mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-02-25 07:23:42 +01:00
Compare commits
5 commits
b1e756e921
...
4e7eca91bf
| Author | SHA1 | Date | |
|---|---|---|---|
|
4e7eca91bf | ||
|
|
fda3be5ee3 | ||
|
|
7f4072d993 | ||
|
|
3c17aa3789 | ||
|
|
506bc1a164 |
|
|
@ -0,0 +1 @@
|
|||
Allow application services to masquerade as specific devices belonging to users, as per [MSC4326](https://github.com/matrix-org/matrix-spec-proposals/pull/4326).
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
Clarify that the stripped state in `invite_state` and `knock_state` in `GET /sync` response must
|
||||
include the full `m.room.member` event of the user.
|
||||
1
changelogs/client_server/newsfragments/2221.feature
Normal file
1
changelogs/client_server/newsfragments/2221.feature
Normal file
|
|
@ -0,0 +1 @@
|
|||
Allow application services to masquerade as specific devices belonging to users, as per [MSC4326](https://github.com/matrix-org/matrix-spec-proposals/pull/4326).
|
||||
|
|
@ -0,0 +1 @@
|
|||
Add note to each endpoint that uses capability negotiation.
|
||||
|
|
@ -356,6 +356,7 @@ service would like to masquerade as.
|
|||
Inputs:
|
||||
- Application service token (`as_token`)
|
||||
- User ID in the AS namespace to act as.
|
||||
- Device ID belonging to the User ID to act with.
|
||||
|
||||
Notes:
|
||||
- This applies to all aspects of the Client-Server API, except for
|
||||
|
|
@ -375,9 +376,19 @@ service's `user` namespaces. If the parameter is missing, the homeserver
|
|||
is to assume the application service intends to act as the user implied
|
||||
by the `sender_localpart` property of the registration.
|
||||
|
||||
{{% added-in v="1.17" %}} Application services MAY similarly masquerade
|
||||
as a specific device ID belonging the user ID through use of the `device_id`
|
||||
query string parameter on the request. If the given device ID is not known
|
||||
to belong to the user, the server will return a 400 `M_UNKNOWN_DEVICE` error.
|
||||
If no `user_id` is supplied, the `device_id` MUST belong to the user implied
|
||||
by the `sender_localpart` property of the application service's registration.
|
||||
If no `device_id` is supplied, the homeserver is to assume the request is
|
||||
being made without a device ID and will fail to complete operations which
|
||||
require a device ID (such as uploading one-time keys).
|
||||
|
||||
An example request would be:
|
||||
|
||||
GET /_matrix/client/v3/account/whoami?user_id=@_irc_user:example.org
|
||||
GET /_matrix/client/v3/account/whoami?user_id=@_irc_user:example.org&device_id=ABC123
|
||||
Authorization: Bearer YourApplicationServiceTokenHere
|
||||
|
||||
#### Timestamp massaging
|
||||
|
|
|
|||
|
|
@ -132,6 +132,10 @@ The server did not understand the request. This is expected to be returned with
|
|||
a 404 HTTP status code if the endpoint is not implemented or a 405 HTTP status
|
||||
code if the endpoint is implemented, but the incorrect HTTP method is used.
|
||||
|
||||
`M_UNKNOWN_DEVICE`
|
||||
{{% added-in v="1.17" %}} The device ID supplied by the application service does
|
||||
not belong to the user ID during [identity assertion](/application-service-api/#identity-assertion).
|
||||
|
||||
`M_UNKNOWN`
|
||||
An unknown error has occurred.
|
||||
|
||||
|
|
|
|||
|
|
@ -99,6 +99,10 @@ paths:
|
|||
has been removed, making this endpoint behave as though it was `false`.
|
||||
This results in this endpoint being an equivalent to `/3pid/bind` rather
|
||||
than dual-purpose.
|
||||
|
||||
This endpoint uses [capabilities negotiation](/client-server-api/#capabilities-negotiation).
|
||||
Clients SHOULD check the value of the [`m.3pid_changes` capability](/client-server-api/#m3pid_changes-capability)
|
||||
to determine if this endpoint is available.
|
||||
operationId: post3PIDs
|
||||
deprecated: true
|
||||
security:
|
||||
|
|
@ -202,6 +206,10 @@ paths:
|
|||
Homeservers should prevent the caller from adding a 3PID to their account if it has
|
||||
already been added to another user's account on the homeserver.
|
||||
|
||||
This endpoint uses [capabilities negotiation](/client-server-api/#capabilities-negotiation).
|
||||
Clients SHOULD check the value of the [`m.3pid_changes` capability](/client-server-api/#m3pid_changes-capability)
|
||||
to determine if this endpoint is available.
|
||||
|
||||
{{% boxes/warning %}}
|
||||
Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
|
||||
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
|
||||
|
|
@ -331,6 +339,10 @@ paths:
|
|||
Unlike other endpoints, this endpoint does not take an `id_access_token`
|
||||
parameter because the homeserver is expected to sign the request to the
|
||||
identity server instead.
|
||||
|
||||
This endpoint uses [capabilities negotiation](/client-server-api/#capabilities-negotiation).
|
||||
Clients SHOULD check the value of the [`m.3pid_changes` capability](/client-server-api/#m3pid_changes-capability)
|
||||
to determine if this endpoint is available.
|
||||
operationId: delete3pidFromAccount
|
||||
security:
|
||||
- accessTokenQuery: []
|
||||
|
|
|
|||
|
|
@ -34,6 +34,10 @@ paths:
|
|||
valid access token is provided. The homeserver SHOULD NOT revoke the
|
||||
access token provided in the request. Whether other access tokens for
|
||||
the user are revoked depends on the request parameters.
|
||||
|
||||
This endpoint uses [capabilities negotiation](/client-server-api/#capabilities-negotiation).
|
||||
Clients SHOULD check the value of the [`m.change_password` capability](/client-server-api/#mchange_password-capability)
|
||||
to determine if this endpoint is available.
|
||||
security:
|
||||
- {}
|
||||
- accessTokenQuery: []
|
||||
|
|
|
|||
|
|
@ -29,6 +29,11 @@ paths:
|
|||
Servers MAY reject `null` values. Servers that accept `null` values SHOULD store
|
||||
them rather than treating `null` as a deletion request. Clients that want to delete a
|
||||
field, including its key and value, SHOULD use the `DELETE` endpoint instead.
|
||||
|
||||
This endpoint uses [capabilities negotiation](/client-server-api/#capabilities-negotiation)
|
||||
depending on the `keyName`. Clients SHOULD check the value of the
|
||||
[`m.profile_fields` capability](/client-server-api/#mprofile_fields-capability) to detect
|
||||
which `keyName`s they are allowed to modify.
|
||||
operationId: setProfileField
|
||||
security:
|
||||
- accessTokenQuery: []
|
||||
|
|
|
|||
|
|
@ -369,8 +369,14 @@ paths:
|
|||
description: |-
|
||||
The [stripped state events](/client-server-api/#stripped-state) that form the
|
||||
invite state.
|
||||
|
||||
MUST also include the `m.room.member` event of the user with a membership of
|
||||
`invite`, and using the same event format as joined rooms with the `event_id`
|
||||
and `origin_server_ts` fields.
|
||||
items:
|
||||
$ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
|
||||
anyOf:
|
||||
- $ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
|
||||
- $ref: definitions/client_event_without_room_id.yaml
|
||||
type: array
|
||||
knock:
|
||||
title: Knocked rooms
|
||||
|
|
@ -394,8 +400,14 @@ paths:
|
|||
description: |-
|
||||
The [stripped state events](/client-server-api/#stripped-state) that form the
|
||||
knock state.
|
||||
|
||||
MUST also include the `m.room.member` event of the user with a membership of
|
||||
`knock`, and using the same event format as joined rooms with the `event_id` and
|
||||
`origin_server_ts` fields.
|
||||
items:
|
||||
$ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
|
||||
anyOf:
|
||||
- $ref: ../../event-schemas/schema/core-event-schema/stripped_state.yaml
|
||||
- $ref: definitions/client_event_without_room_id.yaml
|
||||
type: array
|
||||
leave:
|
||||
title: Left rooms
|
||||
|
|
@ -628,6 +640,8 @@ paths:
|
|||
"sender": "@alice:example.com",
|
||||
"type": "m.room.member",
|
||||
"state_key": "@bob:example.com",
|
||||
"event_id": "$19dl9d3848dJLle:example.com",
|
||||
"origin_server_ts": 1432735439654,
|
||||
"content": {
|
||||
"membership": "invite"
|
||||
}
|
||||
|
|
@ -652,6 +666,8 @@ paths:
|
|||
"sender": "@bob:example.com",
|
||||
"type": "m.room.member",
|
||||
"state_key": "@bob:example.com",
|
||||
"event_id": "$Fg83Kl3764di23a:example.com",
|
||||
"origin_server_ts": 143273039402,
|
||||
"content": {
|
||||
"membership": "knock"
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue