From ae4e8375c67547f69ddbe17d88b579982806fdb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Commaille?= Date: Fri, 29 Mar 2024 11:04:49 +0100 Subject: [PATCH] Add more variants of the security schemes for the client-server API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds the `Authorization: Bearer` possibility. Also clarifies on two endpoints that only an appservice access token can be used. Signed-off-by: Kévin Commaille --- data/api/client-server/account-data.yaml | 12 ++++-- data/api/client-server/admin.yaml | 3 +- .../client-server/administrative_contact.yaml | 18 +++++--- data/api/client-server/appservice_ping.yaml | 6 +-- .../appservice_room_directory.yaml | 6 +-- data/api/client-server/banning.yaml | 6 ++- data/api/client-server/capabilities.yaml | 3 +- data/api/client-server/content-repo.yaml | 12 ++++-- data/api/client-server/create_room.yaml | 3 +- data/api/client-server/cross_signing.yaml | 6 ++- .../client-server/definitions/security.yaml | 32 +++++++++++++- data/api/client-server/device_management.yaml | 15 ++++--- data/api/client-server/directory.yaml | 9 ++-- data/api/client-server/event_context.yaml | 3 +- data/api/client-server/filter.yaml | 6 ++- data/api/client-server/inviting.yaml | 3 +- data/api/client-server/joining.yaml | 6 ++- data/api/client-server/key_backup.yaml | 42 ++++++++++++------- data/api/client-server/keys.yaml | 12 ++++-- data/api/client-server/kicking.yaml | 3 +- data/api/client-server/knocking.yaml | 3 +- data/api/client-server/leaving.yaml | 6 ++- data/api/client-server/list_joined_rooms.yaml | 3 +- data/api/client-server/list_public_rooms.yaml | 6 ++- data/api/client-server/login_token.yaml | 3 +- data/api/client-server/logout.yaml | 6 ++- .../api/client-server/message_pagination.yaml | 3 +- data/api/client-server/notifications.yaml | 3 +- data/api/client-server/old_sync.yaml | 9 ++-- data/api/client-server/openid.yaml | 3 +- data/api/client-server/peeking_events.yaml | 3 +- data/api/client-server/presence.yaml | 6 ++- data/api/client-server/profile.yaml | 6 ++- data/api/client-server/pusher.yaml | 6 ++- data/api/client-server/pushrules.yaml | 24 +++++++---- data/api/client-server/read_markers.yaml | 3 +- data/api/client-server/receipts.yaml | 3 +- data/api/client-server/redaction.yaml | 3 +- data/api/client-server/registration.yaml | 6 ++- data/api/client-server/relations.yaml | 9 ++-- data/api/client-server/report_content.yaml | 3 +- .../room_event_by_timestamp.yaml | 3 +- data/api/client-server/room_initial_sync.yaml | 3 +- data/api/client-server/room_send.yaml | 3 +- data/api/client-server/room_state.yaml | 3 +- data/api/client-server/room_upgrades.yaml | 3 +- data/api/client-server/rooms.yaml | 15 ++++--- data/api/client-server/search.yaml | 3 +- data/api/client-server/space_hierarchy.yaml | 3 +- data/api/client-server/sync.yaml | 3 +- data/api/client-server/tags.yaml | 9 ++-- .../api/client-server/third_party_lookup.yaml | 18 +++++--- .../client-server/third_party_membership.yaml | 3 +- data/api/client-server/threads_list.yaml | 3 +- data/api/client-server/to_device.yaml | 3 +- data/api/client-server/typing.yaml | 3 +- data/api/client-server/users.yaml | 3 +- data/api/client-server/versions.yaml | 3 +- data/api/client-server/voip.yaml | 3 +- data/api/client-server/whoami.yaml | 3 +- 60 files changed, 280 insertions(+), 133 deletions(-) diff --git a/data/api/client-server/account-data.yaml b/data/api/client-server/account-data.yaml index bf89b21b..feb32225 100644 --- a/data/api/client-server/account-data.yaml +++ b/data/api/client-server/account-data.yaml @@ -26,7 +26,8 @@ paths: [/sync](#get_matrixclientv3sync). operationId: setAccountData security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -117,7 +118,8 @@ paths: that set the account data. operationId: getAccountData security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -186,7 +188,8 @@ paths: clients in the per-room entries via [/sync](#get_matrixclientv3sync). operationId: setAccountDataPerRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -285,7 +288,8 @@ paths: visible to the user that set the account data. operationId: getAccountDataPerRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/admin.yaml b/data/api/client-server/admin.yaml index ec92eadb..63973ef6 100644 --- a/data/api/client-server/admin.yaml +++ b/data/api/client-server/admin.yaml @@ -27,7 +27,8 @@ paths: specified in this document. operationId: getWhoIs security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/administrative_contact.yaml b/data/api/client-server/administrative_contact.yaml index f2adefd1..21ce02b0 100644 --- a/data/api/client-server/administrative_contact.yaml +++ b/data/api/client-server/administrative_contact.yaml @@ -31,7 +31,8 @@ paths: identifiers that it will accept to reset the user's account password. operationId: getAccount3PIDs security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The lookup was successful. @@ -101,7 +102,8 @@ paths: operationId: post3PIDs deprecated: true security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -201,7 +203,8 @@ paths: already been added to another user's account on the homeserver. operationId: add3PID security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -263,7 +266,8 @@ paths: Homeservers should track successful binds so they can be unbound later. operationId: bind3PID security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -324,7 +328,8 @@ paths: identity server instead. operationId: delete3pidFromAccount security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -393,7 +398,8 @@ paths: identity server instead. operationId: unbind3pidFromAccount security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/appservice_ping.yaml b/data/api/client-server/appservice_ping.yaml index 7102659e..d65b9f6d 100644 --- a/data/api/client-server/appservice_ping.yaml +++ b/data/api/client-server/appservice_ping.yaml @@ -57,8 +57,8 @@ paths: example: mautrix-go_1683636478256400935_123 required: true security: - # again, this is the appservice's token - not a typical client's - - accessToken: [] + - appserviceAccessTokenQuery: [] + - appserviceAccessTokenBearer: [] responses: "200": description: The ping was successful. @@ -177,6 +177,4 @@ servers: default: /_matrix/client/v1 components: securitySchemes: - # Note: this is the same access_token definition used elsewhere in the client - # server API, however this expects an access token for an application service. $ref: definitions/security.yaml diff --git a/data/api/client-server/appservice_room_directory.yaml b/data/api/client-server/appservice_room_directory.yaml index 2af58a22..e15f7594 100644 --- a/data/api/client-server/appservice_room_directory.yaml +++ b/data/api/client-server/appservice_room_directory.yaml @@ -67,8 +67,8 @@ paths: - visibility required: true security: - # again, this is the appservice's token - not a typical client's - - accessToken: [] + - appserviceAccessTokenQuery: [] + - appserviceAccessTokenBearer: [] responses: "200": description: The room's directory visibility has been updated. @@ -95,6 +95,4 @@ servers: default: /_matrix/client/v3 components: securitySchemes: - # Note: this is the same access_token definition used elsewhere in the client - # server API, however this expects an access token for an application service. $ref: definitions/security.yaml diff --git a/data/api/client-server/banning.yaml b/data/api/client-server/banning.yaml index 5185d89b..86606266 100644 --- a/data/api/client-server/banning.yaml +++ b/data/api/client-server/banning.yaml @@ -27,7 +27,8 @@ paths: The caller must have the required power level in order to perform this operation. operationId: ban security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -96,7 +97,8 @@ paths: The caller must have the required power level in order to perform this operation. operationId: unban security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/capabilities.yaml b/data/api/client-server/capabilities.yaml index 96fdfb56..507a932c 100644 --- a/data/api/client-server/capabilities.yaml +++ b/data/api/client-server/capabilities.yaml @@ -24,7 +24,8 @@ paths: and other relevant capabilities. operationId: getCapabilities security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The capabilities of the server. diff --git a/data/api/client-server/content-repo.yaml b/data/api/client-server/content-repo.yaml index c8800279..1370bcca 100644 --- a/data/api/client-server/content-repo.yaml +++ b/data/api/client-server/content-repo.yaml @@ -22,7 +22,8 @@ paths: summary: Upload some content to the content repository. operationId: uploadContent security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: header name: Content-Type @@ -234,7 +235,8 @@ paths: operationId: createContent x-addedInMatrixVersion: "1.7" security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] # empty json object responses: "200": @@ -741,7 +743,8 @@ paths: being shared should also not be shared with the homeserver. operationId: getUrlPreview security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: url @@ -816,7 +819,8 @@ paths: than is advertised by the server on this endpoint. operationId: getConfig security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The public content repository configuration for the matrix server. diff --git a/data/api/client-server/create_room.yaml b/data/api/client-server/create_room.yaml index 3c04de00..f15bd0d8 100644 --- a/data/api/client-server/create_room.yaml +++ b/data/api/client-server/create_room.yaml @@ -64,7 +64,8 @@ paths: `creation_content`. operationId: createRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/cross_signing.yaml b/data/api/client-server/cross_signing.yaml index 15d093c2..575d1a66 100644 --- a/data/api/client-server/cross_signing.yaml +++ b/data/api/client-server/cross_signing.yaml @@ -26,7 +26,8 @@ paths: This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api). operationId: uploadCrossSigningKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -155,7 +156,8 @@ paths: property, which contains the new signature(s) to add. operationId: uploadCrossSigningSignatures security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/definitions/security.yaml b/data/api/client-server/definitions/security.yaml index 963e1d43..16ceb8ac 100644 --- a/data/api/client-server/definitions/security.yaml +++ b/data/api/client-server/definitions/security.yaml @@ -11,8 +11,36 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -accessToken: +accessTokenQuery: type: apiKey - description: The access_token returned by a call to `/login` or `/register` + description: |- + The `access_token` returned by a call to `/login` or `/register`, as a query + parameter. + + It can also be the `as_token` of an application service. name: access_token in: query +accessTokenBearer: + type: http + description: |- + The `access_token` returned by a call to `/login` or `/register`, using the + `Authorization: Bearer` header. + + It can also be the `as_token` of an application service. + + This is the preferred method. + scheme: bearer +appserviceAccessTokenQuery: + type: apiKey + description: |- + The `as_token` of an application service, as a query parameter. + name: access_token + in: query +appserviceAccessTokenBearer: + type: http + description: |- + The `as_token` of an application service, using the `Authorization: Bearer` + header. + + This is the preferred method. + scheme: bearer diff --git a/data/api/client-server/device_management.yaml b/data/api/client-server/device_management.yaml index 32d3db9a..7deed120 100644 --- a/data/api/client-server/device_management.yaml +++ b/data/api/client-server/device_management.yaml @@ -22,7 +22,8 @@ paths: description: Gets information about all devices for the current user. operationId: getDevices security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: Device information @@ -58,7 +59,8 @@ paths: description: Gets information on a single device, by device id. operationId: getDevice security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: deviceId @@ -93,7 +95,8 @@ paths: description: Updates the metadata on the given device. operationId: updateDevice security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: deviceId @@ -140,7 +143,8 @@ paths: Deletes the given device, and invalidates any access token associated with it. operationId: deleteDevice security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: deviceId @@ -191,7 +195,8 @@ paths: Deletes the given devices, and invalidates any access token associated with them. operationId: deleteDevices security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/directory.yaml b/data/api/client-server/directory.yaml index df29fbf8..e7c5f105 100644 --- a/data/api/client-server/directory.yaml +++ b/data/api/client-server/directory.yaml @@ -21,7 +21,8 @@ paths: summary: Create a new mapping from room alias to room ID. operationId: setRoomAlias security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomAlias @@ -172,7 +173,8 @@ paths: have permission to update the `m.room.canonical_alias` event. operationId: deleteRoomAlias security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomAlias @@ -229,7 +231,8 @@ paths: state event. operationId: getLocalAliases security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/event_context.yaml b/data/api/client-server/event_context.yaml index 0d740241..de424741 100644 --- a/data/api/client-server/event_context.yaml +++ b/data/api/client-server/event_context.yaml @@ -28,7 +28,8 @@ paths: [Lazy-loading room members](/client-server-api/#lazy-loading-room-members) for more information. operationId: getEventContext security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/filter.yaml b/data/api/client-server/filter.yaml index 8405f81e..aa3de40c 100644 --- a/data/api/client-server/filter.yaml +++ b/data/api/client-server/filter.yaml @@ -25,7 +25,8 @@ paths: restrict which events are returned to the client. operationId: defineFilter security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -119,7 +120,8 @@ paths: summary: Download a filter operationId: getFilter security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/inviting.yaml b/data/api/client-server/inviting.yaml index ce5d503d..6dea4830 100644 --- a/data/api/client-server/inviting.yaml +++ b/data/api/client-server/inviting.yaml @@ -38,7 +38,8 @@ paths: `m.room.member` event to the room. operationId: inviteUser security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/joining.yaml b/data/api/client-server/joining.yaml index 020c5a0e..3e771725 100644 --- a/data/api/client-server/joining.yaml +++ b/data/api/client-server/joining.yaml @@ -33,7 +33,8 @@ paths: and [`/sync`](/client-server-api/#get_matrixclientv3sync) APIs. operationId: joinRoomById security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -126,7 +127,8 @@ paths: and [`/sync`](/client-server-api/#get_matrixclientv3sync) APIs. operationId: joinRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomIdOrAlias diff --git a/data/api/client-server/key_backup.yaml b/data/api/client-server/key_backup.yaml index cd7cf5a0..8136de44 100644 --- a/data/api/client-server/key_backup.yaml +++ b/data/api/client-server/key_backup.yaml @@ -23,7 +23,8 @@ paths: description: Creates a new backup. operationId: postRoomKeysVersion security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -80,7 +81,8 @@ paths: description: Get information about the latest backup version. operationId: getRoomKeysVersionCurrent security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The information about the backup. @@ -155,7 +157,8 @@ paths: description: Get information about an existing backup. operationId: getRoomKeysVersion security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: version @@ -242,7 +245,8 @@ paths: be modified. operationId: putRoomKeysVersion security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: version @@ -344,7 +348,8 @@ paths: as well as all key data related to the backup will be deleted. operationId: deleteRoomKeysVersion security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: version @@ -396,7 +401,8 @@ paths: description: Store a key in the backup. operationId: putRoomKeyBySessionId security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -478,7 +484,8 @@ paths: description: Retrieve a key from the backup. operationId: getRoomKeyBySessionId security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -534,7 +541,8 @@ paths: description: Delete a key from the backup. operationId: deleteRoomKeyBySessionId security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -606,7 +614,8 @@ paths: description: Store several keys in the backup for a given room. operationId: putRoomKeysByRoomId security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -693,7 +702,8 @@ paths: description: Retrieve the keys from the backup for a given room. operationId: getRoomKeysByRoomId security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -745,7 +755,8 @@ paths: description: Delete the keys from the backup for a given room. operationId: deleteRoomKeysByRoomId security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -810,7 +821,8 @@ paths: description: Store several keys in the backup. operationId: putRoomKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -910,7 +922,8 @@ paths: description: Retrieve the keys from the backup. operationId: getRoomKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version @@ -974,7 +987,8 @@ paths: description: Delete the keys from the backup. operationId: deleteRoomKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: version diff --git a/data/api/client-server/keys.yaml b/data/api/client-server/keys.yaml index 3ec2a977..7640dd54 100644 --- a/data/api/client-server/keys.yaml +++ b/data/api/client-server/keys.yaml @@ -24,7 +24,8 @@ paths: description: Publishes end-to-end encryption keys for the device. operationId: uploadKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -120,7 +121,8 @@ paths: description: Returns the current devices and identity keys for the given users. operationId: queryKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -283,7 +285,8 @@ paths: description: Claims one-time keys for use in pre-key messages. operationId: claimKeys security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: @@ -383,7 +386,8 @@ paths: identity keys, between `from` and `to`. operationId: getKeysChanges security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: from diff --git a/data/api/client-server/kicking.yaml b/data/api/client-server/kicking.yaml index 6eaa8243..005f6c3f 100644 --- a/data/api/client-server/kicking.yaml +++ b/data/api/client-server/kicking.yaml @@ -29,7 +29,8 @@ paths: the target member's state by making a request to `/rooms//state/m.room.member/`. operationId: kick security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/knocking.yaml b/data/api/client-server/knocking.yaml index b778f02b..2bed3bc7 100644 --- a/data/api/client-server/knocking.yaml +++ b/data/api/client-server/knocking.yaml @@ -38,7 +38,8 @@ paths: [`/sync`](/client-server-api/#get_matrixclientv3sync) API. operationId: knockRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomIdOrAlias diff --git a/data/api/client-server/leaving.yaml b/data/api/client-server/leaving.yaml index 6e7d67d0..6961384f 100644 --- a/data/api/client-server/leaving.yaml +++ b/data/api/client-server/leaving.yaml @@ -33,7 +33,8 @@ paths: they were previously allowed to see. operationId: leaveRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -91,7 +92,8 @@ paths: before calling this API. operationId: forgetRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/list_joined_rooms.yaml b/data/api/client-server/list_joined_rooms.yaml index 68451409..3f5adf05 100644 --- a/data/api/client-server/list_joined_rooms.yaml +++ b/data/api/client-server/list_joined_rooms.yaml @@ -22,7 +22,8 @@ paths: description: This API returns a list of the user's current rooms. operationId: getJoinedRooms security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: A list of the rooms the user is in. diff --git a/data/api/client-server/list_public_rooms.yaml b/data/api/client-server/list_public_rooms.yaml index 678f52ad..1ed73a30 100644 --- a/data/api/client-server/list_public_rooms.yaml +++ b/data/api/client-server/list_public_rooms.yaml @@ -74,7 +74,8 @@ paths: the room creator or a server administrator. operationId: setRoomVisibilityOnDirectory security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -175,7 +176,8 @@ paths: of joined members, with the largest rooms first. operationId: queryPublicRooms security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: server diff --git a/data/api/client-server/login_token.yaml b/data/api/client-server/login_token.yaml index d31607fb..769db77c 100644 --- a/data/api/client-server/login_token.yaml +++ b/data/api/client-server/login_token.yaml @@ -53,7 +53,8 @@ paths: operationId: generateLoginToken x-addedInMatrixVersion: "1.7" security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/logout.yaml b/data/api/client-server/logout.yaml index c3287472..9973b3fe 100644 --- a/data/api/client-server/logout.yaml +++ b/data/api/client-server/logout.yaml @@ -25,7 +25,8 @@ paths: [Device keys](/client-server-api/#device-keys) for the device are deleted alongside the device. operationId: logout security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The access token used in the request was successfully invalidated. @@ -53,7 +54,8 @@ paths: this way. operationId: logout_all security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The user's access tokens were successfully invalidated. diff --git a/data/api/client-server/message_pagination.yaml b/data/api/client-server/message_pagination.yaml index 07c16497..bf8651b0 100644 --- a/data/api/client-server/message_pagination.yaml +++ b/data/api/client-server/message_pagination.yaml @@ -27,7 +27,8 @@ paths: [Lazy-loading room members](/client-server-api/#lazy-loading-room-members) for more information. operationId: getRoomEvents security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/notifications.yaml b/data/api/client-server/notifications.yaml index 21d6640a..67085cc1 100644 --- a/data/api/client-server/notifications.yaml +++ b/data/api/client-server/notifications.yaml @@ -24,7 +24,8 @@ paths: user has been, or would have been notified about. operationId: getNotifications security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: from diff --git a/data/api/client-server/old_sync.yaml b/data/api/client-server/old_sync.yaml index 2d1e4f61..4571d8fa 100644 --- a/data/api/client-server/old_sync.yaml +++ b/data/api/client-server/old_sync.yaml @@ -29,7 +29,8 @@ paths: the [migration guide](https://matrix.org/docs/guides/migrating-from-client-server-api-v-1#deprecated-endpoints). operationId: getEvents security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: from @@ -99,7 +100,8 @@ paths: the [migration guide](https://matrix.org/docs/guides/migrating-from-client-server-api-v-1#deprecated-endpoints). operationId: initialSync security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: limit @@ -325,7 +327,8 @@ paths: or the [/rooms/{roomId}/context/{eventId](/client-server-api/#get_matrixclientv3roomsroomidcontexteventid) API. operationId: getOneEvent security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: eventId diff --git a/data/api/client-server/openid.yaml b/data/api/client-server/openid.yaml index 2dbd1227..76f7d1eb 100644 --- a/data/api/client-server/openid.yaml +++ b/data/api/client-server/openid.yaml @@ -30,7 +30,8 @@ paths: example. operationId: requestOpenIdToken security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/peeking_events.yaml b/data/api/client-server/peeking_events.yaml index b323d940..53af18e1 100644 --- a/data/api/client-server/peeking_events.yaml +++ b/data/api/client-server/peeking_events.yaml @@ -34,7 +34,8 @@ paths: yet known. operationId: peekEvents security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: from diff --git a/data/api/client-server/presence.yaml b/data/api/client-server/presence.yaml index caa19854..dee6d3da 100644 --- a/data/api/client-server/presence.yaml +++ b/data/api/client-server/presence.yaml @@ -26,7 +26,8 @@ paths: presence state of another user. operationId: setPresence security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -82,7 +83,8 @@ paths: description: Get the given user's presence state. operationId: getPresence security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/profile.yaml b/data/api/client-server/profile.yaml index b47cf591..4758a843 100644 --- a/data/api/client-server/profile.yaml +++ b/data/api/client-server/profile.yaml @@ -24,7 +24,8 @@ paths: set this user's display name, e.g. you need to have their `access_token`. operationId: setDisplayName security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -109,7 +110,8 @@ paths: set this user's avatar URL, e.g. you need to have their `access_token`. operationId: setAvatarUrl security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/pusher.yaml b/data/api/client-server/pusher.yaml index c686e9ae..4c2ab9b7 100644 --- a/data/api/client-server/pusher.yaml +++ b/data/api/client-server/pusher.yaml @@ -23,7 +23,8 @@ paths: description: Gets all currently active pushers for the authenticated user. operationId: getPushers security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The pushers for this user. @@ -136,7 +137,8 @@ paths: user is deleted. operationId: postPusher security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/pushrules.yaml b/data/api/client-server/pushrules.yaml index 57638583..3506510a 100644 --- a/data/api/client-server/pushrules.yaml +++ b/data/api/client-server/pushrules.yaml @@ -26,7 +26,8 @@ paths: specified key e.g. the `global` key. operationId: getPushRules security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: All the push rulesets for this user. @@ -242,7 +243,8 @@ paths: description: Retrieve a single specified push rule. operationId: getPushRule security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope @@ -313,7 +315,8 @@ paths: description: This endpoint removes the push rule defined in the path. operationId: deletePushRule security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope @@ -389,7 +392,8 @@ paths: When creating push rules, they MUST be enabled by default. operationId: setPushRule security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope @@ -527,7 +531,8 @@ paths: description: This endpoint gets whether the specified push rule is enabled. operationId: isPushRuleEnabled security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope @@ -598,7 +603,8 @@ paths: push rule. operationId: setPushRuleEnabled security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope @@ -676,7 +682,8 @@ paths: description: This endpoint get the actions for the specified push rule. operationId: getPushRuleActions security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope @@ -756,7 +763,8 @@ paths: This can be used to change the actions of builtin rules. operationId: setPushRuleActions security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: scope diff --git a/data/api/client-server/read_markers.yaml b/data/api/client-server/read_markers.yaml index 5372df34..2d1389d9 100644 --- a/data/api/client-server/read_markers.yaml +++ b/data/api/client-server/read_markers.yaml @@ -25,7 +25,8 @@ paths: the read receipt's location. operationId: setReadMarker security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/receipts.yaml b/data/api/client-server/receipts.yaml index abbd7a62..05be7d1a 100644 --- a/data/api/client-server/receipts.yaml +++ b/data/api/client-server/receipts.yaml @@ -25,7 +25,8 @@ paths: specified. operationId: postReceipt security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/redaction.yaml b/data/api/client-server/redaction.yaml index aca69fa6..3dc8e45f 100644 --- a/data/api/client-server/redaction.yaml +++ b/data/api/client-server/redaction.yaml @@ -33,7 +33,8 @@ paths: Server administrators may redact events sent by users on their server. operationId: redactEvent security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/registration.yaml b/data/api/client-server/registration.yaml index 5679d02c..a6a50dff 100644 --- a/data/api/client-server/registration.yaml +++ b/data/api/client-server/registration.yaml @@ -387,7 +387,8 @@ paths: access token provided in the request. Whether other access tokens for the user are revoked depends on the request parameters. security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] operationId: changePassword requestBody: content: @@ -591,7 +592,8 @@ paths: parameter because the homeserver is expected to sign the request to the identity server instead. security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] operationId: deactivateAccount requestBody: content: diff --git a/data/api/client-server/relations.yaml b/data/api/client-server/relations.yaml index 25c70199..8b8e1c15 100644 --- a/data/api/client-server/relations.yaml +++ b/data/api/client-server/relations.yaml @@ -31,7 +31,8 @@ paths: page 1 and a `to` token from page 2 to paginate over the same range, however. operationId: getRelatingEvents security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - $ref: '#/components/parameters/roomId' - $ref: '#/components/parameters/eventId' @@ -88,7 +89,8 @@ paths: page 1 and a `to` token from page 2 to paginate over the same range, however. operationId: getRelatingEventsWithRelType security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - $ref: '#/components/parameters/roomId' - $ref: '#/components/parameters/eventId' @@ -149,7 +151,8 @@ paths: page 1 and a `to` token from page 2 to paginate over the same range, however. operationId: getRelatingEventsWithRelTypeAndEventType security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - $ref: '#/components/parameters/roomId' - $ref: '#/components/parameters/eventId' diff --git a/data/api/client-server/report_content.yaml b/data/api/client-server/report_content.yaml index 9241705a..f94d938c 100644 --- a/data/api/client-server/report_content.yaml +++ b/data/api/client-server/report_content.yaml @@ -65,7 +65,8 @@ paths: description: The reason the content is being reported. May be blank. required: true security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] x-changedInMatrixVersion: 1.8: | This endpoint now requires the user to be joined to the room. diff --git a/data/api/client-server/room_event_by_timestamp.yaml b/data/api/client-server/room_event_by_timestamp.yaml index 19e7302b..9cc5e143 100644 --- a/data/api/client-server/room_event_by_timestamp.yaml +++ b/data/api/client-server/room_event_by_timestamp.yaml @@ -46,7 +46,8 @@ paths: found in that direction is outside of the expected range. operationId: getEventByTimestamp security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/room_initial_sync.yaml b/data/api/client-server/room_initial_sync.yaml index 53cb0bee..a4a67069 100644 --- a/data/api/client-server/room_initial_sync.yaml +++ b/data/api/client-server/room_initial_sync.yaml @@ -15,7 +15,8 @@ paths: [migration guide](https://matrix.org/docs/guides/migrating-from-client-server-api-v-1#deprecated-endpoints). operationId: roomInitialSync security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/room_send.yaml b/data/api/client-server/room_send.yaml index 638dc86d..d39925c4 100644 --- a/data/api/client-server/room_send.yaml +++ b/data/api/client-server/room_send.yaml @@ -30,7 +30,8 @@ paths: [Room Events](/client-server-api/#room-events) for the m. event specification. operationId: sendMessage security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/room_state.yaml b/data/api/client-server/room_state.yaml index 1c03dbdd..a088855f 100644 --- a/data/api/client-server/room_state.yaml +++ b/data/api/client-server/room_state.yaml @@ -39,7 +39,8 @@ paths: being removed or are already present in the state event. operationId: setRoomStateWithKey security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/room_upgrades.yaml b/data/api/client-server/room_upgrades.yaml index 296ffe6a..ae921cb6 100644 --- a/data/api/client-server/room_upgrades.yaml +++ b/data/api/client-server/room_upgrades.yaml @@ -22,7 +22,8 @@ paths: description: Upgrades the given room to a particular room version. operationId: upgradeRoom security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/rooms.yaml b/data/api/client-server/rooms.yaml index 4a192305..ec16e117 100644 --- a/data/api/client-server/rooms.yaml +++ b/data/api/client-server/rooms.yaml @@ -24,7 +24,8 @@ paths: retrieve this event e.g. by being a member in the room for this event. operationId: getOneRoomEvent security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -78,7 +79,8 @@ paths: taken from the state of the room when they left. operationId: getRoomStateWithKey security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -128,7 +130,8 @@ paths: description: Get the state events for the current state of a room. operationId: getRoomState security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId @@ -234,7 +237,8 @@ paths: - leave - ban security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: |- @@ -284,7 +288,8 @@ paths: schema: type: string security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: A map of MXID to room member objects. diff --git a/data/api/client-server/search.yaml b/data/api/client-server/search.yaml index 981f93aa..26be8b1f 100644 --- a/data/api/client-server/search.yaml +++ b/data/api/client-server/search.yaml @@ -22,7 +22,8 @@ paths: description: Performs a full text search across different categories. operationId: search security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: next_batch diff --git a/data/api/client-server/space_hierarchy.yaml b/data/api/client-server/space_hierarchy.yaml index 9b33ee66..0c2589b4 100644 --- a/data/api/client-server/space_hierarchy.yaml +++ b/data/api/client-server/space_hierarchy.yaml @@ -30,7 +30,8 @@ paths: rooms and parent events are not covered by this endpoint. operationId: getSpaceHierarchy security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/sync.yaml b/data/api/client-server/sync.yaml index 5e554722..03173cf6 100644 --- a/data/api/client-server/sync.yaml +++ b/data/api/client-server/sync.yaml @@ -43,7 +43,8 @@ paths: events, alongside other state, when lazy-loading is not enabled. operationId: sync security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: filter diff --git a/data/api/client-server/tags.yaml