From 733467ae786498d5b185ec2762802dd513a72295 Mon Sep 17 00:00:00 2001 From: Matthias Ahouansou Date: Thu, 11 Apr 2024 13:31:00 +0100 Subject: [PATCH] MSC: Error on invalid auth where it is optional Signed-off-by: Matthias Ahouansou --- proposals/4128-error-optional-auth.md | 44 +++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 proposals/4128-error-optional-auth.md diff --git a/proposals/4128-error-optional-auth.md b/proposals/4128-error-optional-auth.md new file mode 100644 index 00000000..7f7d379c --- /dev/null +++ b/proposals/4128-error-optional-auth.md @@ -0,0 +1,44 @@ +# MSC4128: Error on invalid optional authentication + +## Introduction + +[MSC4026](https://github.com/matrix-org/matrix-spec-proposals/pull/4026) added optional authentication +to the `/versions` endpoint, the first of the spec to do so. However, this MSC did not specify the behaviour +of servers in cases where the authentication failed. + +Similarly, endpoints like `POST /login` and `POST /register` accept authentication only from appservices, and +the behaviour of cases where either the authentication failed and/or the user to be accessed was unavailable +(user does not exist, user is deactivated, etc.). + +This has lead to some implementations of the spec expecting the request to go through even when the auth is +invalid, while some servers respond with an error in the above cases, damaging interoperability. + +## Proposal + +In cases where authentication is optional and provided, servers should respond with an error when the authentication +token is invalid, and/or +[the user the appservice is acting as](https://spec.matrix.org/v1.10/application-service-api/#identity-assertion) +is unavailable. + +## Potential issues + +Once merged, implementations unaware of this change may error unexpectedly, as they previously depended on such +endpoints not returning an error. However, since this has already occurred with some servers already doing this, +it is best to specify this so that implementers know to account for this. + +## Alternatives + +Specifying that servers must **not** error in these cases is a possible alternative, but it is undesirable since +if the implementation is doing something wrong, they should be made aware of it as soon as possible. + +## Security considerations + +None considered. + +## Unstable prefix + +Due to this MSC simply enforcing that servers should error in specific conditions, no unstable prefix is applicable. + +## Dependencies + +None.