Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-04-18 09:04:09 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: Filip:1db317cc7565733d6c4d280beac0d00965a907b9
Branches Tags
Filip:main
Filip:rav/en_GB/authorisation
Filip:tulir/room-upgrade-via
Filip:release/v1.18
Filip:release/v1.17
Filip:release/v1.16
Filip:release/v1.15
Filip:release/1.14
Filip:release/v1.13
Filip:release/v1.12
Filip:release/v1.11
Filip:tulir/msc4142
Filip:release/v1.10
Filip:travis/msc2702-msc2701
Filip:rav/ref_objects_in_params
Filip:dkasak/foldable-sidebar
Filip:travis/knock-join
Filip:release/v1.9
Filip:release/v1.8
Filip:anoa/update_docsy
Filip:anoa/nix_flake
Filip:dbkr/3077-multi-stream-voip
Filip:release/v1.7
Filip:dbkr/2746-reliable-voip
Filip:rav/links_for_object_defs
Filip:release/v1.6
Filip:release/v1.5
Filip:release/v1.4
Filip:anoa/invite_knock_room_state
Filip:release/v1.3
Filip:v1.18
Filip:v1.17
Filip:v1.16
Filip:v1.15
Filip:v1.14
Filip:v1.13
Filip:v1.12
Filip:v1.11
Filip:v1.10
Filip:v1.9
Filip:v1.8
Filip:v1.7
Filip:v1.6
Filip:v1.5
Filip:v1.4
Filip:v1.3
Filip:v1.2
Filip:v1.1
Filip:server_server/r0.1.4
Filip:client_server/r0.6.1
Filip:client_server/r0.6.0
Filip:identity_service/r0.3.0
Filip:server_server/r0.1.3
Filip:application_service/r0.1.2
Filip:push_gateway/r0.1.1
Filip:identity_service/r0.2.1
Filip:client_server/r0.5.0
Filip:server_server/r0.1.2
Filip:identity_service/r0.2.0
Filip:application_service/r0.1.1
Filip:server_server/r0.1.1
Filip:server_server/r0.1.0
Filip:client_server/r0.4.0
Filip:identity_service/r0.1.0
Filip:application_service/r0.1.0
Filip:push_gateway/r0.1.0
Filip:client-server/r0.3.0
Filip:client-server/0.3.0
Filip:client-server/r0.2.0
Filip:client-server/r0.1.0
Filip:r0.0.1
Filip:r0.0.0
Filip:0.2.0
...
compare: Filip:056b61ab84e1c0c1f927ab69ebb64a93a795b5aa
Branches Tags
Filip:rav/en_GB/authorisation
Filip:main
Filip:tulir/room-upgrade-via
Filip:release/v1.18
Filip:release/v1.17
Filip:release/v1.16
Filip:release/v1.15
Filip:release/1.14
Filip:release/v1.13
Filip:release/v1.12
Filip:release/v1.11
Filip:tulir/msc4142
Filip:release/v1.10
Filip:travis/msc2702-msc2701
Filip:rav/ref_objects_in_params
Filip:dkasak/foldable-sidebar
Filip:travis/knock-join
Filip:release/v1.9
Filip:release/v1.8
Filip:anoa/update_docsy
Filip:anoa/nix_flake
Filip:dbkr/3077-multi-stream-voip
Filip:release/v1.7
Filip:dbkr/2746-reliable-voip
Filip:rav/links_for_object_defs
Filip:release/v1.6
Filip:release/v1.5
Filip:release/v1.4
Filip:anoa/invite_knock_room_state
Filip:release/v1.3
Filip:v1.18
Filip:v1.17
Filip:v1.16
Filip:v1.15
Filip:v1.14
Filip:v1.13
Filip:v1.12
Filip:v1.11
Filip:v1.10
Filip:v1.9
Filip:v1.8
Filip:v1.7
Filip:v1.6
Filip:v1.5
Filip:v1.4
Filip:v1.3
Filip:v1.2
Filip:v1.1
Filip:server_server/r0.1.4
Filip:client_server/r0.6.1
Filip:client_server/r0.6.0
Filip:identity_service/r0.3.0
Filip:server_server/r0.1.3
Filip:application_service/r0.1.2
Filip:push_gateway/r0.1.1
Filip:identity_service/r0.2.1
Filip:client_server/r0.5.0
Filip:server_server/r0.1.2
Filip:identity_service/r0.2.0
Filip:application_service/r0.1.1
Filip:server_server/r0.1.1
Filip:server_server/r0.1.0
Filip:client_server/r0.4.0
Filip:identity_service/r0.1.0
Filip:application_service/r0.1.0
Filip:push_gateway/r0.1.0
Filip:client-server/r0.3.0
Filip:client-server/0.3.0
Filip:client-server/r0.2.0
Filip:client-server/r0.1.0
Filip:r0.0.1
Filip:r0.0.0
Filip:0.2.0

