Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-05-16 06:50:44 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Link to RFC 9700 OAuth 2.0 Best Current Practices (#2379)
Some checks failed
Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled
Details
Spec / 🔎 Check Event schema examples (push) Has been cancelled
Details
Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled
Details
Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled
Details
Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled
Details
Spec / 📢 Run towncrier for changelog (push) Has been cancelled
Details
Spell Check / Spell Check with Typos (push) Has been cancelled
Details
Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled
Details
Spec / 📖 Build the spec (push) Has been cancelled
Details
Spec / 🔎 Validate generated HTML (push) Has been cancelled
Details
Spec / 📖 Build the historical backup spec (push) Has been cancelled
Details
Spec / Create release (push) Has been cancelled
Details

Browse source
This commit is contained in:
Hugh Nimmo-Smith 2026-05-14 09:20:43 +01:00 committed by GitHub
parent 684d080f9a
commit 905165ffd3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/client_server/newsfragments/2379.clarification Normal file
View file

@ -0,0 +1 @@
Add link to RFC 9700 OAuth 2.0 Best Current Practices.

3
content/client-server-api/_index.md
View file

@ -1742,6 +1742,9 @@ over the requirements to create a new account and is not limited by the steps
defined in this specification. It also means that less trust is given to clients defined in this specification. It also means that less trust is given to clients
because they don't have access to the user's credentials anymore. because they don't have access to the user's credentials anymore.
The best practices from [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700)
are applicable to this API and are recommended reading for implementors.
{{% boxes/warning %}} {{% boxes/warning %}}
The [User-Interactive Authentication API](#user-interactive-authentication-api) The [User-Interactive Authentication API](#user-interactive-authentication-api)
is not compatible with the OAuth 2.0 API, so the endpoints that depend on it for is not compatible with the OAuth 2.0 API, so the endpoints that depend on it for