known:
|
2020-05-28 14:40:29 +02:00
|
|
|
description: |-
|
|
|
|
|
Optional client configuration provided by the server. If present,
|
|
|
|
|
clients SHOULD use the provided object to reconfigure themselves,
|
|
|
|
|
optionally validating the URLs within. This object takes the same
|
|
|
|
|
form as the one returned from .well-known autodiscovery.
|
2020-05-25 20:40:00 +02:00
|
|
|
allOf:
|
|
|
|
|
- "$ref": "definitions/wellknown/full.yaml"
|
2022-08-16 19:12:10 +02:00
|
|
|
required: ["access_token", "device_id", "user_id"]
|
2015-10-14 14:38:28 +02:00
|
|
|
400:
|
|
|
|
|
description: |-
|
|
|
|
|
Part of the request was invalid. For example, the login type may not be recognised.
|
|
|
|
|
examples:
|
2017-09-26 18:53:28 +02:00
|
|
|
application/json: {
|
2015-10-14 14:38:28 +02:00
|
|
|
"errcode": "M_UNKNOWN",
|
|
|
|
|
"error": "Bad login type."
|
|
|
|
|
}
|
2018-07-04 21:51:17 +02:00
|
|
|
schema:
|
|
|
|
|
"$ref": "definitions/errors/error.yaml"
|
2015-09-14 14:49:27 +02:00
|
|
|
403:
|
|
|
|
|
description: |-
|
2019-08-15 19:10:38 +02:00
|
|
|
The login attempt failed. This can include one of the following error codes:
|
2021-01-27 21:14:31 +01:00
|
|
|
* `M_FORBIDDEN`: The provided authentication data was incorrect
|
2020-10-17 00:36:02 +02:00
|
|
|
or the requested device ID is the same as a cross-signing key
|
|
|
|
|
ID.
|
2021-01-27 21:14:31 +01:00
|
|
|
* `M_USER_DEACTIVATED`: The user has been deactivated.
|
2015-09-14 14:49:27 +02:00
|
|
|
examples:
|
2017-09-26 18:53:28 +02:00
|
|
|
application/json: {
|
2019-08-15 19:10:38 +02:00
|
|
|
"errcode": "M_FORBIDDEN"
|
|
|
|
|
}
|
2018-07-04 21:51:17 +02:00
|
|
|
schema:
|
|
|
|
|
"$ref": "definitions/errors/error.yaml"
|
2015-09-14 14:49:27 +02:00
|
|
|
429:
|
|
|
|
|
description: This request was rate-limited.
|
|
|
|
|
schema:
|
2018-07-04 21:45:34 +02:00
|
|
|
"$ref": "definitions/errors/rate_limited.yaml"
|
2015-12-07 13:45:13 +01:00
|
|
|
tags:
|
|
|
|
|
- Session management
|
