Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-04-05 18:54:10 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge 57c6273162 into 0b5db68242

Browse source
This commit is contained in:
Logan Devine 2026-03-06 20:37:09 +01:00 committed by GitHub
parent 0b5db68242 57c6273162
commit 7944d9dbe3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/client_server/newsfragments/2329.clarification Normal file
View file

@ -0,0 +1 @@
Add link to JSON signing algorithm in server-server auth section for clarity. Contributed by @thetayloredman.

12
content/server-server-api.md
View file

@ -277,12 +277,12 @@ queried from multiple servers to mitigate against DNS spoofing.
Every HTTP request made by a homeserver is authenticated using public
key digital signatures. The request method, target and body are signed
by wrapping them in a JSON object and signing it using the JSON signing
algorithm. The resulting signatures are added as an Authorization header
with an auth scheme of `X-Matrix`. Note that the target field should
include the full path starting with `/_matrix/...`, including the `?`
and any query parameters if present, but should not include the leading
`https:`, nor the destination server's hostname.
by wrapping them in a JSON object and signing it using the [JSON signing
algorithm](/appendices#signing-json). The resulting signatures are added
as an Authorization header with an auth scheme of `X-Matrix`. Note that
the target field should include the full path starting with `/_matrix/...`,
including the `?` and any query parameters if present, but should not
include the leading `https:`, nor the destination server's hostname.
Step 1 sign JSON: