Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-04-28 13:24:10 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: Filip:642fd9d9cf42baa5ece1572946ee17bcf6b04297
Branches Tags
Filip:main
Filip:rav/en_GB/authorisation
Filip:release/v1.18
Filip:release/v1.17
Filip:release/v1.16
Filip:release/v1.15
Filip:release/1.14
Filip:release/v1.13
Filip:release/v1.12
Filip:release/v1.11
Filip:tulir/msc4142
Filip:release/v1.10
Filip:travis/msc2702-msc2701
Filip:rav/ref_objects_in_params
Filip:dkasak/foldable-sidebar
Filip:travis/knock-join
Filip:release/v1.9
Filip:release/v1.8
Filip:anoa/update_docsy
Filip:anoa/nix_flake
Filip:dbkr/3077-multi-stream-voip
Filip:release/v1.7
Filip:dbkr/2746-reliable-voip
Filip:rav/links_for_object_defs
Filip:release/v1.6
Filip:release/v1.5
Filip:release/v1.4
Filip:anoa/invite_knock_room_state
Filip:release/v1.3
Filip:v1.18
Filip:v1.17
Filip:v1.16
Filip:v1.15
Filip:v1.14
Filip:v1.13
Filip:v1.12
Filip:v1.11
Filip:v1.10
Filip:v1.9
Filip:v1.8
Filip:v1.7
Filip:v1.6
Filip:v1.5
Filip:v1.4
Filip:v1.3
Filip:v1.2
Filip:v1.1
Filip:server_server/r0.1.4
Filip:client_server/r0.6.1
Filip:client_server/r0.6.0
Filip:identity_service/r0.3.0
Filip:server_server/r0.1.3
Filip:application_service/r0.1.2
Filip:push_gateway/r0.1.1
Filip:identity_service/r0.2.1
Filip:client_server/r0.5.0
Filip:server_server/r0.1.2
Filip:identity_service/r0.2.0
Filip:application_service/r0.1.1
Filip:server_server/r0.1.1
Filip:server_server/r0.1.0
Filip:client_server/r0.4.0
Filip:identity_service/r0.1.0
Filip:application_service/r0.1.0
Filip:push_gateway/r0.1.0
Filip:client-server/r0.3.0
Filip:client-server/0.3.0
Filip:client-server/r0.2.0
Filip:client-server/r0.1.0
Filip:r0.0.1
Filip:r0.0.0
Filip:0.2.0
...
compare: Filip:57a85bbfc7258622e3e1f3e8fa8824d04d547734
Branches Tags
Filip:main
Filip:rav/en_GB/authorisation
Filip:release/v1.18
Filip:release/v1.17
Filip:release/v1.16
Filip:release/v1.15
Filip:release/1.14
Filip:release/v1.13
Filip:release/v1.12
Filip:release/v1.11
Filip:tulir/msc4142
Filip:release/v1.10
Filip:travis/msc2702-msc2701
Filip:rav/ref_objects_in_params
Filip:dkasak/foldable-sidebar
Filip:travis/knock-join
Filip:release/v1.9
Filip:release/v1.8
Filip:anoa/update_docsy
Filip:anoa/nix_flake
Filip:dbkr/3077-multi-stream-voip
Filip:release/v1.7
Filip:dbkr/2746-reliable-voip
Filip:rav/links_for_object_defs
Filip:release/v1.6
Filip:release/v1.5
Filip:release/v1.4
Filip:anoa/invite_knock_room_state
Filip:release/v1.3
Filip:v1.18
Filip:v1.17
Filip:v1.16
Filip:v1.15
Filip:v1.14
Filip:v1.13
Filip:v1.12
Filip:v1.11
Filip:v1.10
Filip:v1.9
Filip:v1.8
Filip:v1.7
Filip:v1.6
Filip:v1.5
Filip:v1.4
Filip:v1.3
Filip:v1.2
Filip:v1.1
Filip:server_server/r0.1.4
Filip:client_server/r0.6.1
Filip:client_server/r0.6.0
Filip:identity_service/r0.3.0
Filip:server_server/r0.1.3
Filip:application_service/r0.1.2
Filip:push_gateway/r0.1.1
Filip:identity_service/r0.2.1
Filip:client_server/r0.5.0
Filip:server_server/r0.1.2
Filip:identity_service/r0.2.0
Filip:application_service/r0.1.1
Filip:server_server/r0.1.1
Filip:server_server/r0.1.0
Filip:client_server/r0.4.0
Filip:identity_service/r0.1.0
Filip:application_service/r0.1.0
Filip:push_gateway/r0.1.0
Filip:client-server/r0.3.0
Filip:client-server/0.3.0
Filip:client-server/r0.2.0
Filip:client-server/r0.1.0
Filip:r0.0.1
Filip:r0.0.0
Filip:0.2.0

7 commits
642fd9d9cf ... 57a85bbfc7

Author SHA1 Message Date
Johannes Marbach 57a85bbfc7
Merge 53150b739b into 6edb6ba1cd 2025-06-29 21:58:46 +01:00
Travis Ralston 6edb6ba1cd become unstable
Some checks failed
Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled
Details
Spec / 🔎 Check Event schema examples (push) Has been cancelled
Details
Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled
Details
Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled
Details
Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled
Details
Spec / 📢 Run towncrier for changelog (push) Has been cancelled
Details
Spell Check / Spell Check with Typos (push) Has been cancelled
Details
Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled
Details
Spec / 📖 Build the spec (push) Has been cancelled
Details
Spec / 🔎 Validate generated HTML (push) Has been cancelled
Details
Spec / 📖 Build the historical backup spec (push) Has been cancelled
Details
2025-06-26 10:48:27 -06:00
Travis Ralston 40065811a1 Matrix 1.15 2025-06-26 10:43:51 -06:00
Kévin Commaille 1c06ed9cf7
Final tweaks for the OAuth 2.0 API (#2164) 
* Clarify that SSO login applies to the legacy authentication API

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

* Do not point to specific authentication API for obtaining access token

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

* Add warnings about incompatibility with OAuth 2.0 to endpoints that use UIA

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

* Add changelog

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

* Add note about API standards not applying to OAuth 2.0

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

* Apply suggestions from code review

---------

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Co-authored-by: Travis Ralston <travpc@gmail.com>
 2025-06-26 10:40:43 -06:00
Johannes Marbach 53150b739b Fix typo 2025-06-24 08:29:03 +02:00
Johannes Marbach 5e15bbdbdd Add changelog 2025-06-24 08:27:43 +02:00
Johannes Marbach d4e294ca28 Clarify that format is required if formatted_body is specifed 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 2025-06-24 08:21:10 +02:00
58 changed files with 155 additions and 71 deletions
Show stats Expand all files Collapse all files

1
changelogs/application_service/newsfragments/2130.clarification
View file

@ -1 +0,0 @@
Clarify in the application service registration schema the `url: null` behaviour.

1
changelogs/client_server/newsfragments/2068.clarification
View file

@ -1 +0,0 @@
Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty.

1
changelogs/client_server/newsfragments/2077.clarification
View file

@ -1 +0,0 @@
Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places.

1
changelogs/client_server/newsfragments/2083.clarification
View file

@ -1 +0,0 @@
Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64.

1
changelogs/client_server/newsfragments/2095.feature
View file

@ -1 +0,0 @@
Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).

1
changelogs/client_server/newsfragments/2101.clarification
View file

@ -1 +0,0 @@
"Public" rooms in profile look-ups are defined through their join rule and history visibility.

1
changelogs/client_server/newsfragments/2102.clarification
View file

@ -1 +0,0 @@
"Public" rooms in user directory queries are defined through their join rule and history visibility.

1
changelogs/client_server/newsfragments/2104.clarification
View file

@ -1 +0,0 @@
Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility.

