#1250 issue : Updated registration.yaml

To solve the issue of securely managing the as_token and hs_token in the application service registration YAML file, we can introduce the ability to specify file paths for these tokens (as_token_path and hs_token_path) instead of hardcoding the tokens directly in the YAML file.

changelogs/application_service/newsfragments/1250.feature

@@ -0,0 +1,18 @@
+Issue 1250 fixed : allowed {as,hs}_token to be specified as {as,hs_token_path} instead in registration.yaml
+
+Implementation Notes:
+Token Handling Logic:
+
+The application should first check if the *_token_path fields are set.
+If they are, it should read the token from the specified file, strip any leading/trailing whitespace, and use it as the token.
+If the *_token_path fields are not set, the application should fall back to using the *_token fields.
+Security Considerations:
+
+Ensure that the files containing the tokens have appropriate file permissions to prevent unauthorized access.
+The application should handle potential errors such as file not found, permission denied, or empty token file gracefully.
+Backward Compatibility:
+
+This change is backward-compatible as it allows the use of either the direct token value (as_token/hs_token) or the path-based approach (as_token_path/hs_token_path).
+
+Special Note : Also if we're allowing the use of either the direct token (as_token/hs_token) or the path-based token (as_token_path/hs_token_path), then neither
+ as_token nor hs_token should be marked as strictly required on their own in the required container.

data/api/application-service/definitions/registration.yaml

@@ -24,9 +24,21 @@ properties:
   as_token:
     type: string
     description: A secret token that the application service will use to authenticate requests to the homeserver.
+  as_token_path:
+    type: string
+    description: |-
+      A path to a file containing the secret token that the application service will use to authenticate requests to the homeserver.
+      If specified, the file contents will be used as the as_token. This file should contain only the token, and leading or trailing
+      whitespaces will be stripped before use.
   hs_token:
     type: string
-    description: A secret token that the homeserver will use authenticate requests to the application service.
+    description: A secret token that the homeserver will use to authenticate requests to the application service.
+  hs_token_path:
+    type: string
+    description: |-
+      A path to a file containing the secret token that the homeserver will use to authenticate requests to the application service.
+      If specified, the file contents will be used as the hs_token. This file should contain only the token, and leading or trailing
+      whitespaces will be stripped before use.
   sender_localpart:
     type: string
     description: |-
@@ -71,7 +83,6 @@ properties:
 required:
   - id
   - url
-  - as_token
-  - hs_token
   - sender_localpart
   - namespaces
+