b/data/api/client-server/tags.yaml index f805e02f..37f8ecfd 100644 --- a/data/api/client-server/tags.yaml +++ b/data/api/client-server/tags.yaml @@ -23,7 +23,8 @@ paths: description: List the tags set by a user on a room. operationId: getRoomTags security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -83,7 +84,8 @@ paths: description: Add a tag to the room. operationId: setRoomTag security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId @@ -143,7 +145,8 @@ paths: description: Remove a tag from the room. operationId: deleteRoomTag security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/third_party_lookup.yaml b/data/api/client-server/third_party_lookup.yaml index 797f065f..81fb2e3a 100644 --- a/data/api/client-server/third_party_lookup.yaml +++ b/data/api/client-server/third_party_lookup.yaml @@ -25,7 +25,8 @@ paths: required for queries against each protocol. operationId: getProtocols security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The protocols supported by the homeserver. @@ -42,7 +43,8 @@ paths: third-party protocol. operationId: getProtocolMetadata security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: protocol @@ -85,7 +87,8 @@ paths: as reasonably possible given the network type. operationId: queryLocationByProtocol security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: protocol @@ -129,7 +132,8 @@ paths: a set of user parameters. operationId: queryUserByProtocol security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: protocol @@ -174,7 +178,8 @@ paths: alias. operationId: queryLocationByAlias security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: alias @@ -209,7 +214,8 @@ paths: description: Retrieve an array of third-party users from a Matrix User ID. operationId: queryUserByID security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: query name: userid diff --git a/data/api/client-server/third_party_membership.yaml b/data/api/client-server/third_party_membership.yaml index 7105ac84..af956b02 100644 --- a/data/api/client-server/third_party_membership.yaml +++ b/data/api/client-server/third_party_membership.yaml @@ -62,7 +62,8 @@ paths: append a `m.room.third_party_invite` event to the room. operationId: inviteBy3PID security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/threads_list.yaml b/data/api/client-server/threads_list.yaml index 8724b58d..34b216b4 100644 --- a/data/api/client-server/threads_list.yaml +++ b/data/api/client-server/threads_list.yaml @@ -27,7 +27,8 @@ paths: user has participated in the thread. operationId: getThreadRoots security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: roomId diff --git a/data/api/client-server/to_device.yaml b/data/api/client-server/to_device.yaml index d8832fa3..f84cf353 100644 --- a/data/api/client-server/to_device.yaml +++ b/data/api/client-server/to_device.yaml @@ -24,7 +24,8 @@ paths: client devices. operationId: sendToDevice security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: eventType diff --git a/data/api/client-server/typing.yaml b/data/api/client-server/typing.yaml index 6d6a7437..5393dc5d 100644 --- a/data/api/client-server/typing.yaml +++ b/data/api/client-server/typing.yaml @@ -26,7 +26,8 @@ paths: user has stopped typing. operationId: setTyping security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] parameters: - in: path name: userId diff --git a/data/api/client-server/users.yaml b/data/api/client-server/users.yaml index 67854f08..7fb96e83 100644 --- a/data/api/client-server/users.yaml +++ b/data/api/client-server/users.yaml @@ -32,7 +32,8 @@ paths: `Accept-Language` header provided in the request, if present. operationId: searchUserDirectory security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] requestBody: content: application/json: diff --git a/data/api/client-server/versions.yaml b/data/api/client-server/versions.yaml index 7cf9a40e..00908bdf 100644 --- a/data/api/client-server/versions.yaml +++ b/data/api/client-server/versions.yaml @@ -45,7 +45,8 @@ paths: operationId: getVersions security: - {} - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] x-changedInMatrixVersion: "1.10": | This endpoint can behave differently when authentication is provided. diff --git a/data/api/client-server/voip.yaml b/data/api/client-server/voip.yaml index ea9146ec..04c1a3ca 100644 --- a/data/api/client-server/voip.yaml +++ b/data/api/client-server/voip.yaml @@ -24,7 +24,8 @@ paths: calls. operationId: getTurnServer security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The TURN server credentials. diff --git a/data/api/client-server/whoami.yaml b/data/api/client-server/whoami.yaml index 342cbeb7..ac861c94 100644 --- a/data/api/client-server/whoami.yaml +++ b/data/api/client-server/whoami.yaml @@ -30,7 +30,8 @@ paths: body. operationId: getTokenOwner security: - - accessToken: [] + - accessTokenQuery: [] + - accessTokenBearer: [] responses: "200": description: The token belongs to a known user.