1
changelogs/client_server/newsfragments/2106.clarification
View file

@ -1 +0,0 @@
"Public" rooms with respect to call invites are defined through their join rule.

1
changelogs/client_server/newsfragments/2107.clarification
View file

@ -1 +0,0 @@
"Public" rooms have no specific meaning with respect to moderation policy lists.

1
changelogs/client_server/newsfragments/2108.clarification
View file

@ -1 +0,0 @@
"Public" rooms with respect to presence are defined through their join rule.

1
changelogs/client_server/newsfragments/2109.clarification
View file

@ -1 +0,0 @@
Spaces are subject to the same access mechanisms as rooms.

1
changelogs/client_server/newsfragments/2121.clarification
View file

@ -1 +0,0 @@
Fix various typos throughout the specification.

1
changelogs/client_server/newsfragments/2122.feature
View file

@ -1 +0,0 @@
Include device keys with Olm-encrypted events as per [MSC4147](https://github.com/matrix-org/matrix-spec-proposals/pull/4147).

1
changelogs/client_server/newsfragments/2125.feature
View file

@ -1 +0,0 @@
Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).

1
changelogs/client_server/newsfragments/2125.new
View file

@ -1 +0,0 @@
Add `GET /_matrix/client/v1/room_summary/{roomIdOrAlias}`, as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).

1
changelogs/client_server/newsfragments/2140.clarification
View file

@ -1 +0,0 @@
Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks.

1
changelogs/client_server/newsfragments/2141.feature
View file

@ -1 +0,0 @@
Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.

1
changelogs/client_server/newsfragments/2144.clarification
View file

@ -1 +0,0 @@
Fix various typos throughout the specification.

1
changelogs/client_server/newsfragments/2147.new
View file

@ -1 +0,0 @@
Add `GET /_matrix/client/v1/auth_metadata`, as per [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965).

1
changelogs/client_server/newsfragments/2148.feature
View file

@ -1 +0,0 @@
Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.

1
changelogs/client_server/newsfragments/2149.feature
View file

@ -1 +0,0 @@
Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.

1
changelogs/client_server/newsfragments/2150.feature
View file

@ -1 +0,0 @@
Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.

1
changelogs/client_server/newsfragments/2151.feature
View file

@ -1 +0,0 @@
Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.

1
changelogs/client_server/newsfragments/2154.clarification
View file

@ -1 +0,0 @@
Add missing fields in example for `ExportedSessionData`.

1
changelogs/client_server/newsfragments/2158.feature
View file

@ -1 +0,0 @@
Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).

1
changelogs/client_server/newsfragments/2159.feature
View file

@ -1 +0,0 @@
Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.

1
changelogs/client_server/newsfragments/2167.clarification Normal file
View file

@ -0,0 +1 @@
Clarify that `format` is required if `formatted_body` is specified.

1
changelogs/identity_service/newsfragments/2083.clarification
View file

@ -1 +0,0 @@
Clarify that public keys can be encoded using standard or URL-safe base64.

1
changelogs/internal/newsfragments/2081.clarification
View file

@ -1 +0,0 @@
Adjust margins in rendered endpoints.

1
changelogs/internal/newsfragments/2088.clarification
View file

@ -1 +0,0 @@
Replace Hugo shortcodes in OpenAPI output.

1
changelogs/internal/newsfragments/2115.clarification
View file

@ -1 +0,0 @@
Add [well-known funding manifest urls](https://floss.fund/funding-manifest/) to spec to authorise https://matrix.org/funding.json. Contributed by @HarHarLinks.

1
changelogs/internal/newsfragments/2123.clarification
View file

@ -1 +0,0 @@
Fix the historical info box when generating the historical spec in CI.

1
changelogs/internal/newsfragments/2137.clarification
View file

@ -1 +0,0 @@
Update the header navigation menu with links to modern matrix.org. Contributed by @HarHarLinks.

1
changelogs/server_server/newsfragments/2067.clarification
View file

@ -1 +0,0 @@
Add a note to the invite endpoints that invites to local users may be received twice over federation if the homeserver is already in the room.

1
changelogs/server_server/newsfragments/2083.clarification
View file

@ -1 +0,0 @@
Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64.

1
changelogs/server_server/newsfragments/2095.feature
View file

@ -1 +0,0 @@
Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).

1
changelogs/server_server/newsfragments/2100.clarification
View file

@ -1 +0,0 @@
Clarify that auth event of `content.join_authorised_via_users_server` is only necessary for `m.room.member` with a `membership` of `join`.

1
changelogs/server_server/newsfragments/2104.clarification
View file

@ -1 +0,0 @@
Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility.

1
changelogs/server_server/newsfragments/2125.feature
View file

@ -1 +0,0 @@
Extend `/_matrix/federation/v1/hierarchy/{roomId}` with the new optional properties `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).

1
changelogs/server_server/newsfragments/2128.clarification
View file

@ -1 +0,0 @@
Fix various typos throughout the specification.

1
changelogs/server_server/newsfragments/2140.clarification
View file

@ -1 +0,0 @@
Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks.

2
config/_default/hugo.toml
View file

@ -67,7 +67,7 @@ current_version_url = "https://spec.matrix.org/latest"
# The following is used when status = "stable", and is displayed in various UI elements on a released version # The following is used when status = "stable", and is displayed in various UI elements on a released version
# of the spec. # of the spec.
# major = "1" # major = "1"
# minor = "14" # minor = "15"
# User interface configuration # User interface configuration
[params.ui] [params.ui]

