archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't remove id_server and id_access_token

Browse Source
pull/2290/head
Andrew Morgan 5 years ago
parent ec7e795112
commit 46e7137252
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File

17
proposals/2290-separate-threepid-bind-hs.md
Unescape Escape View File

@ -164,8 +164,10 @@ other, which is the exact behaviour we're trying to eliminate. Doing this
also helps backward compatibility, as explained in [Backwards
compatibility](#backwards-compatibility).
The `id_server` and `id_access_token` parameters are to be removed
from all of the Client-Server API's `requestToken` endpoints. That is:
Either the homeserver itself or a service that the homeserver delegates to
should be handling the sending of validation messages, not a user-provided
server. Any mention of the homeserver being able to proxy to an identity
server in the below endpoint descriptions:
* [POST /account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken)
* [POST /account/3pid/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken)
@ -174,13 +176,10 @@ from all of the Client-Server API's `requestToken` endpoints. That is:
* [POST /account/password/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-password-email-requesttoken)
* [POST /account/password/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-password-msisdn-requesttoken)
Either the homeserver itself or a service that the homeserver delegates to
should be handling the sending of validation messages, not a user-provided
server. Any mention of the homeserver being able to proxy to an identity
server in the above endpoint descriptions, as well as the text "It is
imperative that the homeserver keep a list of trusted Identity Servers and
only proxies to those that it trusts." is to be removed from all parts of the
spec, as the homeserver should no longer need to trust any identity servers.
As well as the text "It is imperative that the homeserver keep a list of
trusted Identity Servers and only proxies to those that it trusts." is to be
removed from all parts of the spec, as the homeserver should no longer need
to trust any identity servers.
## Tradeoffs

Write Preview
Loading…
Cancel
Save