Merge f0a1ee14d9 into 32b1f0514d

Clarify some string formats of room summary endpoint (#2158 )
Add changelog
2026-03-10 13:34:09 +01:00 · 2025-06-08 10:42:51 +02:00 · 2025-06-07 15:26:56 +02:00 · 2025-06-03 20:14:22 +02:00 · 2025-06-03 20:14:22 +02:00
6 changed files with 65 additions and 1 deletions
--- a/changelogs/client_server/newsfragments/2151.feature
+++ b/changelogs/client_server/newsfragments/2151.feature
@ -0,0 +1 @@
+Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/client_server/newsfragments/2158.feature
+++ b/changelogs/client_server/newsfragments/2158.feature
@ -0,0 +1 @@
+Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@ -1481,6 +1481,55 @@ MAY reject weak passwords with an error code `M_WEAK_PASSWORD`.

 ### OAuth 2.0 API

+#### Token revocation
+
+When a user wants to log out from a client, the client SHOULD use OAuth 2.0
+token revocation as defined in [RFC 7009](https://datatracker.ietf.org/doc/html/rfc7009).
+
+The client makes a `POST` request to the `revocation_endpoint` that can be found
+in the authorization server metadata.
+
+The body of the request includes the following parameters, encoded as
+`application/x-www-form-urlencoded`:
+
+- `token`: This parameter MUST contain either the access token or the refresh
+  token to be revoked.
+- `token_type_hint`: This parameter is OPTIONAL, and if present, MUST have a
+  value of either `access_token` or `refresh_token`. The server MAY use this
+  value to optimize the token lookup process.
+- `client_id`: The client identifier obtained during client registration. This
+  parameter is OPTIONAL.
+
+  If the `client_id` is not provided, or does not match the client associated
+  with the token, the server SHOULD still revoke the token. This behavior is
+  meant to help good actors like secret scanning tools to proactively revoke
+  leaked tokens. The server MAY also warn the user that one of their sessions
+  may be compromised in this scenario.
+
+For example, revoking using the access token:
+
+```
+POST /oauth2/revoke HTTP/1.1
+Host: auth.example.com
+Content-Type: application/x-www-form-urlencoded
+
+token=mat_ooreiPhei2wequu9fohkai3AeBaec9oo&
+token_type_hint=access_token&
+client_id=s6BhdRkqt3
+```
+
+The server MUST revoke both the access token and refresh token associated with
+the token provided in the request.
+
+The server SHOULD return one of the following responses:
+
+- If the token is already revoked or invalid, the server returns a `200 OK`
+  response
+- If the client is not authorized to revoke the token, the server returns a
+  `401 Unauthorized` response
+- For other errors, the server returns a `400 Bad Request` response with error
+  details
+
 ### Account moderation

 #### Account locking
--- a/data/api/client-server/definitions/public_rooms_chunk.yaml
+++ b/data/api/client-server/definitions/public_rooms_chunk.yaml
@ -17,6 +17,8 @@ title: "PublishedRoomsChunk"
 properties:
  canonical_alias:
    type: string
+    format: mx-room-alias
+    pattern: "^#"
    description: The canonical alias of the room, if any.
    example: "#general:example.org"
  name:
@ -29,6 +31,8 @@ properties:
    example: 42
  room_id:
    type: string
+    format: mx-room-id
+    pattern: "^!"
    description: The ID of the room.
    example: "!abcdefg:example.org"
  topic:
--- a/data/api/client-server/definitions/room_summary.yaml
+++ b/data/api/client-server/definitions/room_summary.yaml
@ -27,6 +27,8 @@ allOf:
        type: array
        items:
          type: string
+          format: mx-room-id
+          pattern: "^!"
        description: |-
          If the room is a [restricted room](/server-server-api/#restricted-rooms), these are the room IDs which
          are specified by the join rules. Empty or omitted otherwise.
--- a/data/api/client-server/room_summary.yaml
+++ b/data/api/client-server/room_summary.yaml
@ -46,7 +46,13 @@ paths:
          required: true
          example: "#monkeys:matrix.org"
          schema:
-            type: string
+            oneOf:
+              - type: string
+                format: mx-room-id
+                pattern: "^!"
+              - type: string
+                format: mx-room-alias
+                pattern: "^#"
        - in: query
          name: via
          description: |-
@ -60,6 +66,7 @@ paths:
            type: array
            items:
              type: string
+              format: mx-server-name
      responses:
        "200":
          description: A summary of the room.
Author	SHA1	Message	Date
Kévin Commaille	6bc443e809	Merge `f0a1ee14d9` into `32b1f0514d`	2025-06-08 10:42:51 +02:00
Kévin Commaille	32b1f0514d	Clarify some string formats of room summary endpoint (#2158 ) Some checks failed Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled Details Spec / 🔎 Check Event schema examples (push) Has been cancelled Details Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled Details Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled Details Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled Details Spec / 📢 Run towncrier for changelog (push) Has been cancelled Details Spell Check / Spell Check with Typos (push) Has been cancelled Details Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled Details Spec / 📖 Build the spec (push) Has been cancelled Details Spec / 🔎 Validate generated HTML (push) Has been cancelled Details Spec / 📖 Build the historical backup spec (push) Has been cancelled Details	2025-06-07 15:26:56 +02:00
Kévin Commaille	f0a1ee14d9	Add changelog Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>	2025-06-03 20:14:22 +02:00
Kévin Commaille	ae9a8c319f	Add OAuth 2.0 token revocation As per MSC4254 Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>	2025-06-03 20:14:22 +02:00
				`@ -0,0 +1 @@`
				`Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.`
				`@ -0,0 +1 @@`
				Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).