Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2025-12-24 09:58:38 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Mention that /register provides a token but it's not helpful

Browse source
This commit is contained in:
Will Hunt 2021-05-03 18:09:27 +01:00
parent bf9cc0a562
commit e781b75847
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
proposals/2778-appservice-login.md
View file

@ -81,6 +81,12 @@ A third option could be to create a new endpoint that simply creates a new devic
Given the rest of the matrix eco-system does this with /login, and /login is already extensible with `type`, it would
create more work for all parties involved for little benefit.
Finally, `POST /register` does already return a `device_id`, `access_token` for appservice users by default. However critically
this means that bridges will need to be designed to store the access_token and device_id from the point of creating the user,
so older bridges would be unable to get an access token for existing users as `POST /register` would fail.
It would difficult to log out these tokens if they got exposed additionally, as the AS would not be able to fetch a new access token.
Furthermore, the ability to generate access tokens for real users who registered elsewhere would not be possible with this mechanism.
## Security considerations
Appservices could use this new functionality to generate devices for any userId that are within it's namespace e.g. setting the