Merge 6646146f8c into 6edb6ba1cd

become unstable
Matrix 1.15
2026-04-20 09:54:10 +02:00 · 2025-06-29 11:25:22 +02:00 · 2025-06-26 10:48:27 -06:00 · 2025-06-26 10:43:51 -06:00 · 2025-06-26 10:40:43 -06:00 · 2025-06-26 10:30:39 -06:00
53 changed files with 373 additions and 198 deletions
--- a/changelogs/application_service/newsfragments/2130.feature
+++ b/changelogs/application_service/newsfragments/2130.feature
@ -1 +0,0 @@
-Correct null value handling for the AS Registration's `url` property.
--- a/changelogs/client_server/newsfragments/2068.clarification
+++ b/changelogs/client_server/newsfragments/2068.clarification
@ -1 +0,0 @@
-Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty.
--- a/changelogs/client_server/newsfragments/2071.feature
+++ b/changelogs/client_server/newsfragments/2071.feature
@ -0,0 +1 @@
+Feature: Update profile endpoints to become generic to support [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133) extended fields. Extended profile fields are now supported via the new `m.profile_fields` capability, which deprecates the previous `m.set_avatar_url` and `m.set_displayname` capabilities. Stabilised keys are explicitly enumerated, and custom keys must conform to the Common Namespaced Identifier Grammar.
--- a/changelogs/client_server/newsfragments/2077.clarification
+++ b/changelogs/client_server/newsfragments/2077.clarification
@ -1 +0,0 @@
-Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places.
--- a/changelogs/client_server/newsfragments/2083.clarification
+++ b/changelogs/client_server/newsfragments/2083.clarification
@ -1,2 +0,0 @@
-Clarify the format of third-party invites, including the fact that identity
-server public keys can be encoded using standard or URL-safe base64.
--- a/changelogs/client_server/newsfragments/2095.feature
+++ b/changelogs/client_server/newsfragments/2095.feature
@ -1 +0,0 @@
-Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).
--- a/changelogs/client_server/newsfragments/2101.clarification
+++ b/changelogs/client_server/newsfragments/2101.clarification
@ -1 +0,0 @@
-"Public" rooms in profile look-ups are defined through their join rule and history visibility.
--- a/changelogs/client_server/newsfragments/2102.clarification
+++ b/changelogs/client_server/newsfragments/2102.clarification
@ -1 +0,0 @@
-"Public" rooms in user directory queries are defined through their join rule and history visibility.
--- a/changelogs/client_server/newsfragments/2104.clarification
+++ b/changelogs/client_server/newsfragments/2104.clarification
@ -1 +0,0 @@
-Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility.
--- a/changelogs/client_server/newsfragments/2106.clarification
+++ b/changelogs/client_server/newsfragments/2106.clarification
@ -1 +0,0 @@
-"Public" rooms with respect to call invites are defined through their join rule.
--- a/changelogs/client_server/newsfragments/2107.clarification
+++ b/changelogs/client_server/newsfragments/2107.clarification
@ -1 +0,0 @@
-"Public" rooms have no specific meaning with respect to moderation policy lists.
--- a/changelogs/client_server/newsfragments/2108.clarification
+++ b/changelogs/client_server/newsfragments/2108.clarification
@ -1 +0,0 @@
-"Public" rooms with respect to presence are defined through their join rule.
--- a/changelogs/client_server/newsfragments/2109.clarification
+++ b/changelogs/client_server/newsfragments/2109.clarification
@ -1 +0,0 @@
-Spaces are subject to the same access mechanisms as rooms.
--- a/changelogs/client_server/newsfragments/2121.clarification
+++ b/changelogs/client_server/newsfragments/2121.clarification
@ -1 +0,0 @@
-Fix various typos throughout the specification.
--- a/changelogs/client_server/newsfragments/2122.feature
+++ b/changelogs/client_server/newsfragments/2122.feature
@ -1 +0,0 @@
-Include device keys with Olm-encrypted events as per [MSC4147](https://github.com/matrix-org/matrix-spec-proposals/pull/4147).
--- a/changelogs/client_server/newsfragments/2125.feature
+++ b/changelogs/client_server/newsfragments/2125.feature
@ -1 +0,0 @@
-Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).
--- a/changelogs/client_server/newsfragments/2140.clarification
+++ b/changelogs/client_server/newsfragments/2140.clarification
@ -1 +0,0 @@
-Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks.
--- a/changelogs/client_server/newsfragments/2141.feature
+++ b/changelogs/client_server/newsfragments/2141.feature
@ -1 +0,0 @@
-Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/client_server/newsfragments/2144.clarification
+++ b/changelogs/client_server/newsfragments/2144.clarification
@ -1 +0,0 @@
-Fix typo: as->has.
--- a/changelogs/client_server/newsfragments/2147.new
+++ b/changelogs/client_server/newsfragments/2147.new
@ -1 +0,0 @@
-Add `GET /_matrix/client/v1/auth_metadata`, as per [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965).
--- a/changelogs/client_server/newsfragments/2148.feature
+++ b/changelogs/client_server/newsfragments/2148.feature
@ -1 +0,0 @@
-Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/client_server/newsfragments/2149.feature
+++ b/changelogs/client_server/newsfragments/2149.feature
@ -1 +0,0 @@
-Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/client_server/newsfragments/2150.feature
+++ b/changelogs/client_server/newsfragments/2150.feature
@ -1 +0,0 @@
-Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/client_server/newsfragments/2151.feature
+++ b/changelogs/client_server/newsfragments/2151.feature
@ -1 +0,0 @@
-Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/client_server/newsfragments/2154.clarification
+++ b/changelogs/client_server/newsfragments/2154.clarification
@ -1 +0,0 @@
-Add missing fields in example for `ExportedSessionData`.
--- a/changelogs/client_server/newsfragments/2158.feature
+++ b/changelogs/client_server/newsfragments/2158.feature
@ -1 +0,0 @@
-Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).
--- a/changelogs/client_server/newsfragments/2159.feature
+++ b/changelogs/client_server/newsfragments/2159.feature
@ -1 +0,0 @@
-Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals.
--- a/changelogs/identity_service/newsfragments/2083.clarification
+++ b/changelogs/identity_service/newsfragments/2083.clarification
@ -1 +0,0 @@
-Clarify that public keys can be encoded using standard or URL-safe base64.
--- a/changelogs/internal/newsfragments/2081.clarification
+++ b/changelogs/internal/newsfragments/2081.clarification
@ -1 +0,0 @@
-Adjust margins in rendered endpoints.
--- a/changelogs/internal/newsfragments/2088.clarification
+++ b/changelogs/internal/newsfragments/2088.clarification
@ -1 +0,0 @@
-Replace Hugo shortcodes in OpenAPI output.
--- a/changelogs/internal/newsfragments/2115.clarification
+++ b/changelogs/internal/newsfragments/2115.clarification
@ -1 +0,0 @@
-Add [well-known funding manifest urls](https://floss.fund/funding-manifest/) to spec to authorise https://matrix.org/funding.json. Contributed by @HarHarLinks.
--- a/changelogs/internal/newsfragments/2123.clarification
+++ b/changelogs/internal/newsfragments/2123.clarification
@ -1 +0,0 @@
-Fix the historical info box when generating the historical spec in CI.
--- a/changelogs/internal/newsfragments/2137.clarification
+++ b/changelogs/internal/newsfragments/2137.clarification
@ -1 +0,0 @@
-Update the header navigation menu with links to modern matrix.org. Contributed by @HarHarLinks.
--- a/changelogs/server_server/newsfragments/2067.clarification
+++ b/changelogs/server_server/newsfragments/2067.clarification
@ -1 +0,0 @@
-Add a note to the invite endpoints that invites to local users may be received twice over federation if the homeserver is already in the room.
--- a/changelogs/server_server/newsfragments/2083.clarification
+++ b/changelogs/server_server/newsfragments/2083.clarification
@ -1,2 +0,0 @@
-Clarify the format of third-party invites, including the fact that identity
-server public keys can be encoded using standard or URL-safe base64.
--- a/changelogs/server_server/newsfragments/2095.feature
+++ b/changelogs/server_server/newsfragments/2095.feature
@ -1 +0,0 @@
-Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).
--- a/changelogs/server_server/newsfragments/2100.clarification
+++ b/changelogs/server_server/newsfragments/2100.clarification
@ -1 +0,0 @@
-Clarify that auth event of `content.join_authorised_via_users_server` is only necessary for `m.room.member` with a `membership` of `join`.
--- a/changelogs/server_server/newsfragments/2104.clarification
+++ b/changelogs/server_server/newsfragments/2104.clarification
@ -1 +0,0 @@
-Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility.
--- a/changelogs/server_server/newsfragments/2125.feature
+++ b/changelogs/server_server/newsfragments/2125.feature
@ -1 +0,0 @@
-Extend `/_matrix/federation/v1/hierarchy/{roomId}` with the new optional properties `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266).
--- a/changelogs/server_server/newsfragments/2128.clarification
+++ b/changelogs/server_server/newsfragments/2128.clarification
@ -1 +0,0 @@
-Fix various typos throughout the specification.
--- a/changelogs/server_server/newsfragments/2140.clarification
+++ b/changelogs/server_server/newsfragments/2140.clarification
@ -1 +0,0 @@
-Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks.
--- a/config/_default/hugo.toml
+++ b/config/_default/hugo.toml
@ -67,7 +67,7 @@ current_version_url = "https://spec.matrix.org/latest"
 # The following is used when status = "stable", and is displayed in various UI elements on a released version
 # of the spec.
 # major = "1"
-# minor = "14"
+# minor = "15"

 # User interface configuration
 [params.ui]
--- a/content/changelog/v1.15.md
+++ b/content/changelog/v1.15.md
@ -0,0 +1,97 @@
+---
+title: v1.15 Changelog
+linkTitle: v1.15
+type: docs
+layout: changelog
+outputs:
+  - html
+  - checklist
+date: 2025-06-26
+---
+
+## Client-Server API
+
+**New Endpoints**
+
+- Add `GET /_matrix/client/v1/room_summary/{roomIdOrAlias}`, as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125))
+- Add `GET /_matrix/client/v1/auth_metadata`, as per [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965). ([#2147](https://github.com/matrix-org/matrix-spec/issues/2147))
+
+**Backwards Compatible Changes**
+
+- Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([#2095](https://github.com/matrix-org/matrix-spec/issues/2095))
+- Include device keys with Olm-encrypted events as per [MSC4147](https://github.com/matrix-org/matrix-spec-proposals/pull/4147). ([#2122](https://github.com/matrix-org/matrix-spec/issues/2122))
+- Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125), [#2158](https://github.com/matrix-org/matrix-spec/issues/2158))
+- Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals. ([#2141](https://github.com/matrix-org/matrix-spec/issues/2141), [#2148](https://github.com/matrix-org/matrix-spec/issues/2148), [#2149](https://github.com/matrix-org/matrix-spec/issues/2149), [#2150](https://github.com/matrix-org/matrix-spec/issues/2150), [#2151](https://github.com/matrix-org/matrix-spec/issues/2151), [#2159](https://github.com/matrix-org/matrix-spec/issues/2159), [#2164](https://github.com/matrix-org/matrix-spec/issues/2164))
+
+**Spec Clarifications**
+
+- Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty. ([#2068](https://github.com/matrix-org/matrix-spec/issues/2068))
+- Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places. ([#2077](https://github.com/matrix-org/matrix-spec/issues/2077))
+- Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
+- "Public" rooms in profile look-ups are defined through their join rule and history visibility. ([#2101](https://github.com/matrix-org/matrix-spec/issues/2101))
+- "Public" rooms in user directory queries are defined through their join rule and history visibility. ([#2102](https://github.com/matrix-org/matrix-spec/issues/2102))
+- Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility. ([#2104](https://github.com/matrix-org/matrix-spec/issues/2104))
+- "Public" rooms with respect to call invites are defined through their join rule. ([#2106](https://github.com/matrix-org/matrix-spec/issues/2106))
+- "Public" rooms have no specific meaning with respect to moderation policy lists. ([#2107](https://github.com/matrix-org/matrix-spec/issues/2107))
+- "Public" rooms with respect to presence are defined through their join rule. ([#2108](https://github.com/matrix-org/matrix-spec/issues/2108))
+- Spaces are subject to the same access mechanisms as rooms. ([#2109](https://github.com/matrix-org/matrix-spec/issues/2109))
+- Fix various typos throughout the specification. ([#2121](https://github.com/matrix-org/matrix-spec/issues/2121), [#2144](https://github.com/matrix-org/matrix-spec/issues/2144))
+- Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks. ([#2140](https://github.com/matrix-org/matrix-spec/issues/2140))
+- Add missing fields in example for `ExportedSessionData`. ([#2154](https://github.com/matrix-org/matrix-spec/issues/2154))
+
+
+## Server-Server API
+
+**Backwards Compatible Changes**
+
+- Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([#2095](https://github.com/matrix-org/matrix-spec/issues/2095))
+- Extend `/_matrix/federation/v1/hierarchy/{roomId}` with the new optional properties `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125))
+
+**Spec Clarifications**
+
+- Add a note to the invite endpoints that invites to local users may be received twice over federation if the homeserver is already in the room. ([#2067](https://github.com/matrix-org/matrix-spec/issues/2067))
+- Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
+- Clarify that auth event of `content.join_authorised_via_users_server` is only necessary for `m.room.member` with a `membership` of `join`. ([#2100](https://github.com/matrix-org/matrix-spec/issues/2100))
+- Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility. ([#2104](https://github.com/matrix-org/matrix-spec/issues/2104))
+- Fix various typos throughout the specification. ([#2128](https://github.com/matrix-org/matrix-spec/issues/2128))
+- Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks. ([#2140](https://github.com/matrix-org/matrix-spec/issues/2140))
+
+
+## Application Service API
+
+**Spec Clarifications**
+
+- Clarify in the application service registration schema the `url: null` behaviour. ([#2130](https://github.com/matrix-org/matrix-spec/issues/2130))
+
+
+## Identity Service API
+
+**Spec Clarifications**
+
+- Clarify that public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
+
+
+## Push Gateway API
+
+No significant changes.
+
+
+## Room Versions
+
+No significant changes.
+
+
+## Appendices
+
+No significant changes.
+
+
+## Internal Changes/Tooling
+
+**Spec Clarifications**
+
+- Adjust margins in rendered endpoints. ([#2081](https://github.com/matrix-org/matrix-spec/issues/2081))
+- Replace Hugo shortcodes in OpenAPI output. ([#2088](https://github.com/matrix-org/matrix-spec/issues/2088))
+- Add [well-known funding manifest urls](https://floss.fund/funding-manifest/) to spec to authorise https://matrix.org/funding.json. Contributed by @HarHarLinks. ([#2115](https://github.com/matrix-org/matrix-spec/issues/2115))
+- Fix the historical info box when generating the historical spec in CI. ([#2123](https://github.com/matrix-org/matrix-spec/issues/2123))
+- Update the header navigation menu with links to modern matrix.org. Contributed by @HarHarLinks. ([#2137](https://github.com/matrix-org/matrix-spec/issues/2137))
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@ -12,6 +12,12 @@ clients which maintain a full local persistent copy of server state.