6 commits
1db317cc75 ... 056b61ab84

Author SHA1 Message Date
codedust 056b61ab84
Merge f42ce28bfe into 7bc016bda6 2025-09-16 10:21:35 +02:00
Travis Ralston 7bc016bda6
Specification for MSC4311: Create event availability in stripped state (#2207)
Some checks failed
Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled
Details
Spec / 🔎 Check Event schema examples (push) Has been cancelled
Details
Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled
Details
Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled
Details
Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled
Details
Spec / 📢 Run towncrier for changelog (push) Has been cancelled
Details
Spell Check / Spell Check with Typos (push) Has been cancelled
Details
Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled
Details
Spec / 📖 Build the spec (push) Has been cancelled
Details
Spec / 🔎 Validate generated HTML (push) Has been cancelled
Details
Spec / 📖 Build the historical backup spec (push) Has been cancelled
Details 
* Part 1: Invites

* Part 2: Knocks

* Use correct schema and examples; Remind readers often about formats

* changelogs

* Add schema warning

* Name the objects

* Move changed-in and expand upon it

* Rename the example

* address review feedback
 2025-09-12 13:47:13 -06:00
Patrick Cloke fea0b925a0
Add time zone profile field from MSC4175 (#2206)
Some checks failed
Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled
Details
Spec / 🔎 Check Event schema examples (push) Has been cancelled
Details
Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled
Details
Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled
Details
Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled
Details
Spec / 📢 Run towncrier for changelog (push) Has been cancelled
Details
Spell Check / Spell Check with Typos (push) Has been cancelled
Details
Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled
Details
Spec / 📖 Build the spec (push) Has been cancelled
Details
Spec / 🔎 Validate generated HTML (push) Has been cancelled
Details
Spec / 📖 Build the historical backup spec (push) Has been cancelled
Details
2025-09-09 12:02:39 -04:00
Kim Brose bfbeb5e257
clarify world_readable history visibility (#2204) 
Signed-off-by: HarHarLinks <2803622+HarHarLinks@users.noreply.github.com>
 2025-09-09 16:02:51 +01:00
Kim Brose d1a51f7b8c
fix typo in MSC process (#2205) 
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
 2025-09-09 09:02:32 +00:00
codedust f42ce28bfe Clarify terminology for keys in cross-signing module 
- do not use the term 'cross-signing keys' anymore: Previously, the term
  'cross-signing keys' was used to refer to the master, user-signing and
  self-signing keys. This is not ideal since the master key is used for
  cross-signing but may also be used to sign the backup key, for example.
  In these contexts, the master key is not used for cross-signing.
  The term 'cross-signing keys' has therefor been replaced by 'keys used
  for cross-signing' or, more explicitely, by 'master, user-signing and
  self-signing key'.
- the naming of the master key has been harmonised (no more 'master
  cross-signing key' or 'master signing keys'). Also the abbr. 'MSK' has been
  replaced by 'MK'.
- in the QR code example, the term 'cross-signing key' has been replaced
  by 'master key' since in mode 0x00, the current user's own master key and
  what the device thinks the other user's master key is used.
- it has been made more explicit that private keys used for cross-signing can
  be stored on the server are stored as described in the secrets module (as
  opposed to store them in unencrypted form)

Signed-off-by: codedust <codedust@so.urceco.de>
 2025-08-03 18:21:35 +02:00
26 changed files with 260 additions and 126 deletions
Show stats Expand all files Collapse all files

2
changelogs/client_server/newsfragments/2071.feature
View file

@ -1 +1 @@
Update user profile endpoints to handle custom fields, and add a new `m.profile_fields` capability,as per [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133).
Update user profile endpoints to handle custom fields, and add a new `m.profile_fields` capability, as per [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133).

1
changelogs/client_server/newsfragments/2188.clarification Normal file
View file

@ -0,0 +1 @@
Clarify terminology for keys in cross-signing module.

1
changelogs/client_server/newsfragments/2204.clarification Normal file
View file

@ -0,0 +1 @@
Clarify wording around the `world_readable` history visibility setting. Contributed by @HarHarLinks.

1
changelogs/client_server/newsfragments/2206.feature Normal file
View file

@ -0,0 +1 @@
Add a profile field for a user's time zone, per [MSC4175](https://github.com/matrix-org/matrix-spec-proposals/pull/4175).

1
changelogs/client_server/newsfragments/2207.feature Normal file
View file

@ -0,0 +1 @@
Invites and knocks are now expected to contain the `m.room.create` event in their stripped state entries, as per [MSC4311](https://github.com/matrix-org/matrix-spec-proposals/pull/4311).

1
changelogs/internal/newsfragments/2205.clarification Normal file
View file

@ -0,0 +1 @@
Fix a grammatical typo on the Matrix Spec Process documentation page.

1
changelogs/server_server/newsfragments/2207.feature Normal file
View file

@ -0,0 +1 @@
`invite_room_state` and `knock_room_state` now have additional requirements and validation depending on the room version, as per [MSC4311](https://github.com/matrix-org/matrix-spec-proposals/pull/4311).

