* Clarify that SSO login applies to the legacy authentication API
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Do not point to specific authentication API for obtaining access token
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add warnings about incompatibility with OAuth 2.0 to endpoints that use UIA
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add changelog
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add note about API standards not applying to OAuth 2.0
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Apply suggestions from code review
---------
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Co-authored-by: Travis Ralston <travpc@gmail.com>
I tried to summarize MSC3861, and add sections to be able to find quickly how to do something with either API.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Since account locking and suspension are authentication API agnostic,
this is a pre-requisite to adding the new OAuth 2.0-based API.
This also splits the endpoints that where all included in the
registration OpenAPI data, to separate them cleanly in the spec, and
avoid having deactivation show before registration.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Kim Brose <2803622+HarHarLinks@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Specify account suspension
* changelog
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add some links
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add error codes from MSC4178
* changelog
* Put changelog in the right place
* Move newsfile
* Add the codes to the right endpoint
* Also add M_THREEPID_IN_USE
which was always used and is specified in the IS API, but not in the
C/S API. We decided this was well-specced enough that it didn't need
its own MSC.
The first commit allows to lazy-load the diagrams, which should improve the loading time of the CS API on mobile. In the process it also improves the alt text of the images.
The second commit serves the diagrams as high-resolution WebPs. Encoding a high resolution diagram as WebP gives a file of approximately the same size as the lower resolution PNG. For maximum compatibility we also serve them as a lower resolution WebP and a fallback PNG. WebP was chosen because it is one of the export formats of draw.io/diagrams.net, and it is widely available in modern browsers.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
The `<>` delimiters are not necessary for the shortcode to be rendered inline, and in some cases they break some expectations: a shortcode that is separated from other text to be in its own paragraph is not actually wrapped by a `p` element, breaking the spacing between paragraphs.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* C2S: Deprecate now-legacy endpoints
* C2S: Fix MXC URI code block while we're here
* C2S: Describe the authentication and deprecation requirements
* C2S: Intro the upload/download endpoints differently
* C2S: Literally copy/paste the `content-repo.yaml` spec
* C2S: Drop `/upload` and `/create` because we aren't replacing them today
* C2S: Fix notes while we're here
* C2S: Update metadata for new endpoints
* C2S: Add authentication to new endpoints
* C2S: Drop `allow_remote` and `allow_redirect` on new endpoints
* C2S: Append backwards compatibility notes
* C2S: Decorate old media endpoints with pointers to the new ones
The server-server spec might have a harder time linking to these, but that can be fixed with verbiage.
* C2S: Annotate IdP icon spec with media auth implications
* S2S: Modernize section text
* S2S: Create content repository API
This is largely a copy/paste of the new authed content repo API in the Client-Server API, though some keywords (like "client") have been changed. Paths and response formats have also been changed to support the federation-specific requirements.
* C2S & S2S: Add plethora of changelogs
* Reference RFC 1341
* Upgrade keywords in changed text
* Mention caching
* Cross-reference IdP icons
* Update content/client-server-api/modules/content_repo.md
Since we already have three of these, and I'm about to add a fourth, let's pull
it out to a common definition.
We could, of course, keep defining the grammar each time it's used, but
defining it in an appendix helps us be consistent for future API design.