 ## API Standards

+{{% boxes/note %}}
+These standards only apply to the APIs defined in the Matrix specification. APIs
+used by this specification but defined in other specifications, like the [OAuth
+2.0 API](#oauth-20-api), use their own rules.
+{{% /boxes/note %}}
+
 The mandatory baseline for client-server communication in Matrix is
 exchanging JSON objects over HTTP APIs. More efficient transports may be
 specified in future as optional extensions.
--- a/content/client-server-api/modules/guest_access.md
+++ b/content/client-server-api/modules/guest_access.md
@ -63,7 +63,7 @@ for sending events:
 The following API endpoints are allowed to be accessed by guest accounts
 for their own account maintenance:

-* [PUT /profile/{userId}/displayname](#put_matrixclientv3profileuseriddisplayname)
+* [PUT /profile/{userId}/{keyName}](#put_matrixclientv3profileuseridkeyname)
 * [GET /devices](#get_matrixclientv3devices)
 * [GET /devices/{deviceId}](#get_matrixclientv3devicesdeviceid)
 * [PUT /devices/{deviceId}](#put_matrixclientv3devicesdeviceid)
--- a/content/client-server-api/modules/sso_login.md
+++ b/content/client-server-api/modules/sso_login.md
@ -6,9 +6,10 @@ allow users to log into applications via a single web-based
 authentication portal. Examples include OpenID Connect, "Central
 Authentication Service" (CAS) and SAML.

-This module allows a Matrix homeserver to delegate user authentication
-to an external authentication server supporting one of these protocols.
-In this process, there are three systems involved:
+This module allows a Matrix homeserver that supports the [legacy authentication
+API](#legacy-api) to delegate user authentication to an external authentication
+server supporting one of these protocols. In this process, there are three
+systems involved:

 -   A Matrix client, using the APIs defined in this specification, which
    is seeking to authenticate a user to a Matrix homeserver.
@ -24,7 +25,7 @@ used to communicate with the authentication server. Different Matrix
 homeserver implementations might support different SSO protocols.

 Clients and homeservers implementing the SSO flow will need to consider
-both [login](#login) and [user-interactive authentication](#user-interactive-authentication-api). The flow is
+both [login](#legacy-login) and [user-interactive authentication](#user-interactive-authentication-api). The flow is
 similar in both cases, but there are slight differences.

 Typically, SSO systems require a single "callback" URI to be configured
--- a/content/proposals.md
+++ b/content/proposals.md
@ -185,6 +185,10 @@ is as follows:
    -   Take care in creating your proposal. Specify your intended
        changes, and give reasoning to back them up. Changes without
        justification will likely be poorly received by the community.
+    -   At the time of creating your draft you will not yet know the PR number, so you
+        should use a placeholder number to name your file and edit that
+        after PR submission. The suggested steps are described in
+        detail [in the proposals guide](https://github.com/matrix-org/matrix-spec-proposals#1-writing-the-proposal).
 -   Fork and make a PR to the
    [matrix-spec-proposals](https://github.com/matrix-org/matrix-spec-proposals) repository.
    The ID of your PR will become the MSC ID for the lifetime of your
--- a/data/api/client-server/administrative_contact.yaml
+++ b/data/api/client-server/administrative_contact.yaml
@ -201,6 +201,11 @@ paths:

        Homeservers should prevent the caller from adding a 3PID to their account if it has
        already been added to another user's account on the homeserver.
+
+        {{% boxes/warning %}}
+        Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
+        via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
+        {{% /boxes/warning %}}
      operationId: add3PID
      security:
        - accessTokenQuery: []
--- a/data/api/client-server/capabilities.yaml
+++ b/data/api/client-server/capabilities.yaml
@ -73,11 +73,17 @@ paths:
                          - default
                          - available
                      m.set_displayname:
+                        deprecated: true
                        $ref: '#/components/schemas/booleanCapability'
-                        description: Capability to indicate if the user can change their display name.
+                        description: |
+                          **Deprecated:** Capability to indicate if the user can change their display name.
+                          Refer to `m.profile_fields` for extended profile management.
                      m.set_avatar_url:
+                        deprecated: true
                        $ref: '#/components/schemas/booleanCapability'
-                        description: Capability to indicate if the user can change their avatar.
+                        description: |
+                          **Deprecated:** Capability to indicate if the user can change their avatar.
+                          Refer to `m.profile_fields` for extended profile management.
                      m.3pid_changes:
                        $ref: '#/components/schemas/booleanCapability'
                        description: Capability to indicate if the user can change 3PID associations
@ -86,6 +92,40 @@ paths:
                        $ref: '#/components/schemas/booleanCapability'
                        description: Capability to indicate if the user can generate tokens to log further
                          clients into their account.
+                      m.profile_fields:
+                        x-addedInMatrixVersion: "1.14"
+                        type: object
+                        title: ProfileFieldsCapability
+                        description: Capability to indicate if the user can set or modify extended profile fields via
+                            [`PUT /_matrix/client/v3/profile/{userId}/{keyName}`](/client-server-api/#put_matrixclientv3profileuseridkeyname).
+                          If absent, clients should assume custom profile fields are supported, provided the
+                          response from [`/versions`](/client-server-api/#get_matrixclientversions) indicates
+                          support for a sufficiently recent spec version.
+                        properties:
+                          allowed:
+                            type: array
+                            description: List of allowed additional custom profile field keys. A `*` can be used as a
+                              wildcard to match any sequence of characters. This list takes precedence over the
+                              disallowed list if both are provided.
+                            items:
+                              type: string
+                            example:
+                              - "m.example_field"
+                              - "org.example/job_title"
+                          disallowed:
+                            type: array
+                            description: List of disallowed additional custom profile field keys. A `*` can be used as
+                              a wildcard to match any sequence of characters. Ignored if an allowed list is provided.
+                            items:
+                              type: string
+                            example:
+                              - "org.example.secret_field"
+                          enabled:
+                            type: boolean
+                            description: `true` if the user can set or modify any extended profile fields, `false` otherwise.
+                            example: true
+                        required:
+                          - enabled
              examples:
                response:
                  value: {
--- a/data/api/client-server/cross_signing.yaml
+++ b/data/api/client-server/cross_signing.yaml
@ -26,7 +26,7 @@ paths:
        Publishes cross-signing keys for the user.

        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
-        
+
        User-Interactive Authentication MUST be performed, except in these cases:
        - there is no existing cross-signing master key uploaded to the homeserver, OR
        - there is an existing cross-signing master key and it exactly matches the
@ -34,11 +34,16 @@ paths:
          keys provided in the request (self-signing key, user-signing key) they MUST also
          match the existing keys stored on the server. In other words, the request contains
          no new keys.
-        
+
        This allows clients to freely upload one set of keys, but not modify/overwrite keys if
-        they already exist. Allowing clients to upload the same set of keys more than once 
+        they already exist. Allowing clients to upload the same set of keys more than once
        makes this endpoint idempotent in the case where the response is lost over the network,
        which would otherwise cause a UIA challenge upon retry.
+
+        {{% boxes/warning %}}
+        When this endpoint requires User-Interactive Authentication, it cannot be used when the access token was obtained
+        via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
+        {{% /boxes/warning %}}
      operationId: uploadCrossSigningKeys
      security:
        - accessTokenQuery: []
--- a/data/api/client-server/definitions/security.yaml
+++ b/data/api/client-server/definitions/security.yaml
@ -14,8 +14,8 @@
 accessTokenQuery:
  type: apiKey
  description: |-
-    **Deprecated.** The `access_token` returned by a call to `/login` or `/register`, as a query
-    parameter.
+    **Deprecated.** The `access_token` obtained during [account registration](/client-server-api/#account-registration)
+    or [login](/client-server-api/#login), as a query parameter.

    It can also be the `as_token` of an application service.
  name: access_token
@ -23,11 +23,11 @@ accessTokenQuery:
 accessTokenBearer:
  type: http
  description: |-
-    The `access_token` returned by a call to `/login` or `/register`, using the
-    `Authorization: Bearer` header.
+    The `access_token` obtained during [account registration](/client-server-api/#account-registration)
+    or [login](/client-server-api/#login), using the `Authorization: Bearer` header.

    It can also be the `as_token` of an application service.
-    
+
    This is the preferred method.
  scheme: bearer
 appserviceAccessTokenQuery:
@ -42,6 +42,6 @@ appserviceAccessTokenBearer:
  description: |-
    The `as_token` of an application service, using the `Authorization: Bearer`
    header.
-    
+
    This is the preferred method.
  scheme: bearer
--- a/data/api/client-server/device_management.yaml
+++ b/data/api/client-server/device_management.yaml
@ -137,6 +137,11 @@ paths:
        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).

        Deletes the given device, and invalidates any access token associated with it.
+
+        {{% boxes/warning %}}
+        Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
+        via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
+        {{% /boxes/warning %}}
      operationId: deleteDevice
      security:
        - accessTokenQuery: []
@ -189,6 +194,11 @@ paths:
        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).

        Deletes the given devices, and invalidates any access token associated with them.
+
+        {{% boxes/warning %}}
+        Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
+        via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
+        {{% /boxes/warning %}}
      operationId: deleteDevices
      security:
        - accessTokenQuery: []
--- a/data/api/client-server/profile.yaml
+++ b/data/api/client-server/profile.yaml
@ -16,48 +16,105 @@ info:
  title: Matrix Client-Server Profile API
  version: 1.0.0
 paths:
-  "/profile/{userId}/displayname":
+  "/profile/{userId}/{keyName}":
    put:
-      summary: Set the user's display name.
+      x-changedInMatrixVersion:
+        "1.14": Endpoint now accepts variable `keyName` parameter.
+      summary: Set a profile field for a user.
      description: |-
-        This API sets the given user's display name. You must have permission to
-        set this user's display name, e.g. you need to have their `access_token`.
-      operationId: setDisplayName
+        Set or update a profile field for a user. Must be authenticated with an
+        access token authorised to make changes. Servers MAY impose size limits
+        on individual fields, and the total profile MUST be under 64 KiB.
+
+        **Note**: Setting a field to `null` keeps the key but with a `null` value,
+        which some servers may reject. To remove a field completely, use the
+        `DELETE` endpoint instead.
+      operationId: setProfileField
      security:
        - accessTokenQuery: []
        - accessTokenBearer: []
      parameters:
        - in: path
          name: userId
-          description: The user whose display name to set.
+          description: The user whose profile field should be set.
          required: true
          example: "@alice:example.com"
          schema:
            type: string
+        - in: path
+          name: keyName
+          description: The profile field key name to set. It must be either
+            `avatar_url`, `displayname`, or a custom field following the
+            [Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar).
+          required: true
+          example: "displayname"
+          schema:
+            type: string
+            pattern: '^(avatar_url|displayname|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
      requestBody:
+        description: A JSON object containing the property whose name matches
+          the `keyName` specified in the URL. See `additionalProperties` for
+          further details.
+        required: true
        content:
          application/json:
            schema:
              type: object
-              example: {
-                "displayname": "Alice Margatroid"
-              }
-              properties:
-                displayname:
-                  type: string
-                  description: The new display name for this user.
-        description: The new display name information.
-        required: true
+              minProperties: 1
+              additionalProperties:
+                description: The JSON object must include a property whose key
+                  matches the `keyName` specified in the URL. For `avatar_url`,
+                  the value must be an MXC URI string. For `displayname`, the value
+                  must be a string. For custom keys, any JSON type is allowed -
+                  servers may not validate these values, but clients should follow
+                  the format defined for that key.
+              example: { "displayname": "Alice Wonderland" }
      responses:
        "200":
-          description: The display name was set.
+          description: The profile field was set.
          content:
            application/json:
              schema:
-                type: object  # empty json object
+                type: object # empty JSON object
              examples:
                response:
                  value: {}
+        "400":
+          description: The request is malformed, contains invalid JSON, missing
+            a required parameter, specifies an invalid key, or exceeds allowed
+            size limits.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                bad_json:
+                  value:
+                    {
+                      "errcode": "M_BAD_JSON",
+                      "error": "Malformed JSON payload.",
+                    }
+                invalid_key:
+                  value:
+                    {
+                      "errcode": "M_INVALID_PARAM",
+                      "error": "Invalid profile key.",
+                    }
+        "403":
+          description: The server is unwilling to perform the operation, either
+            due to insufficient permissions or because profile modifications
+            are disabled.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                forbidden:
+                  value:
+                    {
+                      "errcode": "M_FORBIDDEN",
+                      "error": "Profile modification is not permitted.",
+                    }
        "429":
          description: This request was rate-limited.
          content:
@ -67,98 +124,133 @@ paths:
      tags:
        - User data
    get:
-      summary: Get the user's display name.
-      description: |-
-        Get the user's display name. This API may be used to fetch the user's
-        own displayname or to query the name of other users; either locally or
-        on remote homeservers.
-      operationId: getDisplayName
+      x-changedInMatrixVersion:
+        "1.14": Endpoint now accepts variable `keyName` parameter.
+      summary: Get a profile field for a user.
+      description: Get the value of a profile field for a user. Any individual
+        field must be within the total profile limit of 64 KiB.
+      operationId: getProfileField
      parameters:
        - in: path
          name: userId
-          description: The user whose display name to get.
+          description: The user whose profile field should be returned.
          required: true
          example: "@alice:example.com"
          schema:
            type: string
+        - in: path
+          name: keyName
+          description: The profile field key name to retrieve. It must be either
+            `avatar_url`, `displayname`, or a custom field following the
+            [Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar).
+          required: true
+          example: "displayname"
+          schema:
+            type: string
+            pattern: '^(avatar_url|displayname|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
      responses:
        "200":
-          description: The display name for this user.
+          description: The profile field value was retrieved.
          content:
            application/json:
              schema:
                type: object
-                properties:
-                  displayname:
-                    type: string
-                    description: The user's display name if they have set one, otherwise not
-                      present.
+                minProperties: 1
+                additionalProperties:
+                  description: The JSON response includes a property whose key
+                    matches the `keyName` specified in the URL. For `avatar_url`,
+                    the value will be an MXC URI string. For `displayname`, the
+                    value will be a string. For custom keys, any JSON type is
+                    possible - clients should expect the format defined for that key.
              examples:
                response:
-                  value: {
-                    "displayname": "Alice Margatroid"
-                  }
+                  value: { "displayname": "Alice" }
        "403":
          x-addedInMatrixVersion: "1.12"
-          description: The server is unwilling to disclose whether the user exists and/or
-            has a display name.
+          description: The server is unwilling to disclose whether the user
+            exists and/or has the specified profile field.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
-                  value: {
-                    "errcode": "M_FORBIDDEN",
-                    "error": "Profile lookup is disabled on this homeserver"
-                  }
+                  value:
+                    {
+                      "errcode": "M_FORBIDDEN",
+                      "error": "Profile lookup is disabled on this homeserver",
+                    }
        "404":
-          description: There is no display name for this user or this user does not exist.
+          description: There is no profile field with this key for this user, or
+            the user does not exist.
      tags:
        - User data
-  "/profile/{userId}/avatar_url":
-    put:
-      summary: Set the user's avatar URL.
-      description: |-
-        This API sets the given user's avatar URL. You must have permission to
-        set this user's avatar URL, e.g. you need to have their `access_token`.
-      operationId: setAvatarUrl
+    delete:
+      x-addedInMatrixVersion: "1.14"
+      summary: Remove a profile field from a user.
+      description: Remove a specific field from a user's profile.
+      operationId: deleteProfileField
      security:
        - accessTokenQuery: []
        - accessTokenBearer: []
      parameters:
        - in: path
          name: userId
-          description: The user whose avatar URL to set.
+          description: The user whose profile field should be deleted.
          required: true
          example: "@alice:example.com"
          schema:
            type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: object
-              example: {
-                "avatar_url": "mxc://matrix.org/wefh34uihSDRGhw34"
-              }
-              properties:
-                avatar_url:
-                  type: string
-                  format: uri
-                  description: The new avatar URL for this user.
-        description: The new avatar information.
-        required: true
+        - in: path
+          name: keyName
+          description: The key name of the profile field to delete. It must be either
+            `avatar_url`, `displayname`, or a custom field following the
+            [Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar).
+          required: true
+          example: "displayname"
+          schema:
+            type: string
+            pattern: '^(avatar_url|displayname|[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+)$'
      responses:
        "200":
-          description: The avatar URL was set.
+          description: The profile field was deleted.
          content:
            application/json:
              schema:
-                type: object  # empty json object
+                type: object
              examples:
                response:
                  value: {}
+        "400":
+          description: The request is malformed, contains invalid JSON, or
+            specifies an invalid key.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                bad_json:
+                  value:
+                    { "errcode": "M_BAD_JSON", "error": "Malformed request." }
+                invalid_key:
+                  value:
+                    {
+                      "errcode": "M_INVALID_PARAM",
+                      "error": "Invalid profile key.",
+                    }
+        "403":
+          description: The user is not authorised to delete this profile field.
+          content:
+            application/json:
+              schema:
+                $ref: definitions/errors/error.yaml
+              examples:
+                forbidden:
+                  value:
+                    {
+                      "errcode": "M_FORBIDDEN",
+                      "error": "Profile deletion is not permitted.",
+                    }
        "429":
          description: This request was rate-limited.
          content:
@ -167,63 +259,15 @@ paths:
                $ref: definitions/errors/rate_limited.yaml
      tags:
        - User data
-    get:
-      summary: Get the user's avatar URL.
-      description: |-
-        Get the user's avatar URL. This API may be used to fetch the user's
-        own avatar URL or to query the URL of other users; either locally or
-        on remote homeservers.
-      operationId: getAvatarUrl
-      parameters:
-        - in: path
-          name: userId
-          description: The user whose avatar URL to get.
-          required: true
-          example: "@alice:example.com"
-          schema:
-            type: string
-      responses:
-        "200":
-          description: The avatar URL for this user.
-          content:
-            application/json:
-              schema:
-                type: object
-                properties:
-                  avatar_url:
-                    type: string
-                    format: uri
-                    description: The user's avatar URL if they have set one, otherwise not present.
-              examples:
-                response:
-                  value: {
-                    "avatar_url": "mxc://matrix.org/SDGdghriugerRg"
-                  }
-        "403":
-          x-addedInMatrixVersion: "1.12"
-          description: The server is unwilling to disclose whether the user exists and/or
-            has an avatar URL.
-          content:
-            application/json:
-              schema:
-                $ref: definitions/errors/error.yaml
-              examples:
-                response:
-                  value: {
-                    "errcode": "M_FORBIDDEN",
-                    "error": "Profile lookup is disabled on this homeserver"
-                  }
-        "404":
-          description: There is no avatar URL for this user or this user does not exist.
-      tags:
-        - User data
  "/profile/{userId}":
    get:
-      summary: Get this user's profile information.
+      summary: Get all profile information for a user.
      description: |-
-        Get the combined profile information for this user. This API may be used
-        to fetch the user's own profile information or other users; either
-        locally or on remote homeservers.
+        Get the complete profile for a user. The response includes `avatar_url`
+        and `displayname` (unless set to `null`, as they can only be strings)
+        plus any custom profile fields.
+
+        **Note**: The complete profile must be under 64 KiB.
      operationId: getUserProfile
      parameters:
        - in: path
@ -243,45 +287,49 @@ paths:
                properties:
                  avatar_url:
                    type: string
-                    format: uri
-                    description: The user's avatar URL if they have set one, otherwise not present.
+                    format: mx-mxc-uri
+                    description: "Avatar URL value (MXC URI format)."
                  displayname:
                    type: string
-                    description: The user's display name if they have set one, otherwise not
-                      present.
+                additionalProperties:
+                  x-addedInMatrixVersion: "1.14"
+                  description: Any additional profile field value; may be any
+                    valid JSON type, with keys following the
+                    [Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar).
              examples:
                response:
-                  value: {
-                    "avatar_url": "mxc://matrix.org/SDGdghriugerRg",
-                    "displayname": "Alice Margatroid"
-                  }
+                  value:
+                    {
+                      "avatar_url": "mxc://matrix.org/SDGdghriugerRg",
+                      "displayname": "Alice Margatroid",
+                      "m.example_field": "custom_value",
+                    }
        "403":
          x-addedInMatrixVersion: "1.2"
-          description: The server is unwilling to disclose whether the user exists and/or
-            has profile information.
+          description: The server is unwilling to disclose whether the user
+            exists and/or has profile information.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
-                  value: {
-                    "errcode": "M_FORBIDDEN",