14
content/client-server-api/_index.md
View file

@ -2818,6 +2818,14 @@ should be represented as stripped state events when possible:
* [`m.room.canonical_alias`](#mroomcanonical_alias)
* [`m.room.encryption`](#mroomencryption)
{{% changed-in v="1.16" %}} The `m.room.create` event is now **required** in
the following places:
* [`invite_state`](#get_matrixclientv3sync_response-200_invited-room) and
[`knock_state`](#get_matrixclientv3sync_response-200_knocked-room) on
[`/sync`](#get_matrixclientv3sync) responses.
* On [`m.room.member`](#mroommember) events, the `invite_room_state`
and `knock_room_state` under `unsigned` on the event.
{{% boxes/note %}}
Clients should inspect the list of stripped state events and not assume any
particular event is present. The server might include events not described
@ -2848,6 +2856,12 @@ events are not signed and could theoretically be modified, or outdated due to
updates not being sent.
{{% /boxes/warning %}}
{{% boxes/warning %}}
{{% added-in v="1.16" %}} Servers cannot pass through what they receive over
federation to clients as stripped state. Servers are expected to prune the events
into the stripped state schema below before passing the details onto clients.
{{% /boxes/warning %}}
{{% event-fields event_type="stripped_state" %}}
### Size limits

101
content/client-server-api/modules/end_to_end_encryption.md
View file

@ -93,7 +93,7 @@ Example:
```
`ed25519` and `curve25519` keys are used for [device keys](#device-keys).
Additionally, `ed25519` keys are used for [cross-signing keys](#cross-signing).
Additionally, `ed25519` keys are keys used for [cross-signing](#cross-signing).
`signed_curve25519` keys are used for [one-time and fallback keys](#one-time-and-fallback-keys).
@ -675,7 +675,7 @@ The process between Alice and Bob verifying each other would be:
15. Assuming they match, Alice and Bob's devices each calculate Message
Authentication Codes (MACs) for:
* Each of the keys that they wish the other user to verify (usually their
device ed25519 key and their master cross-signing key).
device ed25519 key and their master key, see below).
* The complete list of key IDs that they wish the other user to verify.
The MAC calculation is defined [below](#mac-calculation).
@ -931,16 +931,16 @@ and can be translated online:
Rather than requiring Alice to verify each of Bob's devices with each of
her own devices and vice versa, the cross-signing feature allows users
to sign their device keys such that Alice and Bob only need to verify
once. With cross-signing, each user has a set of cross-signing keys that
once. With cross-signing, each user has a set of ed25519 key pairs that
are used to sign their own device keys and other users' keys, and can be
used to trust device keys that were not verified directly.
Each user has three ed25519 key pairs for cross-signing:
Each user has three ed25519 key pairs used for cross-signing:
- a master key (MSK) that serves as the user's identity in
cross-signing and signs their other cross-signing keys;
- a master key (MK) that serves as the user's identity in
cross-signing and signs their user-signing and self-signing keys;
- a user-signing key (USK) -- only visible to the user that it belongs
to --that signs other users' master keys; and
to -- that signs other users' master keys; and
- a self-signing key (SSK) that signs the user's own device keys.
The master key may also be used to sign other items such as the backup
@ -950,13 +950,15 @@ previously verified Bob's device and Bob's device has signed his master
key, then Alice's device can trust Bob's master key, and she can sign it
with her user-signing key.
Users upload their cross-signing keys to the server using [POST
Users upload the public part of their master, user-signing and self-signing
key to the server using [POST
/\_matrix/client/v3/keys/device\_signing/upload](/client-server-api/#post_matrixclientv3keysdevice_signingupload). When Alice uploads
new cross-signing keys, her user ID will appear in the `changed`
new keys, her user ID will appear in the `changed`
property of the `device_lists` field of the `/sync` of response of all
users who share an encrypted room with her. When Bob sees Alice's user
ID in his `/sync`, he will call [POST /\_matrix/client/v3/keys/query](/client-server-api/#post_matrixclientv3keysquery)
to retrieve Alice's device and cross-signing keys.
to retrieve Alice's device keys, as well as their master, user-signing and
self-signing key.
If Alice has a device and wishes to send an encrypted message to Bob,
she can trust Bob's device if:
@ -971,13 +973,13 @@ The following diagram illustrates how keys are signed:
```
+------------------+ .................. +----------------+
| +--------------+ | .................. : | +------------+ |
| | v v v : : v v v | |
| | +-----------+ : : +-----------+ | |
| | | Alice MSK | : : | Bob MSK | | |
| | +-----------+ : : +-----------+ | |
| | | : : : : | | |
| | +--+ :... : : ...: +--+ | |
| +--------------+ | ................... : | +------------+ |
| | v v v : : v v v | |
| | +----------+ : : +----------+ | |
| | | Alice MK | : : | Bob MK | | |
| | +----------+ : : +----------+ | |
| | | : : : : | | |
| | +--+ :.... : : ...: +---+ | |
| | v v : : v v | |
| | +-----------+ ............. : : ............. +-----------+ | |
| | | Alice SSK | : Alice USK : : : : Bob USK : | Bob SSK | | |
@ -1004,11 +1006,11 @@ signatures that she cannot see:
+------------------+ +----------------+ +----------------+
| +--------------+ | | | | +------------+ |
| | v v | v v v | |
| | +-----------+ | +-----------+ | |
| | | Alice MSK | | | Bob MSK | | |
| | +-----------+ | +-----------+ | |
| | | | | | | |
| | +--+ +--+ | +--+ | |
| | +----------+ | +----------+ | |
| | | Alice MK | | | Bob MK | | |
| | +----------+ | +----------+ | |
| | | | | | | |
| | +--+ +---+ | +---+ | |
| | v v | v | |
| | +-----------+ +-----------+ | +-----------+ | |
| | | Alice SSK | | Alice USK | | | Bob SSK | | |
@ -1024,16 +1026,16 @@ signatures that she cannot see:
```
[Verification methods](#device-verification) can be used to verify a
user's master key by using the master public key, encoded using unpadded
user's master key by treating the master public key, encoded using unpadded
base64, as the device ID, and treating it as a normal device. For
example, if Alice and Bob verify each other using SAS, Alice's
`m.key.verification.mac` message to Bob may include
`"ed25519:alices+master+public+key": "alices+master+public+key"` in the
`mac` property. Servers therefore must ensure that device IDs will not
collide with cross-signing public keys.
collide with public keys used for cross-signing.
The cross-signing private keys can be stored on the server or shared with other
devices using the [Secrets](#secrets) module. When doing so, the master,
Using the [Secrets](#secrets) module the private keys used for cross-signing can
be stored on the server or shared with other devices. When doing so, the master,
user-signing, and self-signing keys are identified using the names
`m.cross_signing.master`, `m.cross_signing.user_signing`, and
`m.cross_signing.self_signing`, respectively, and the keys are base64-encoded
@ -1052,14 +1054,14 @@ If a user's client sees that any other user has changed their master
key, that client must notify the user about the change before allowing
communication between the users to continue.
Since device key IDs (`ed25519:DEVICE_ID`) and cross-signing key IDs
(`ed25519:PUBLIC_KEY`) occupy the same namespace, clients must ensure that they
use the correct keys when verifying.
Since device key IDs (`ed25519:DEVICE_ID`) as well as master, user-signing and
self-signing key IDs (`ed25519:PUBLIC_KEY`) occupy the same namespace, clients
must ensure that they use the correct keys when verifying.
While servers MUST not allow devices to have the same IDs as cross-signing
keys, a malicious server could construct such a situation, so clients must not
rely on the server being well-behaved and should take the following precautions
against this.
While servers MUST not allow devices to have the same IDs as keys used for
cross-signing, a malicious server could construct such a situation, so clients
must not rely on the server being well-behaved and should take the following
precautions against this:
1. Clients MUST refer to keys by their public keys during the verification
process, rather than only by the key ID.
@ -1067,7 +1069,8 @@ against this.
verification process, and ensure that they do not change in the course of
verification.
3. Clients SHOULD also display a warning and MUST refuse to verify a user when
they detect that the user has a device with the same ID as a cross-signing key.
they detect that the user has a device with the same ID as a key used for
cross-signing.
A user's user-signing and self-signing keys are intended to be easily
replaceable if they are compromised by re-issuing a new key signed by
@ -1104,7 +1107,7 @@ user-signing keys.
Verifying by QR codes provides a quick way to verify when one of the parties
has a device capable of scanning a QR code. The QR code encodes both parties'
master signing keys as well as a random shared secret that is used to allow
master keys as well as a random shared secret that is used to allow
bi-directional verification from a single scan.
To advertise the ability to show a QR code, clients use the names
@ -1202,15 +1205,14 @@ The binary segment MUST be of the following form:
bytes of the ID as a UTF-8 string
- the ID encoded as a UTF-8 string
- the first key, as 32 bytes. The key to use depends on the mode field:
- if `0x00` or `0x01`, then the current user's own master cross-signing public key
- if `0x00` or `0x01`, then the current user's own master public key
- if `0x02`, then the current device's Ed25519 signing key
- the second key, as 32 bytes. The key to use depends on the mode field:
- if `0x00`, then what the device thinks the other user's master
cross-signing public key is
public key is
- if `0x01`, then what the device thinks the other device's Ed25519 signing
public key is
- if `0x02`, then what the device thinks the user's master cross-signing public
key is
- if `0x02`, then what the device thinks the user's master public key is
- a random shared secret, as a sequence of bytes. It is suggested to use a secret
that is about 8 bytes long. Note: as we do not share the length of the
secret, and it is not a fixed size, clients will just use the remainder of
@ -1221,14 +1223,14 @@ For example, if Alice displays a QR code encoding the following binary data:
```
"MATRIX" |ver|mode| len | event ID
4D 41 54 52 49 58 02 00 00 2D 21 41 42 43 44 ...
| user's cross-signing key | other user's cross-signing key | shared secret
00 01 02 03 04 05 06 07 ... 10 11 12 13 14 15 16 17 ... 20 21 22 23 24 25 26 27
| the first key | the second key | shared secret
00 01 02 03 04 05 06 07 ... 10 11 12 13 14 15 16 17 ... 20 21 22 23 24 25 26 27
```
this indicates that Alice is verifying another user (say Bob), in response to
the request from event "$ABCD...", her cross-signing key is
Mode `0x00` indicates that Alice is verifying another user (say Bob), in
response to the request from event "$ABCD...", her master key is
`0001020304050607...` (which is "AAECAwQFBg..." in base64), she thinks that
Bob's cross-signing key is `1011121314151617...` (which is "EBESExQVFh..." in
Bob's master key is `1011121314151617...` (which is "EBESExQVFh..." in
base64), and the shared secret is `2021222324252627` (which is "ICEiIyQlJic" in
base64).
@ -1300,8 +1302,8 @@ one of its variants.
Clients must only store keys in backups after they have ensured that the
`auth_data` is trusted. This can be done either by:
- checking that it is signed by the user's [master cross-signing
key](#cross-signing) or by a verified device belonging to the same user, or
- checking that it is signed by the user's [master key](#cross-signing)
or by a verified device belonging to the same user, or
- deriving the public key from a private key that it obtained from a trusted
source. Trusted sources for the private key include the user entering the
key, retrieving the key stored in [secret storage](#secret-storage), or
@ -1786,13 +1788,14 @@ a way to identify the server's support for fallback keys.
| Parameter | Type | Description |
|------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| changed | [string] | List of users who have updated their device identity or cross-signing keys, or who now share an encrypted room with the client since the previous sync response. |
| changed | [string] | List of users who have updated their device identity or their master, self-signing or user-signing keys, or who now share an encrypted room with the client since the previous sync response. |
| left | [string] | List of users with whom we do not share any encrypted rooms anymore since the previous sync response. |
{{% boxes/note %}}
For optimal performance, Alice should be added to `changed` in Bob's
sync only when she updates her devices or cross-signing keys, or when
Alice and Bob now share a room but didn't share any room previously.
sync only when she updates her devices or master, self-signing or
user-signing keys, or when Alice and Bob now share a room but didn't
share any room previously.
However, for the sake of simpler logic, a server may add Alice to
`changed` when Alice and Bob share a new room, even if they previously
already shared a room.

6
content/client-server-api/modules/history_visibility.md
View file

@ -16,8 +16,8 @@ The four options for the `m.room.history_visibility` event are:
- `world_readable` - All events while this is the
`m.room.history_visibility` value may be shared by any participating
homeserver with anyone, regardless of whether they have ever joined
the room.
homeserver with any authenticated user, regardless of whether they have
ever joined the room. This includes [guest users](#guest-access).
- `shared` - Previous events are always accessible to newly joined
members. All events in the room are accessible, even those sent when
the member was not a part of the room.
@ -44,7 +44,7 @@ setting at that time was more restrictive.
#### Client behaviour
Clients may want to display a notice that events may be read by
non-joined people if the history visibility is set to `world_readable`.
non-joined users if the history visibility is set to `world_readable`.
#### Server behaviour

2
content/client-server-api/modules/room_previews.md
View file

@ -6,7 +6,7 @@ It is sometimes desirable to offer a preview of a room, where a user can
This can be particularly effective when combined with [Guest Access](#guest-access).
Previews are implemented via the `world_readable` [Room History
Visibility](#room-history-visibility). setting, along with a special version of the [GET
Visibility](#room-history-visibility) setting, along with a special version of the [GET
/events](#get_matrixclientv3events) endpoint.
#### Client behaviour

2
content/proposals.md
View file

@ -555,7 +555,7 @@ resolve to the desired MSC, whether it started as an issue or a PR.
Other metadata:
- The MSC number is taken from the GitHub Pull Request ID. This is
carried for the lifetime of the proposal. These IDs do not necessary
carried for the lifetime of the proposal. These IDs do not necessarily
represent a chronological order.
- The GitHub PR title will act as the MSC's title.
- Please link to the spec PR (if any) by adding a "PRs: \#1234" line

12
content/server-server-api.md
View file

@ -945,6 +945,18 @@ Note that invites are used to indicate that knocks were accepted. As such,
receiving servers should be prepared to manually link up a previous knock
to an invite if the invite event does not directly reference the knock.
{{% boxes/note %}}
{{% added-in v="1.16" %}} `invite_room_state` MUST now have its entries formatted
according to the room's version (see [room version specification](/rooms)). However,
servers SHOULD consider their local ecosystems before returning the described
`400 M_MISSING_PARAM` error code. While migrating, servers SHOULD warn about
invites which fail the validation rather than error in room versions 1 through 11.
All invites to other room versions which fail validation SHOULD result in an error.
The specification suggests that servers finish their migration no later than
January 2026, though servers may extend this as required to support their users.
{{% /boxes/note %}}
{{% http-api spec="server-server" api="invites-v1" %}}
{{% http-api spec="server-server" api="invites-v2" %}}

10
data/api/client-server/cross_signing.yaml
View file

@ -21,16 +21,16 @@ paths:
x-addedInMatrixVersion: "1.1"
x-changedInMatrixVersion:
"1.11": UIA is not always required for this endpoint.
summary: Upload cross-signing keys.
summary: Upload keys used for cross-signing.
description: |-
Publishes cross-signing keys for the user.
Publishes keys used for cross-signing for the user.
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
User-Interactive Authentication MUST be performed, except in these cases:
- there is no existing cross-signing master key uploaded to the homeserver, OR
- there is an existing cross-signing master key and it exactly matches the
cross-signing master key provided in the request body. If there are any additional
- there is no existing master key uploaded to the homeserver, OR
- there is an existing master key and it exactly matches the
master key provided in the request body. If there are any additional
keys provided in the request (self-signing key, user-signing key) they MUST also
match the existing keys stored on the server. In other words, the request contains
no new keys.

2
data/api/client-server/definitions/cross_signing_key.yaml
View file

@ -13,7 +13,7 @@
# limitations under the License.
type: object
title: CrossSigningKey
description: Cross signing key
description: Key used for cross signing
properties:
user_id:
type: string

2
data/api/client-server/definitions/public_rooms_chunk.yaml
View file

@ -43,7 +43,7 @@ properties:
example: "All things general"
world_readable:
type: boolean
description: Whether the room may be viewed by guest users without joining.
description: Whether the room may be viewed by users without joining.
example: false
guest_can_join:
type: boolean

2
data/api/client-server/keys.yaml
View file

@ -219,7 +219,7 @@ paths:
x-addedInMatrixVersion: "1.1"
type: object
description: |-
Information on the master cross-signing keys of the queried users.
Information on the master keys of the queried users.
A map from user ID, to master key information. For each key, the
information returned will be the same as uploaded via
`/keys/device_signing/upload`, along with the signatures

21
data/api/client-server/profile.yaml
View file

@ -19,7 +19,7 @@ paths:
"/profile/{userId}/{keyName}":
put:
x-changedInMatrixVersion:
"1.16": This endpoint now accepts a variable `keyName` parameter. Previously only `displayname` and `avatar_url` were accepted.
"1.16": This endpoint now accepts a variable `keyName` parameter and `m.tz` was added as a defined key. Previously only `displayname` and `avatar_url` were accepted.
summary: Set a profile field for a user.
description: |-
Set or update a profile field for a user. Must be authenticated with an
@ -44,13 +44,13 @@ paths:
- in: path
name: keyName
description: The name of the profile field to set. This MUST be either
`avatar_url`, `displayname`, or a custom field following the
`avatar_url`, `displayname`, `m.tz`, or a custom field following the
[Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar).
required: true
example: "displayname"
schema:
type: string
pattern: '^(avatar_url|displayname|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
pattern: '^(avatar_url|displayname|m\.tz|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
requestBody:
description: A JSON object containing the property whose name matches
the `keyName` specified in the URL. See `additionalProperties` for
@ -69,6 +69,10 @@ paths:
For `displayname`, the value MUST be a string.
For `m.tz`, the value MUST be a valid identifier from the [IANA Time Zone Database](https://www.iana.org/time-zones).
Servers MAY choose to validate the value. Clients MUST expect unknown or invalid
values.
For custom keys, any JSON type is allowed. Servers MAY not validate
these values, but clients SHOULD follow the format defined for that key.
additionalProperties: true
@ -137,7 +141,7 @@ paths:
- User data
get:
x-changedInMatrixVersion:
"1.16": This endpoint now accepts a variable `keyName` parameter. Previously only `displayname` and `avatar_url` were accepted.
"1.16": This endpoint now accepts a variable `keyName` parameter and `m.tz` was added as a defined key. Previously only `displayname` and `avatar_url` were accepted.
summary: Get a profile field for a user.
description: Get the value of a profile field for a user.
operationId: getProfileField
@ -156,7 +160,7 @@ paths:
example: "displayname"
schema:
type: string
pattern: '^(avatar_url|displayname|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
pattern: '^(avatar_url|displayname|m\.tz|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
responses:
"200":
description: The profile field value was retrieved.
@ -214,7 +218,7 @@ paths:
example: "displayname"
schema:
type: string
pattern: '^(avatar_url|displayname|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
pattern: '^(avatar_url|displayname|m\.tz|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
responses:
"200":
description: The profile field was deleted or it doesn't exist.
@ -293,6 +297,10 @@ paths:
type: string
description: The user's display name if they have set one, otherwise not
present.
m.tz:
x-addedInMatrixVersion: "1.16"
type: string
description: The user's time zone.
additionalProperties:
x-addedInMatrixVersion: "1.16"
description: Additional profile fields.
@ -302,6 +310,7 @@ paths:
{
"avatar_url": "mxc://matrix.org/SDGdghriugerRg",
"displayname": "Alice Margatroid",
"m.tz": "Europe/London",
"m.example_field": "custom_value",
}
"403":

4
data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml
View file

@ -17,7 +17,7 @@ type: object
title: m.signing_key_update
description: |-
An EDU that lets servers push details to each other when one of their users
updates their cross-signing keys.
updates their keys used for cross-signing.
allOf:
- $ref: ../edu.yaml
- type: object
@ -34,7 +34,7 @@ allOf:
properties:
user_id:
type: string
description: The user ID whose cross-signing keys have changed.
description: The user ID whose keys have changed.
example: "@alice:example.com"
master_key:
allOf:

9
data/api/server-server/examples/invite_or_knock_state.json Normal file
View file

@ -0,0 +1,9 @@
[
{"$ref": "./minimal_pdu.json"},
{
"type": "m.room.create",
"content": {
"see_room_version_spec": "The event format changes depending on the room version."
}
}
]

77
data/api/server-server/invites-v1.yaml
View file

@ -71,13 +71,32 @@ paths:
properties:
invite_room_state:
type: array
x-changedInMatrixVersion:
"1.16": |
`m.room.create` and format requirements were added.
description: |-
An optional list of [stripped state events](/client-server-api/#stripped-state)
to help the receiver of the invite identify the room.
A list of state events to help the receiver of the invite identify the room.
Translated as [stripped state events](/client-server-api/#stripped-state)
over the Client-Server API.
MUST contain the `m.room.create` event for the room. All events listed
MUST additionally be formatted according to the room version specification.
Servers might need to apply validation to the `invite_room_state` depending
on room version. See the `400 M_MISSING_PARAM` error definition for more
information.
Note that events have a different format depending on the room
version - check the [room version specification](/rooms) for
precise event formats.
items:
$ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
example:
$ref: ../../event-schemas/examples/invite_room_state.json
type: object
title: PDU
properties: {}
description: |-
Note that events have a different format depending on the room
version - check the [room version specification](/rooms) for
precise event formats.
type: object
required: true
responses:
@ -118,24 +137,7 @@ paths:
"origin_server_ts": 1549041175876,
"sender": "@someone:example.org",
"unsigned": {
"invite_room_state": [
{
"type": "m.room.name",
"sender": "@bob:example.org",
"state_key": "",
"content": {
"name": "Example Room"
}
},
{
"type": "m.room.join_rules",
"sender": "@bob:example.org",
"state_key": "",
"content": {
"join_rule": "invite"
}
}
]
"invite_room_state": {"$ref": "./examples/invite_or_knock_state.json"}
},
"content": {
"membership": "invite"
@ -168,6 +170,35 @@ paths:
"errcode": "M_FORBIDDEN",
"error": "User cannot invite the target user."
}
"400":
description: |-
The `M_MISSING_PARAM` error code is used to indicate one or more of
the following:
* The `m.room.create` event is missing from `invite_room_state`.
* One or more entries in `invite_room_state` are not formatted according
to the room's version.
* One or more events fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* One or more events does not reside in the same room as the invite.
Note: Some room versions may require calculating the room ID for an
event rather than relying on the presence of `room_id`.
Servers MAY apply the validation above to room versions 1 through 11,
and SHOULD apply the validation above to all other room versions.
If `M_MISSING_PARAM` is returned and the request is associated with a
Client-Server API request, the Client-Server API request SHOULD fail
with a 5xx error rather than being passed through.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_MISSING_PARAM",
"error": "Create event not among invite state entries."
}
servers:
- url: "{protocol}://{hostname}{basePath}"
variables:

66
data/api/server-server/invites-v2.yaml
View file

@ -72,13 +72,32 @@ paths:
$ref: definitions/invite_event.yaml
invite_room_state:
type: array
x-changedInMatrixVersion:
"1.16": |
`m.room.create` and format requirements were added.
description: |-
An optional list of [stripped state events](/client-server-api/#stripped-state)
to help the receiver of the invite identify the room.
A list of state events to help the receiver of the invite identify the room.
Translated as [stripped state events](/client-server-api/#stripped-state)
over the Client-Server API.
MUST contain the `m.room.create` event for the room. All events listed
MUST additionally be formatted according to the room version specification.
Servers might need to apply validation to the `invite_room_state` depending
on room version. See the `400 M_MISSING_PARAM` error definition for more
information.
Note that events have a different format depending on the room
version - check the [room version specification](/rooms) for
precise event formats.
items:
$ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
example:
$ref: ../../event-schemas/examples/invite_room_state.json
type: object
title: PDU
properties: {}
description: |-
Note that events have a different format depending on the room
version - check the [room version specification](/rooms) for
precise event formats.
required:
- room_version
- event
@ -111,24 +130,7 @@ paths:
"origin_server_ts": 1549041175876,
"sender": "@someone:example.org",
"unsigned": {
"invite_room_state": [
{
"type": "m.room.name",
"sender": "@bob:example.org",
"state_key": "",
"content": {
"name": "Example Room"
}
},
{
"type": "m.room.join_rules",
"sender": "@bob:example.org",
"state_key": "",
"content": {
"join_rule": "invite"
}
}
]
"invite_room_state": {"$ref": "./examples/invite_or_knock_state.json"}
},
"content": {
"membership": "invite"
@ -151,6 +153,24 @@ paths:
The error should be passed through to clients so that they
may give better feedback to users.
The `M_MISSING_PARAM` error code is used to indicate one or more of
the following:
* The `m.room.create` event is missing from `invite_room_state`.
* One or more entries in `invite_room_state` are not formatted according
to the room's version.
* One or more events fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* One or more events does not reside in the same room as the invite.
Note: Some room versions may require calculating the room ID for an
event rather than relying on the presence of `room_id`.
Servers MAY apply the validation above to room versions 1 through 11,
and SHOULD apply the validation above to all other room versions.
If `M_MISSING_PARAM` is returned and the request is associated with a
Client-Server API request, the Client-Server API request SHOULD fail
with a 5xx error rather than being passed through.
content:
application/json:
schema:

32
data/api/server-server/knocks.yaml
View file

@ -293,19 +293,41 @@ paths:
knock_room_state:
type: array
items:
$ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
type: object
title: PDU
properties: {}
description: |-
Note that events have a different format depending on the room
version - check the [room version specification](/rooms) for
precise event formats.
x-changedInMatrixVersion:
"1.16": |
`m.room.create` and format requirements were added.
description: |-
A list of [stripped state events](/client-server-api/#stripped-state)
to help the initiator of the knock identify the room.
A list of state events to help the initiator of the knock identify
the room. Translated as [stripped state events](/client-server-api/#stripped-state)
over the Client-Server API.
MUST contain the `m.room.create` event for the room. All events
listed MUST additionally be formatted according to the room
version specification.
Entries which are [improperly signed](/server-server-api/#validating-hashes-and-signatures-on-received-events)
or formatted SHOULD be removed by the server prior to supplying
them over the Client-Server API.
Note that events have a different format depending on the room
version - check the [room version specification](/rooms) for
precise event formats.
example:
$ref: ../../event-schemas/examples/knock_room_state.json
"$ref": "./examples/invite_or_knock_state.json"
required:
- knock_room_state
examples:
response:
value: {
"knock_room_state": {
"$ref": "../../event-schemas/examples/knock_room_state.json"
"$ref": "./examples/invite_or_knock_state.json"
}
}
"403":

2
data/api/server-server/user_devices.yaml
View file

@ -79,7 +79,7 @@ paths:
- keys
master_key:
type: object
description: The user\'s master cross-signing key.
description: The user\'s master key.
allOf:
- $ref: ../client-server/definitions/cross_signing_key.yaml
- example:

2
data/api/server-server/user_keys.yaml
View file

@ -194,7 +194,7 @@ paths:
x-addedInMatrixVersion: "1.1"
type: object
description: |-
Information on the master cross-signing keys of the queried users.
Information on the master keys of the queried users.
A map from user ID, to master key information. For each key, the
information returned will be the same as uploaded via
`/keys/device_signing/upload`, along with the signatures

12
data/event-schemas/schema/m.room.member.yaml
View file

@ -137,6 +137,9 @@ properties:
- type: object
properties:
invite_room_state:
x-changedInMatrixVersion:
"1.16": |
`m.room.create` was made a required event type for stripped state.
description: |-
A subset of the state of the room at the time of the invite, if `membership` is `invite`.
Note that this state is informational, and SHOULD NOT be trusted; once the client has
@ -145,16 +148,21 @@ properties:
they SHOULD behave properly (with possibly a degraded but not a broken experience) in
the absence of any particular events here. If they are set on the room, at least the
state for `m.room.avatar`, `m.room.canonical_alias`, `m.room.join_rules`, and `m.room.name`
SHOULD be included.
SHOULD be included. The `m.room.create` event MUST be included, though MAY be missing if
the server hasn't updated to support the Matrix 1.16 specification.
items:
$ref: "core-event-schema/stripped_state.yaml"
type: array
knock_room_state:
x-changedInMatrixVersion:
"1.16": |
`m.room.create` was made a required event type for stripped state.
description: |-
A subset of the state of the room at the time of the knock, if `membership` is `knock`.
This has the same restrictions as `invite_room_state`. If they are set on the room, at least
the state for `m.room.avatar`, `m.room.canonical_alias`, `m.room.join_rules`, `m.room.name`,
and `m.room.encryption` SHOULD be included.
and `m.room.encryption` SHOULD be included. The `m.room.create` event MUST be included,
though MAY be missing if the server hasn't updated to support the Matrix 1.16 specification.
items:
$ref: "core-event-schema/stripped_state.yaml"
type: array