At this point Device S should check that the received intent matches what the user has asked to do on the device.
@ -690,7 +690,7 @@ This can make it hard to read what is going on.
The new device needs to know which homeserver it will be authenticating with.
In the case that the new device scanned the QR code then the homeserver base URL can be taken from the QR code and the
In the case that the new device scanned the QR code then the [server name](https://spec.matrix.org/v1.10/appendices/#server-name) of the Matrix homeserver can be taken from the QR code and the
new device proceeds to step 2 immediately.
Otherwise the new device waits to be informed by receiving an `m.login.protocols` message from the existing device.
2. **New device checks if it can use an available protocol**
Once the existing device knows which homeserver it is to use it then:
Once the existing device has determined the server name it then undertakes steps to determine if it is able to work with the homeserver.
The steps are as follows:
- use [Server Discovery](https://spec.matrix.org/v1.10/client-server-api/#server-discovery) to determine the `base_url` from the well-known URI
- checks that the homeserver is using delegated OIDC by calling `GET /_matrix/client/v1/auth_issuer` from [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965):
*New device => Homeserver via HTTP*
@ -847,22 +850,22 @@ sequenceDiagram
rect rgba(255,0,0, 0.1)
#alt if New device scanned QR code
note over N: New device completes checks from secure channel establishment step 6 - it now trusts the channel
note over N: 1) New device got Homeserver base URL from QR code
note over N: 1) New device got server name from the QR code
#else if Existing device scanned QR code
# note over E: Existing device completes step 6
# note over E: Existing device displays checkmark and CheckCode
# note over E: 1) Existing device sends m.login.protocols message
|`protocols`|required `string[]`|Array of: one of: `device_authorization_grant` |
|`homeserver`|required `string`|The base URL of the homeserver|
|`homeserver`|required `string`|The [server name](https://spec.matrix.org/v1.10/appendices/#server-name) of the Matrix homeserver|
```json
{
"type": "m.login.protocols",
"protocols": ["device_authorization_grant"],
"homeserver": "https://matrix-client.matrix.org"
"homeserver": "matrix.org"
}
```
@ -1300,7 +1304,7 @@ Fields:
|--- |--- |--- |
|`type`|required `string`|`m.login.failure`|
|`reason`|required `string`| One of: <table><tr><td><strong>Value</strong></td><td><strong>Description</strong></td></tr><tr><td><code>authorization_expired</code></td><td>The Device Authorization Grant expired</td></tr><tr><td><code>device_already_exists</code></td><td>The device ID specified by the new client already exists in the Homeserver provided device list</td></tr><tr><td><code>device_not_found</code></td><td>The new device is not present in the device list as returned by the Homeserver</td></tr><tr><td><code>unexpected_message_received</code></td><td>Sent by either device to indicate that they received a message of a type that they weren't expecting</td></tr><tr><td><code>unsupported_protocol</code></td><td>Sent by a device where no suitable protocol is available or the requested protocol requested is not supported</td></tr><tr><td><code>user_cancelled</code></td><td>Sent by either new or existing device to indicate that the user has cancelled the login</td></tr></table>|
|`homeserver`|`string`| When the existing device is sending this it can include the Base URL of the homeserver so that the new device can at least save the user the hassle of typing it in|
|`homeserver`|`string`| When the existing device is sending this it can include the [server name](https://spec.matrix.org/v1.10/appendices/#server-name) of the Matrix homeserver so that the new device can at least save the user the hassle of typing it in|
Example:
@ -1308,7 +1312,7 @@ Example:
{
"type":"m.login.failure",
"reason": "unsupported_protocol",
"homeserver": "https://matrix-client.matrix.org"
"homeserver": "matrix.org"
}
```
@ -1404,9 +1408,9 @@ The QR codes to be displayed and scanned using this format will encode binary st
- two bytes in network byte order (big-endian) indicating the length in bytes of the rendezvous session URL as a UTF-8
string
- the rendezvous session URL as a UTF-8 string
- If the QR code intent/mode is `0x04` then the homeserver base URL encode as:
- two bytes in network byte order (big-endian) indicating the length in bytes of the homeserver base URL as a UTF-8 string
- the homeserver base URL as a UTF-8 string
- If the QR code intent/mode is `0x04` then the [server name](https://spec.matrix.org/v1.10/appendices/#server-name) of the homeserver encoded as:
- two bytes in network byte order (big-endian) indicating the length in bytes of the server name as a UTF-8 string
- the server name as a UTF-8 string
For example, if Alice displays a QR code encoding the following binary string:
@ -1434,15 +1438,15 @@ Which looks as follows as a QR with error correction level Q:
A full example for an existing device using ephemeral public key `2IZoarIZe3gOMAqdSiFHSAcA15KfOasxueUUNwJI7Ws` (base64
encoded), at rendezvous session `https://rendezvous.lab.element.dev/e8da6355-550b-4a32-a193-1619d9830668` on homeserver
`https://matrix-client.matrix.org` is as follows: (Whitespace is for readability only)
`matrix.org` is as follows: (Whitespace is for readability only)
Hugh Nimmo-Smith
2 years ago