-                    "error": "Profile lookup is disabled on this homeserver"
-                  }
+                  value:
+                    {
+                      "errcode": "M_FORBIDDEN",
+                      "error": "Profile lookup is disabled on this homeserver",
+                    }
        "404":
-          description: There is no profile information for this user or this user does not
-            exist.
+          description: There is no profile information for this user or this
+            user does not exist.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
-                  value: {
-                    "errcode": "M_NOT_FOUND",
-                    "error": "Profile not found"
-                  }
+                  value:
+                    { "errcode": "M_NOT_FOUND", "error": "Profile not found" }
      tags:
        - User data
 servers:
Author	SHA1	Message	Date
Tom Foster	c50ab91950	Merge `6646146f8c` into `6edb6ba1cd`	2025-06-29 11:25:22 +02:00
Travis Ralston	6edb6ba1cd	become unstable Some checks failed Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled Details Spec / 🔎 Check Event schema examples (push) Has been cancelled Details Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled Details Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled Details Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled Details Spec / 📢 Run towncrier for changelog (push) Has been cancelled Details Spell Check / Spell Check with Typos (push) Has been cancelled Details Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled Details Spec / 📖 Build the spec (push) Has been cancelled Details Spec / 🔎 Validate generated HTML (push) Has been cancelled Details Spec / 📖 Build the historical backup spec (push) Has been cancelled Details	2025-06-26 10:48:27 -06:00
Travis Ralston	40065811a1	Matrix 1.15	2025-06-26 10:43:51 -06:00
Kévin Commaille	1c06ed9cf7	Final tweaks for the OAuth 2.0 API (#2164 ) * Clarify that SSO login applies to the legacy authentication API Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> * Do not point to specific authentication API for obtaining access token Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> * Add warnings about incompatibility with OAuth 2.0 to endpoints that use UIA Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> * Add changelog Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> * Add note about API standards not applying to OAuth 2.0 Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> * Apply suggestions from code review --------- Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> Co-authored-by: Travis Ralston <travpc@gmail.com>	2025-06-26 10:40:43 -06:00
Travis Ralston	6353b46add	Normalize changelog	2025-06-26 10:30:39 -06:00
Peter Gervai	0e05e45d84	Update proposals.md: add reference to the guide about how to handle not-yet-known MSC number (#2153 ) Some checks failed Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled Details Spec / 🔎 Check Event schema examples (push) Has been cancelled Details Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled Details Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled Details Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled Details Spec / 📢 Run towncrier for changelog (push) Has been cancelled Details Spell Check / Spell Check with Typos (push) Has been cancelled Details Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled Details Spec / 📖 Build the spec (push) Has been cancelled Details Spec / 🔎 Validate generated HTML (push) Has been cancelled Details Spec / 📖 Build the historical backup spec (push) Has been cancelled Details Suggest how to number the draft before user have the PR/MSC ID, referring to the other guide.	2025-06-24 17:46:02 +01:00
Patrick Cloke	6646146f8c	Accept minor suggestions from code review Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2025-06-13 10:26:20 -04:00
Tom Foster	6183f2410f	Clarify value validation requirements	2025-02-21 10:32:28 +00:00
Tom Foster	dd4ea948b6	Clarify why `avatar_url` and `displayname` can't be returned as `null`	2025-02-21 09:53:43 +00:00
Tom Foster	50eab3501e	Standardise line-wrapping and update `avatar_url` format to `mx-mxc-uri`	2025-02-21 09:28:46 +00:00
Tom Foster	37b1362bc1	Attempt to describe variable payload content	2025-02-20 18:08:10 +00:00
Tom Foster	d8cc250d20	Tag `x-addedInMatrixVersion` on `additionalProperties` in entire profile `GET`	2025-02-20 17:02:23 +00:00
Tom Foster	b5e2edf2e5	Add `x-addedInMatrixVersion`	2025-02-20 16:59:44 +00:00
Tom Foster	7ef1d9d0ec	Add `x-changedInMatrixVersion`	2025-02-20 16:56:53 +00:00
Tom Foster	3a5e5555fa	Correct `PUT`/`GET` payload definitions	2025-02-20 16:48:20 +00:00
Tom Foster	9889fe3584	Use more accessible terminology than "glob"	2025-02-20 16:40:07 +00:00
Tom Foster	013502b0c0	Mention replacement for `m.set_displayname` and `m.set_avatar_url` capability deprecation	2025-02-20 16:35:26 +00:00
Tom Foster	9859e20927	Don't use reference for capability.	2025-02-20 16:31:27 +00:00
Tom Foster	7a3b0c0804	Clarify in change log that `m.set_avatar_url` and `m.set_displayname` capabilities are now deprecated	2025-02-14 15:03:17 +00:00
Tom Foster	0b0942d192	Clarify capability lists should support wildcards	2025-02-14 15:00:53 +00:00
Tom Foster	1cc93ec951	Attempt to make descriptions look better in HTML rendered spec	2025-02-14 14:53:29 +00:00
Tom Foster	79af78022e	Camel case for endpoint variables	2025-02-14 13:47:49 +00:00
Tom Foster	17af55ddce	Fix broken link	2025-02-14 13:30:33 +00:00
Tom Foster	79a1cded02	Remove reference to spec version in `m.profile_field` capability	2025-02-14 12:57:51 +00:00
Tom Foster	76b48e25d0	Specify CNIG pattern for custom fields	2025-02-14 12:56:16 +00:00
Tom Foster	5d5b561140	Deprecate `m.set_displayname` and `m.set_avatar_url` capabilities	2025-02-14 12:47:14 +00:00
Tom Foster	9327793007	Inline information from MSC4133, remove links	2025-02-14 12:39:19 +00:00
Tom Foster	f3c269d951	Added capability	2025-02-14 12:20:25 +00:00
Tom Foster	3311b084bf	Alphabetise `avatar_url` and `displayname` and remove redundant descriptions on `displayname`	2025-02-14 12:03:49 +00:00
Tom Foster	992cf9dc35	Clarify `null` behaviour for `PUT` and `DELETE`	2025-02-14 11:53:19 +00:00
Tom Foster	4f8999be0a	Tweak wording on full profile `GET`	2025-02-14 11:32:39 +00:00
Tom Foster	82adcec491	Clarify `avatar_url` should be MXC	2025-02-14 11:21:45 +00:00
Tom Foster	41c64c877b	Linkify MSC4133 in change log	2025-02-14 11:16:40 +00:00
Tom Foster	8e9874ad22	Simplify change log	2025-02-14 11:15:00 +00:00
Tom Foster	ee9b5ddcca	Correct types and errors	2025-02-14 11:02:11 +00:00
Tom Foster	59d2c62d2d	Link to MSC4133 in endpoint descriptions	2025-02-14 10:40:09 +00:00
Tom Foster	b2e122f308	Update changelog from `clarification` to `feature`	2025-02-14 10:12:29 +00:00
Tom Foster	1fc01189f3	2071 change log	2025-02-14 09:59:22 +00:00
Tom Foster	212377e393	Merge branch 'matrix-org:main' into MSC4133	2025-02-14 09:50:59 +00:00
Tom Foster	fdc012ac01	Describe MSC4133 profile endpoint changes	2025-02-13 17:54:21 +00:00
				`@ -1 +0,0 @@`
				Correct null value handling for the AS Registration's `url` property.
				`@ -1 +0,0 @@`
				Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty.
				`@ -0,0 +1 @@`
				Feature: Update profile endpoints to become generic to support [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133) extended fields. Extended profile fields are now supported via the new `m.profile_fields` capability, which deprecates the previous `m.set_avatar_url` and `m.set_displayname` capabilities. Stabilised keys are explicitly enumerated, and custom keys must conform to the Common Namespaced Identifier Grammar.
				`@ -1 +0,0 @@`
				Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places.
				`@ -1 +0,0 @@`
				Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).
				`@ -1 +0,0 @@`
				`"Public" rooms in profile look-ups are defined through their join rule and history visibility.`
				`@ -1 +0,0 @@`
				`"Public" rooms in user directory queries are defined through their join rule and history visibility.`
				`@ -1 +0,0 @@`
				Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility.
				`@ -1 +0,0 @@`
				`"Public" rooms with respect to call invites are defined through their join rule.`