97
content/changelog/v1.15.md Normal file
View file

@ -0,0 +1,97 @@
---
title: v1.15 Changelog
linkTitle: v1.15
type: docs
layout: changelog
outputs:
- html
- checklist
date: 2025-06-26
---
## Client-Server API
**New Endpoints**
- Add `GET /_matrix/client/v1/room_summary/{roomIdOrAlias}`, as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125))
- Add `GET /_matrix/client/v1/auth_metadata`, as per [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965). ([#2147](https://github.com/matrix-org/matrix-spec/issues/2147))
**Backwards Compatible Changes**
- Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([#2095](https://github.com/matrix-org/matrix-spec/issues/2095))
- Include device keys with Olm-encrypted events as per [MSC4147](https://github.com/matrix-org/matrix-spec-proposals/pull/4147). ([#2122](https://github.com/matrix-org/matrix-spec/issues/2122))
- Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125), [#2158](https://github.com/matrix-org/matrix-spec/issues/2158))
- Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals. ([#2141](https://github.com/matrix-org/matrix-spec/issues/2141), [#2148](https://github.com/matrix-org/matrix-spec/issues/2148), [#2149](https://github.com/matrix-org/matrix-spec/issues/2149), [#2150](https://github.com/matrix-org/matrix-spec/issues/2150), [#2151](https://github.com/matrix-org/matrix-spec/issues/2151), [#2159](https://github.com/matrix-org/matrix-spec/issues/2159), [#2164](https://github.com/matrix-org/matrix-spec/issues/2164))
**Spec Clarifications**
- Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty. ([#2068](https://github.com/matrix-org/matrix-spec/issues/2068))
- Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places. ([#2077](https://github.com/matrix-org/matrix-spec/issues/2077))
- Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
- "Public" rooms in profile look-ups are defined through their join rule and history visibility. ([#2101](https://github.com/matrix-org/matrix-spec/issues/2101))
- "Public" rooms in user directory queries are defined through their join rule and history visibility. ([#2102](https://github.com/matrix-org/matrix-spec/issues/2102))
- Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility. ([#2104](https://github.com/matrix-org/matrix-spec/issues/2104))
- "Public" rooms with respect to call invites are defined through their join rule. ([#2106](https://github.com/matrix-org/matrix-spec/issues/2106))
- "Public" rooms have no specific meaning with respect to moderation policy lists. ([#2107](https://github.com/matrix-org/matrix-spec/issues/2107))
- "Public" rooms with respect to presence are defined through their join rule. ([#2108](https://github.com/matrix-org/matrix-spec/issues/2108))
- Spaces are subject to the same access mechanisms as rooms. ([#2109](https://github.com/matrix-org/matrix-spec/issues/2109))
- Fix various typos throughout the specification. ([#2121](https://github.com/matrix-org/matrix-spec/issues/2121), [#2144](https://github.com/matrix-org/matrix-spec/issues/2144))
- Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks. ([#2140](https://github.com/matrix-org/matrix-spec/issues/2140))
- Add missing fields in example for `ExportedSessionData`. ([#2154](https://github.com/matrix-org/matrix-spec/issues/2154))
## Server-Server API
**Backwards Compatible Changes**
- Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([#2095](https://github.com/matrix-org/matrix-spec/issues/2095))
- Extend `/_matrix/federation/v1/hierarchy/{roomId}` with the new optional properties `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125))
**Spec Clarifications**
- Add a note to the invite endpoints that invites to local users may be received twice over federation if the homeserver is already in the room. ([#2067](https://github.com/matrix-org/matrix-spec/issues/2067))
- Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
- Clarify that auth event of `content.join_authorised_via_users_server` is only necessary for `m.room.member` with a `membership` of `join`. ([#2100](https://github.com/matrix-org/matrix-spec/issues/2100))
- Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility. ([#2104](https://github.com/matrix-org/matrix-spec/issues/2104))
- Fix various typos throughout the specification. ([#2128](https://github.com/matrix-org/matrix-spec/issues/2128))
- Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks. ([#2140](https://github.com/matrix-org/matrix-spec/issues/2140))
## Application Service API
**Spec Clarifications**
- Clarify in the application service registration schema the `url: null` behaviour. ([#2130](https://github.com/matrix-org/matrix-spec/issues/2130))
## Identity Service API
**Spec Clarifications**
- Clarify that public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
## Push Gateway API
No significant changes.
## Room Versions
No significant changes.
## Appendices
No significant changes.
## Internal Changes/Tooling
**Spec Clarifications**
- Adjust margins in rendered endpoints. ([#2081](https://github.com/matrix-org/matrix-spec/issues/2081))
- Replace Hugo shortcodes in OpenAPI output. ([#2088](https://github.com/matrix-org/matrix-spec/issues/2088))
- Add [well-known funding manifest urls](https://floss.fund/funding-manifest/) to spec to authorise https://matrix.org/funding.json. Contributed by @HarHarLinks. ([#2115](https://github.com/matrix-org/matrix-spec/issues/2115))
- Fix the historical info box when generating the historical spec in CI. ([#2123](https://github.com/matrix-org/matrix-spec/issues/2123))
- Update the header navigation menu with links to modern matrix.org. Contributed by @HarHarLinks. ([#2137](https://github.com/matrix-org/matrix-spec/issues/2137))

6
content/client-server-api/_index.md
View file

@ -12,6 +12,12 @@ clients which maintain a full local persistent copy of server state.
## API Standards ## API Standards
{{% boxes/note %}}
These standards only apply to the APIs defined in the Matrix specification. APIs
used by this specification but defined in other specifications, like the [OAuth
2.0 API](#oauth-20-api), use their own rules.
{{% /boxes/note %}}
The mandatory baseline for client-server communication in Matrix is The mandatory baseline for client-server communication in Matrix is
exchanging JSON objects over HTTP APIs. More efficient transports may be exchanging JSON objects over HTTP APIs. More efficient transports may be
specified in future as optional extensions. specified in future as optional extensions.

9
content/client-server-api/modules/sso_login.md
View file

@ -6,9 +6,10 @@ allow users to log into applications via a single web-based
authentication portal. Examples include OpenID Connect, "Central authentication portal. Examples include OpenID Connect, "Central
Authentication Service" (CAS) and SAML. Authentication Service" (CAS) and SAML.
This module allows a Matrix homeserver to delegate user authentication This module allows a Matrix homeserver that supports the [legacy authentication
to an external authentication server supporting one of these protocols. API](#legacy-api) to delegate user authentication to an external authentication
In this process, there are three systems involved: server supporting one of these protocols. In this process, there are three
systems involved:
- A Matrix client, using the APIs defined in this specification, which - A Matrix client, using the APIs defined in this specification, which
is seeking to authenticate a user to a Matrix homeserver. is seeking to authenticate a user to a Matrix homeserver.
@ -24,7 +25,7 @@ used to communicate with the authentication server. Different Matrix
homeserver implementations might support different SSO protocols. homeserver implementations might support different SSO protocols.
Clients and homeservers implementing the SSO flow will need to consider Clients and homeservers implementing the SSO flow will need to consider
both [login](#login) and [user-interactive authentication](#user-interactive-authentication-api). The flow is both [login](#legacy-login) and [user-interactive authentication](#user-interactive-authentication-api). The flow is
similar in both cases, but there are slight differences. similar in both cases, but there are slight differences.
Typically, SSO systems require a single "callback" URI to be configured Typically, SSO systems require a single "callback" URI to be configured

5
data/api/client-server/administrative_contact.yaml
View file

@ -201,6 +201,11 @@ paths:
Homeservers should prevent the caller from adding a 3PID to their account if it has Homeservers should prevent the caller from adding a 3PID to their account if it has
already been added to another user's account on the homeserver. already been added to another user's account on the homeserver.
{{% boxes/warning %}}
Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: add3PID operationId: add3PID
security: security:
- accessTokenQuery: [] - accessTokenQuery: []

11
data/api/client-server/cross_signing.yaml
View file

@ -26,7 +26,7 @@ paths:
Publishes cross-signing keys for the user. Publishes cross-signing keys for the user.
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api). This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
User-Interactive Authentication MUST be performed, except in these cases: User-Interactive Authentication MUST be performed, except in these cases:
- there is no existing cross-signing master key uploaded to the homeserver, OR - there is no existing cross-signing master key uploaded to the homeserver, OR
- there is an existing cross-signing master key and it exactly matches the - there is an existing cross-signing master key and it exactly matches the
@ -34,11 +34,16 @@ paths:
keys provided in the request (self-signing key, user-signing key) they MUST also keys provided in the request (self-signing key, user-signing key) they MUST also
match the existing keys stored on the server. In other words, the request contains match the existing keys stored on the server. In other words, the request contains
no new keys. no new keys.
This allows clients to freely upload one set of keys, but not modify/overwrite keys if This allows clients to freely upload one set of keys, but not modify/overwrite keys if
they already exist. Allowing clients to upload the same set of keys more than once they already exist. Allowing clients to upload the same set of keys more than once
makes this endpoint idempotent in the case where the response is lost over the network, makes this endpoint idempotent in the case where the response is lost over the network,
which would otherwise cause a UIA challenge upon retry. which would otherwise cause a UIA challenge upon retry.
{{% boxes/warning %}}
When this endpoint requires User-Interactive Authentication, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: uploadCrossSigningKeys operationId: uploadCrossSigningKeys
security: security:
- accessTokenQuery: [] - accessTokenQuery: []

12
data/api/client-server/definitions/security.yaml
View file

@ -14,8 +14,8 @@
accessTokenQuery: accessTokenQuery:
type: apiKey type: apiKey
description: |- description: |-
**Deprecated.** The `access_token` returned by a call to `/login` or `/register`, as a query **Deprecated.** The `access_token` obtained during [account registration](/client-server-api/#account-registration)
parameter. or [login](/client-server-api/#login), as a query parameter.
It can also be the `as_token` of an application service. It can also be the `as_token` of an application service.
name: access_token name: access_token
@ -23,11 +23,11 @@ accessTokenQuery:
accessTokenBearer: accessTokenBearer:
type: http type: http
description: |- description: |-
The `access_token` returned by a call to `/login` or `/register`, using the The `access_token` obtained during [account registration](/client-server-api/#account-registration)
`Authorization: Bearer` header. or [login](/client-server-api/#login), using the `Authorization: Bearer` header.
It can also be the `as_token` of an application service. It can also be the `as_token` of an application service.
This is the preferred method. This is the preferred method.
scheme: bearer scheme: bearer
appserviceAccessTokenQuery: appserviceAccessTokenQuery:
@ -42,6 +42,6 @@ appserviceAccessTokenBearer:
description: |- description: |-
The `as_token` of an application service, using the `Authorization: Bearer` The `as_token` of an application service, using the `Authorization: Bearer`
header. header.
This is the preferred method. This is the preferred method.
scheme: bearer scheme: bearer

10
data/api/client-server/device_management.yaml
View file

@ -137,6 +137,11 @@ paths:
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api). This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
Deletes the given device, and invalidates any access token associated with it. Deletes the given device, and invalidates any access token associated with it.
{{% boxes/warning %}}
Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: deleteDevice operationId: deleteDevice
security: security:
- accessTokenQuery: [] - accessTokenQuery: []
@ -189,6 +194,11 @@ paths:
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api). This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
Deletes the given devices, and invalidates any access token associated with them. Deletes the given devices, and invalidates any access token associated with them.
{{% boxes/warning %}}
Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: deleteDevices operationId: deleteDevices
security: security:
- accessTokenQuery: [] - accessTokenQuery: []

4
data/event-schemas/schema/m.room.message$m.audio.yaml
View file

@ -15,8 +15,8 @@ properties:
"1.10": This property can act as a caption for the audio. "1.10": This property can act as a caption for the audio.
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
x-addedInMatrixVersion: "1.10" x-addedInMatrixVersion: "1.10"
formatted_body: formatted_body:

4
data/event-schemas/schema/m.room.message$m.emote.yaml
View file

@ -14,8 +14,8 @@ properties:
type: string type: string
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
formatted_body: formatted_body:
description: |- description: |-

4
data/event-schemas/schema/m.room.message$m.file.yaml
View file

@ -15,8 +15,8 @@ properties:
"1.10": This property can act as a caption for the file. "1.10": This property can act as a caption for the file.
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
x-addedInMatrixVersion: "1.10" x-addedInMatrixVersion: "1.10"
formatted_body: formatted_body:

4
data/event-schemas/schema/m.room.message$m.image.yaml
View file

@ -15,8 +15,8 @@ properties:
"1.10": This property can act as a caption for the image. "1.10": This property can act as a caption for the image.
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
x-addedInMatrixVersion: "1.10" x-addedInMatrixVersion: "1.10"
formatted_body: formatted_body:

4
data/event-schemas/schema/m.room.message$m.key.verification.request.yaml
View file

@ -22,8 +22,8 @@ properties:
verification. verification.
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
formatted_body: formatted_body:
description: |- description: |-

4
data/event-schemas/schema/m.room.message$m.notice.yaml
View file

@ -14,8 +14,8 @@ properties:
type: string type: string
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
formatted_body: formatted_body:
description: |- description: |-

4
data/event-schemas/schema/m.room.message$m.text.yaml
View file

@ -14,8 +14,8 @@ properties:
type: string type: string
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
formatted_body: formatted_body:
description: |- description: |-

4
data/event-schemas/schema/m.room.message$m.video.yaml
View file

@ -15,8 +15,8 @@ properties:
"1.10": This property can act as a caption for the video. "1.10": This property can act as a caption for the video.
format: format:
description: |- description: |-
The format used in the `formatted_body`. Currently only The format used in the `formatted_body`. This is required if `formatted_body`
`org.matrix.custom.html` is supported. is specified. Currently only `org.matrix.custom.html` is supported.
type: string type: string
x-addedInMatrixVersion: "1.10" x-addedInMatrixVersion: "1.10"
formatted_body: formatted_body: