archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,406 Commits
721 Branches
26 Tags
36 MiB
erikj/sss
travis/room-dir-pinned
rav/proposal/invite_blocking
main
tulir/remove-plaintext-sender-key
travis/msc/media-integrity
element-hq/oidc-qr-login
kaylendog/msc/simplified-encrypted-state
travis/msc/user-redact
kegan/persist-edu
hughns/user-limit-exceeded
quenting/account-deeplink
rav/proposal/encrypted_history_sharing
toger5/expiring-events-keep-alive
andybalaam/emoji-verification-images
hughns/capability-error-code
travis/msc/prev-events-fed
hughns/resource-limit-exceeded-extra-fields
hughns/sso-redirect-action
toger5/matrixRTC
anoa/tweak_msc_checklist
quenting/as-device-management
rei/msc_thread_subscriptions
travis/msc/3202/devices
devon/ssext_threads
rei/msc_ssext_threadsubs
hughns/device-authorization-grant
tulir/appservice-encryption-impersonation
kegan/placeholder-2
tulir/send-redact-backwards-compatibility
kegan/device-limit
travis/msc/mass-redactions-plural
hughns/rendezvous-api-update
travis/msc/placeholder/00-apr072025
dbkr/animated-image-flag
hs/user-search-profiles
hs/shared-rooms
hs/msc-as-profile-suppliments
travis/msc/in-room-bot-commands
travis/msc/modbot-api
toger5/matrixRTC-call-decline
toger5/matrixrtc-call-ringing
johannes/notify-in-app
travis/msc/invite-with-auth
kegan/msc4297
travis/msc/fix4289-pl150-tie
matthew/msc4289
matthew/msc4291
erikj/sync_v2_state_after
toger5/finalised-delayed-events-on-sync
rav/proposal/auth_events_in_correct_room
tulir/slighty-strict-user-id-grammar
tulir/remove-legacy-mentions
hughns/external-payment-details
travis/msc/redact-on-ban-room-version
travis/msc/client-room-version-caps
matthew/msc4290
travis/msc/widgets-send-receive-events
andybalaam/shared-key-backup-preference
richvdh-patch-2
hs/media-preview-switch
bnjbvr/interactive-roommessag
travis/msc/safety-glossay/ignore-block
hughns/delegated-oidc-architecture
travis/msc/reporting-v2/00-user-server
old_master
quenting/oauth2-revocation
andybalaam/crypto-terminology
travis/msc/soft-unfailure
hs/homeserver-content-trust-level
travis/msc/glossary
dbkr/threepid_submittoken_errors
travis/msc/report-user
johannes/rich-room-topics
travis/msc/process/modify-accepted
travis/msc/extev/00-base/mod/state
travis/msc/authenticated-media-v2
travis/msc/legacy-media-endpoints
travis/msc/widget-client-identification
travis/msc/mls/00-core
travis/msc/to-device-servers
travis/msc/immutable-encryption-algo
andybalaam/owner-state-events
kegan/placeholder-1
hughns/matrixrtc-m-call
matthew/msc4076
matthew/msc4234
travis/msc/knocking-server
travis/msc/abac
matthew/msc4231
rav/proposal/client_data_in_key_upload
travis/msc/search-redirect
rav/proposal/otks_in_upload_order
include_device_keys
tulir/service-members
travis/msc/safety-allow-errors-on-unbind
matthew/msc4220
matthew/msc4016
kegan/profile-changes
travis/msc/widgets-send-recv-toDevice
travis/msc/deprecated-endpoints
tulir/appservice-to-device
anoa/copy_hints
travis/msc/mention-spam-suppress
travis/msc/translated-errors
kegan/ssext-receipts
toger5/future-widget-api
kegan/otk-reset
aggregation-cleanup
toger5/rtc-focus-well-known
travis/msc/request-max-body-size
kegan/fallback-keys
travis/msc/room-labeling-filtering
rei/msc/accdata_ases
travis/msc/social-sign-on-authed-media
hughns/device-signing-upload-uia
travis/msc/verified-accounts-part1
tulir/fix-reply-intentional-mentions
travis/msc/t2bot/bot-buttons
travis/msc/head-media-download
travis/msc/fix-x-matrix-auth
babolivier/m_locked
matthew/msc4136
travis/msc/remove-qs-auth
hughns/gha-update
travis/msc/voluntary-flagging
travis/reinstated-events
travis/msc/appservice-soft-failure
hughns/simple-rendezvous-capability
travis/msc/feature-versioning
toger5/encrypted-event-indexing
matthew/msc4103
kegan/fix-threaded-read-receipts
travis/msc/signing-key-purpose
travis/msc/media-redirect-auth-cdn
toger5/localTimestamp-server-sync
kegan/complement-msc
justjanne/3981-relations-recursion
matthew/msc3018
travis/msc/delivery-receipts
giomfo/push_encrypted_events
kegan/msc3884
stefan/pusher-creation
travis/msc/2244-ext-uia
matthew/msc4083
gsouquet/unsigned-thread-id
andybalaam/event-thread-and-order
hs/proposal-admin-contact-1
kegan/sync-v3
rav/proposal/dead_device_key_claims
giomfo/tweak_email_notification
travis/msc/inhibit-profile
travis/msc/rules-prompt
travis/msc/mutable-events
travis/msc/additive-events
travis/msc/rbac-pl
clokep/mentions-mixin
travis/msc/room-id-is-create-event
travis/msc/send-as-server-or-room
travis/msc/room-send-key
travis/msc/make-send-pdu
travis/msc/drop-ips
travis/msc/strict-user-id-grammar
travis/msc/iana/service_name
andybalaam/thread-root-is-not-in-thread
andybalaam/deleting-state
babolivier/relation_redaction
weeman1337/voice-broadcast
travis/msc/polls-notifs
alfogrillo/poll_history_cache
travis/msc/room-model-config
kegan/pseudo-ids
bwindels/relation-redactions
clokep/thumbnail-media-negotiation
dbkr/voip-completed-elsewhere
madlittlemods/gappy-timelines
dbkr/2746-fix-typos
dbkr/msc2746
hughns/login-token-requests
clokep/encrypted-mentions-only-rooms
travis/msc/enc-as/otk-query
travis/msc/inline-widgets
travis/msc/voice-messages
travis/msc/extev/translatable
travis/msc/extev/video
travis/msc/extev/images
travis/msc/extev/files
travis/msc/extev/audio
travis/msc/extev/encryption
travis/msc/extev/notices
travis/msc/extev/emotes
madlittlemods/forwards-fill
hughns/device-scope-txnid
madlittlemods/join-timestamp-massaging
madlittlemods/timestamp-to-event-causality-parameter
matthew/msc2716
madlittlemods/createroom-timestamp-massaging
madlittlemods/power-level-up
kerry/display-notification-reason
travis/msc/linearized-matrix
hughns/sign-in-with-qr
kegan/ssext-account-data
kegan/ssext-typing
andybalaam/dynamic-predecessor
travis/msc/enc-as/key-query
travis/msc/otk-dl-appservice
hs/as-txn-limit
hughns/x25519-secure-channel
travis/msc/ietf-mimi-framework
hs/reporting-fixes
hughns/sign-in-with-qr-v2
kerry/remote-local-notification-toggle
madlittlemods/dynamic-predecessor
johannes/event-match-dotted-keys
dbkr/msc2747
clokep/room-tag-notifications
matthew/msc1767
matthew/msc3277
kegan/msc3885
SimonBrandner/msc/sfu
matthew/group-voip
kerry/remote-push-toggle
kerry/user-agent-on-device
travis/msc/extev/push-rules
travis/msc/extev-rel/push-rule-feature-condition
travis/msc/extev-rel/bulk-push-rule-change-endpoint
travis/msc/extev/rver-cond
travis/msc/audio-waveform
SimonBrandner/msc/call-notif
hs/appservice-no-notifs
travis/msc/del-srv
travis/msc/ietf-mimi-transport
travis/msc/ietf-mimi-message-format
fayed/cryptographic-membership
eric/msc-jump-to-date
rav/proposal/linking_media_to_events
matthew/owner-pl
madlittlemods/appservice-interested-in-local-users
justjanne/messages-endpoint-threads-filter
rav/propsal/content_tokens_for_media
matthew/msc1763
rav/proposal/faster_joins
fayed/tofu
babolivier/m_not_approved
rei/unable_partial_state_room
travis/msc/custom-stickers
babolivier/user_status
johannes/event-match-almost-anything
babolivier/msc_presence_busy
travis/msc/welcome-message
anoa/blurhash
hs/errcode-specific-failure
anoa/custom_room_presets
travis/msc/federated-reports
aggregations-references
travis/extev/power-levels
johannes/cascading-profile-tags
richvdh-patch-1
travis/clarify-msc/aggregations-on-sync
clokep/threads-push-rule
andybalaam/owned-state
travis/msc/v10
matthew/location-streaming
stefan/ephemeral-location-streaming
andybalaam/location-streaming-wip
rav/pr_templates
rav/readme
hawkowl/backfill-state
kerry/time-based-push-filtering
erikj/deprecate_sender_key
babolivier/unread_counts
travis/msc/state-change-acls
andybalaam/state-sub-keys
hs/deactivated-user-metadata
gsouquet/threading-via-relations
neilalexander/plints
travis/msc/soft-logout-flows
travis/msc/simplified-join-rules
rav/no_preview_proposals
hs/fix-as-login-typo
rav/update_deps
rav/missing_changelog
rav/clarify_send_join
warning-untagged
release/v1.2
neilalexander/powerlevels
anoa/numbers
matthew/typos
matthew/msc3676
stefan/encrypted-ephemeral-data-units
rav/fix_appservice_threepid_protocols
rav/empty_response_body_fixes
matthew/location
hs/widget-share-api
rav/allof-comments
dbkr/voip-early-media
gsouquet/from-param-msc3567
travis/msc/extev/replies-edits
neilalexander/msc/send
rav/proposal/drop-event-from-auth-events
release/v1.1
hs/appservice-login-spec
rav/fix_array_examples
shay/clarify_well_known
rav/fix_event_auth_spec
uhoreg/remove_room_message_feedback
hs/as-global-read
bwindels/aggregation-pagination
bwindels/relations-visibility
rav/update_validator
rav/fix_netlify_for_plus_branch
rav/move_prev_content
rav/fix_up_notifications
travis/msc/timeboxed-relations-endpoint
rav/remove_unsigned_from_federation_events
anoa/emote_clarifications
matthew/let-users-kick-each-other
rav/remove_event_def
hs/explicitly-link-RFC5870
kegan/spaces-summary
rav/no_rebuild_matrix.org
rav/netlify_previews
rav/del_bk_pipeline
rav/remove_old_templated
rav/fix_gen_swagger
matthew/guest-state-events
kegan/low-bandwidth
travis/msc/encrypted-state
hs/synthetic-appservice-events
daenney/msc-server-status
travis/msc/upgrade-state
dmr/remove_mentions_of_groups
rav/pagination_conventions
rav/master2
neilalexander/binary
rav/pagination_clarifications
rav/api_conventions
anoa/spec_release_infra
rav/docstyle_json_properties
rav/doc_style
rav/readme_updates
dkasak/tweak-pdu-diagram
dkasak/newsfragment-for-3339
hs/widget-invite-api
anoa/duplicate_mimetype_info
erikj/counters
kitsune/counting-unread-messages
fix-croatian-sas-emoji
hs/proposal-appservice-login
travis/msc/modal-widgets
j94/members-knock
jryans/mobile-toc-overlap
hs/explicit-room-id-for-tombstones
travis/msc/space-flair
hs/soft-kicks
clokep/batch-state
anoa/clarify_concerns_during_fcp
matthew/msc1772
travis/msc/trees
message-timezone-markup
dbkr/msc3144
rav/fix_pdu_size
rav/proposals/id_grammar
travis/msc/uia-fix-optional
dbkr/voip_asserted_identity
matthew/msc2962
travis/msc/mutable-subtypes
babolivier/msc-room-label
anoa/test
travis/msc/typed-typing-notifs
dbkr/i_felt_your_presence
anoa/room_version_7
matthew/matrix-uri
matthew/msc3020
travis/msc/tos-api
travis/msc/widgets-http-transport
travis/msc/widgets-scoped
anoa/support-rendered-data
travis/msc/widgets-re-exchange-caps
travis/msc/member-apis-event-id
travis/msc/widgets-navigate-permission
msc-connect-matrix-to-matrix
travis/msc/1337-joined-rooms
kegan/msc/threading
matthew/msc2753
travis/msc/move-widget-title
travis/widgets
travis/msc/widget-caps-respond
matthew/msc2444
travis/msc/global-event-ids
dbkr/msc2845
uhoreg/keys_withheld
dbkr/msc2772
clokep/test-pusher
travis/msc/widgets-data-error
travis/msc/widget-id
rav/proposals/notification_attributes
travis/msc/roles
neilalexander/identities
matthew/msc2775
babolivier/device_lists_clients
rav/remove_oauth2
travis/msc/ipfs
travis/msc/thumbnail-types
travis/msc/mxc-deduplication
travis/msc/media-ids
travis/msc/rudimentary-media-auth
jryans/matrix-to-uri-v2
jryans/get-event-by-id
rei/pushrules_define_enabled
rei/bug_type_actions
hs/msc-bridge-inf
matthew/msc2278
rav/proposal/mark_unread
travis/msc/impl-guide
server_server/release-r0.1.4
client_server/release-r0.6.1
kegan/backfill-wording
ben/captions-proposal
poljar/event-id-required
benp/proposals-scraper-fix
anoa/gpdr17
giomfo/tagged_events
anoa/media_as_rooms
matthew/msc1777
babolivier/identity-versions
babolivier/msc_email_case
anoa/no_auth_on_submit_token
anoa/no_client_secret
rav/proposal/fix_alias_redaction
rav/proposal/change_aliases_auth_rules
anoa/msc_media_information_api
anoa/msc_separate_hs_api
hs/msc-as-versions2
hs/msc-as-versions
jryans/clarify-cross-signing-examples
erikj/invite_reject_reasons
matthew/msc2326
msc2313
matthew/msc2359
hs/msc-2356
client_server/release-r0.6.0
identity_service/release-r0.3.0
matthew/msc2228
travis/msc/integrations/base
matthew/msc2301
matthew/2326
rav/proposal/remove_mxids_from_events
travis/msc/integrations/select-none
travis/msc/immutable-dms
travis/msc/kill-msisdn-pw-reset
matthew/msc2300
babolivier/standardised-federation-response-format
msc2271
matthew/msc2270
poljar/key_request_fix
dbkr/tos_2
dbkr/is_in_account_data
travis/msc/rejoin-private-rooms
anoa/msc2233
anoa/msc2322
travis/msc/upgraded-private-rooms
hs/hash-identity
travis/msc/third-party-power
anoa/is_store_hashed_3pids
matthew/msc1849
server_server/release-r0.1.3
application_service/release-r0.1.2
push_gateway/release-r0.1.1
matthew/msc1849-rewrite
anoa/test_pr
jryans/msc-push-rule-reactions
jryans/room-one-to-one-push-rule
anoa/typooo
identity_service/release-r0.2.1
travis/msc/federation-capabilities
client_server/release-r0.5.0
server_server/release-r0.1.2
identity_service/release-r0.2.0
application_service/release-r0.1.1
anoa/hs_3pid_tokens
matthew/1.0/msc688-msc1227-lazy-loading
matthew/msc1779
bwindels/messages-chunk-order
anoa/clarify_email_sending
rav/proposal/no_trailing_slash_on_key_request
babolivier/password-policy
matthew/room_v4
dbkr/dummy_auth_for_disambiguation
hs/disable-presence
anoa/missing_punctuation3
anoa/typo2
anoa/typo
anoa/missing_punctuation
rav/fix_jenkins_comments
neilj/Remove-prev_content-from-the-essential-keys-list2
travis/msc/integrations/stickerpicker
neilj/Remove-prev_content-from-the-essential-keys-list
rav/proposal/no_slash_in_event_id
neilj/v3_rooms_by_default
uhoreg/fix_export_format
erikj/unbind_threepid_msc
hs/proposal-admin-contact
travis/msc/cancel-3pid-sessions
babolivier/alttext-sticker
anoa/add_space
benpa/spelling-fix
erikj/fed_invite_error_code
matthew/msc1796
server_server/release-r0.1.1
server_server/release-r0.1.0
erikj/event_id_hashes
neilj/remove_presence_lists
neilj/msc-remove-presence-lists
neilj/msc_remove_presence_lists
erikj/make_membership_room_ver
dbkr/encrypted-recovery-keys
travis/msc/profile-discovery
anoa/sticky_headers_fix
matthew/msc1769
matthew/msc1776
rav/proposal/cs_capabilities
erikj/state_res_rejections
erikj/rooms_v2
erikj/event_checks
revert-1730-rav/proposal/cs_api_in_login
dbkr/add_sandbox_to_csp
rav/msc1730/work
rav/simplify_msc1730
rav/proposals/homeserver_in_sso_login
rav/proposal/signing_signing_keys
erikj/soft_logout
travis/msc/wellknown-improvements
erikj/soft_fail
matthew/encrypted-recovery-keys
travis/misc/room-spec-full
travis/notes/3pid-invites
matthew/device_list_update
matthew/to-device
client_server/release-r0.4.0
identity_service/release-r0.1.0
erikj/limit_auth_events
erikj/auth_events
erikj/auth_rejections
erikj/spec_3pid_ruls
erikj/fixup_auth_rules
application_service/release-r0.1.0
push_gateway/release-r0.1.0
human-id-rules
erikj/limit_txn_size
hs/guests-can-fetch-events
dbkr/room_tag_grammar
drafts/e2e
erikj/state_res_msc
dbkr/fix_room_tags
hs/dns-to-be-hostname
anoa/openapi_3
benp/clarifyintro
anoa/as_thirdparty_lookup
travis/proposals-pagination
benpa/travisci-ignore-proposals
hs/appservice-use-auth.type
t3chguy/errs
t3chguy/erase
t3chguy/group_id
matthew/filter_members
michaelkaye/re_add_proposals
benparsons/proposalsCI
t3chguy/search_docs
rxl881/stickerpack
proposals
rav/test
rxl881/stickers
rooms/event
dbkr/fix_keys_changes
dbkr/keys_query_token
client_server/r0.3.0_updates
dbkr/is_bulk_lookup
dbkr/threepid_add_msisdn
rav/travis
client_server/r0.2.0_updates
rav/projects-guillotine
babolivier/fix-invite-example
babolivier/third-party-invites
babolivier/fix-get-room-alias
leonerd/circle
dbkr/remove_unused_is_file_2
dbkr/remove_unused_is_file
markjh/thumbnail_url
markjh/replays
paul/thirdparty-lookup
dbkr/push_examples_api_path
erikj/report
dbkr/identity_api_right_path
dbkr/notifs_api
erikj/filter_url
rav/access_tokens
dbkr/clarify_highlight_and_sound
matthew/fix_state_sending_desc
dbkr/contains_display_name_override
dbkr/add_dot
markjh/filename
release/client-server/r0.2.0
erikj/account_deactivate
dbkr/more_requesttokens
dbkr/dont_line_wrap_rst
dbkr/threepid_requesttoken
erikj/presence
dbkr/default_state_defaults
drafts/reinstate_device_push_rules
rav/json_schema
paul/update-howto-for-r0
paul/migrating-from-v1
dbkr/fix_directory_path
dbkr/get_pushers
dbkr/add_push_change_event_id
markjh/pushrule_stream
dbkr/notification_counts
markjh/change_action
markjh/get_enabled
dbkr/fix_meta_escaping
markjh/default_rules
markjh/remove_device_specific_rules
dbkr/profile_return_null
markjh/3pid_login
markjh/three_pid_creds
invalid_user_name
erikj/create_room_3pid_invite
markjh/guest_access
markjh/account_data_filters
markjh/room_filter
markjh/wildcards
paul/federation
erikj/search_yet_agian
markjh/filter_inline
erikj/event_context_api
markjh/archived_flag
markjh/client_config
markjh/room_tags
more_nesting
markjh/syntax_highlighting_message_examples
markjh/full_http_api_docs
markjh/v2_sync_prev_content
markjh/request_syntax_highlighting
erikj/search
markjh/event_syntax_highlighting
erikj/login_fallback_v1
templating-nested-request-objects
erikj/search_actual
markjh/list_formatting
markjh/blockquote_css
clarify_scale_crop
appservice-swagger
spec-182-asapi-user-creation
registration-swagger
invite-room-state
room-avatar
proofing
proofing2
module-history-vis
module-im
spec-177-events-max-len
spec-207-asapi-unique-tokens
erikj/newline_gendoc_STOP_BEING_CRANKY
spec-205-password-strength
directory-api
spec-144-https-examples
module-push
data-messages
html-messages
markjh/initial_sync_archived_flag
markjh/v2_sync_templating
markjh/v2_sync_api
erikj/disable_federation
release-0.2.0
module-presence
module-content-repo
erikj/room_create_preset
module-receipts
module-voip
module-typing2
spec-feature-profiles
erikj/invite_state
paragraphs
erikj/login_token
spec-module-format
unused-template-vars
macaroons
markjh/check_request_schema
markjh/node_swagger_validator
spec-restructure-modules
convert-to-modules
markjh/document_v1_rooms_api
markjh/jenkins
markjh/example_checker
markjh/codehighlighting
markjh/swagger_examples
markjh/event-schema
spec-file-structure
spec-edits-cleanup
markjh/gendoc_directory
client_server_v2_http_api
newlines
receipts
markjh/history_for_rooms_that_have_been_left
history_visibility
erikj/canonical_alias
csauth2
templating
event-schemas
as-register-modifications
erikj/as-register-removal
key_v2_fixes
csauth
key_v2
ua925_reshuffle
push
v2-presence
application-services
use-cases
client_server_v2
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'andybalaam/shared-key-backup-preference'
${ noResults }
Commit Graph

6406 Commits (andybalaam/shared-key-backup-preference)
 

Author SHA1 Message Date
Andy Balaam d249eb2002 Note that servers can delete key backups already 7 months ago
Andy Balaam 3d926bd2fe Note that clients should notice when key backup is deleted 7 months ago
Andy Balaam c6a6ffc8a1 Improve wording around turning on key backups 7 months ago
Andy Balaam eb3eebd56d Fix wording of 'not perform key backup' 7 months ago
Andy Balaam b7f2324a14 Note that the security problem is less if clients make the setting visible 7 months ago
Andy Balaam e635ab0e04 Mention the weird unstable prefix 7 months ago
Andy Balaam 4b50617121 Small fixes and corrections 7 months ago
Andy Balaam 15f7585dac Update MSC number in title 7 months ago
Andy Balaam 8309e2050c Rename to reflect MSC number 7 months ago
Andy Balaam 9a9ded8628 First draft of shared-key-backup-preference 7 months ago
Richard van der Hoff 5beaf2e7a7
checklist: fix links (#4285) 
Fix a couple of broken links in the MSC checklist
 7 months ago
Travis Ralston c8d22786c3 typo 8 months ago
Quentin Gliech b2ea1a7f9e
MSC2967: API scopes (#2967) 
* API Scopes MSC

* Proposed insufficient privilege response format

* Remove realm as not required

* Clarifications + update on latest device management proposal

* Revised namespace structure + unstable prefixes

* Revise prefix for device ID

* Reference to MSC3861 + cleanup

* Add scope for guest access and tidy up

* No need for UIA scope

* Update proposals/2967-api-scopes.md

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Clarification about encoding of device ID within URN scope

* Rework MSC

- Remove insufficient privilege response
- Remove guest scopes
- Reword some parts

* Update proposals/2967-api-scopes.md

Co-authored-by: Travis Ralston <travpc@gmail.com>

* Reword as dbkr suggested

* Reword how unstable subdivisions are used

* Remove confusing sentence

* Gather all the links at the bottom of the document

* Tyding up, define exactly how device IDs are handled

* Don't use a table for a single row

* Typo

Co-authored-by: David Baker <dbkr@users.noreply.github.com>

* Fix math rendering

* Fix the math

* Minor rewording on device uniqueness

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Simplify wording around the ASCII range

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Typo

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Scope vs scope token is confusing

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Reword how the device ID is requested

* Explain why we keep the device ID generation on the client

* MSCXXXX is a better placeholder

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* The scope MUST have a device ID

* Clarify that device IDs are still unique per user

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

---------

Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 8 months ago
Quentin Gliech d83a46e498
MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix (#2966) 
* OAuth 2.0 Dynamic Registration MSC

* contacts is required non-empty

* Make client_uri mandatory

* Rework MSC

 - makes some metadata optional
 - better explain how each metadata field is used
 - better explain what the restrictions on redirect_uris are
 - remove the signed metadata part
 - mention the client metadata JSON document alternative

* Mention the `token_endpoint_auth_method` client metadata

* Update proposals/2966-oauth2-dynamic-registration.md

Co-authored-by: Tonkku <4409524+tonkku107@users.noreply.github.com>

* State that the homeserver should display the tos_uri and policy_uri

* Make the wording for the refresh token clearer

* Clarify that native callbacks with no slashes are allowed

* Give an example where the server ignores an unsupported grant type

* Add security considerations

* must -> MUST, should -> SHOULD, may -> MAY

* Clarify the client should store the client_id

* Simplify definition of client_uri, already covered by the RFC

* Explain the point of the MSC earlier

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Remove empty section

* Explicitly state that the client_uri is required

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Fix the web/native client sub-sub-sub sections

* Clarify the localhost port-less redirect URIs

* The server should return a 201 on successful registration

* Explain better the restrictions on URIs

* Allow custom ports in the redirect URI

* Client regs won't grow exponentially

* Explain how to mitigate the problem of client registrations growing over time.

* Add missing metadata in the dynamic registration response

* Make 'metadata localization' its own sub-sub-sub-sub-section

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Server may still deduplicate registrations

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Suggest different strategies to mitigate the growing number of client registrations

* Let the server delete client registrations that have no active sessions

* Really, shoud MUST do a new client reg

* Make sure the summary doesn't sound authoritative

* Put the links at the end of the file

* Explain what is Matrix-specific, what is not

---------

Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
Co-authored-by: Tonkku <4409524+tonkku107@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 8 months ago
Quentin Gliech 52db4c684a
MSC2964: Usage of OAuth 2.0 authorization code grant and refresh token grant (#2964) 
* OAuth 2.0 profile MSC

* Refer to OP rather than AS to avoid clash with Application Service

* Title update and intro about architectural change

* Add section on endpoints that would now be outside of scope and so removed

* Spelling

* Section on proposed endpoints that would no longer be relevant

* Consistency with MSC3861 and cleanup

* Standardise terminology on OpenID Provider = OP

* Update proposals/2964-oauth2-profile.md

Co-authored-by: Dominik Henneke <dominik.henneke@nordeck.net>

* Notes on QR and browserless

* OpenID id_token endpoint is still needed

* Notes about confusion with existing OIDC and OpenID capabilities

* Additional endpoints to be removed

* Add 3pid endpoints that would be removed

* Changes to GET /account/3pid

* Alternative proposal for 3PID handling

* Add section on removing UIA

* Refer to UIA as API

* We now have proposal for 3PID and guest access

* Logout semantics

* Remove TBDs that are done

* More done items

* Remove dependency loop

* Rework proposal to only cover the authorization code flow

* Fix a bunch of todos

* Fix typos

* Fix the response_mode being an authorization request parameter

* Apply suggestions from code review

Co-authored-by: Tonkku <tonkku.kallio3@gmail.com>

* Remove unused images

* Expand the security considerations section

* Clarify that using PKCE with *S256* is mandatory

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* All Matrix clients are public clients, no need to be too specific

* Add PAR/RAR in 'alternatives' section

* Replace horizontal rules with subsections

* Clarify how the client should handle access token refresh failures

* Explain why clients should use the fragment response_mode better

* Explain the scope better in the example

* Clarify that `code_verifier` should be cryptographically random

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Typo

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

---------

Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
Co-authored-by: Hugh Nimmo-Smith <hughns@element.io>
Co-authored-by: Dominik Henneke <dominik.henneke@nordeck.net>
Co-authored-by: Tonkku <tonkku.kallio3@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 8 months ago
Hugh Nimmo-Smith 2f670cafb3
MSC3861: Next-generation auth for Matrix, based on OAuth 2.0/OIDC (#3861) 
* Matrix architecture change to delegate authentication via OIDC

* MSC3861

* typoe

* typoes

* typoes

* Add proposal for Matrix.org Foundation to become member of OpenID Foundation

* Update proposals/3861-delegated-oidc-architecture.md

Co-authored-by: greizgh <greizgh@ephax.org>

* Move images inline

* Use term OpenID Provider

* Add note about extending UIA as alternative

* Add reference to related MSCs

* Rework the MSC to better explain the rationale for the change

* Start writing the actual proposal

* Remove unused images

* Expand on 'why not just OIDC' and fix some typos

* Add note on the history of the proposal

* renamed 3861-delegated-oidc-architecture.md -> 3861-next-generation-auth.md

* Define token revocation through MSC4254 & add sample flow

* Use the new version of MSC2965

* List a few potential issues

* Mention areweoidcyet.com

* Apply suggestions from code review

Co-authored-by: Travis Ralston <travisr@matrix.org>

* § about how we keep the ecosystem open

* Update the alternatives table to stop mentioning 'OP'

* Reword how we mention MSC dependencies that are already in the spec

* Reformat with prettier

* Make it clearer what proposals are adjacente, write about ASes

* Add links about the current C-S API

* Add links to the spec

* Add links about OIDC and OAuth 2.0

* Clarify what the 'system browser' means

* Give an example of a better email verification flow

* Typo

* Reword what the benefits of using the homeserver's domain name are

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Talk more about the implications of scoped access tokens.

* Linkify /capabilities

* Clarify that the sample flow is non-normative

* Explain why we can't 'just use' OpenID Connect better

* Explain how currently HS can restrict client used

* Clarify what 'UIA APIs' mean in this proposal

* Mention that in theory UIA fallbacks also means implementation complexity on the homeserver side.

* Clarify that it doesn't have to be the *default* browser

* Clarify that I meant /login

* Reword around dynamic registration

* Reword: /login is not UIA!

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Add link for "web-based fallback"

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Typo

Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>

* Reword the browser redirect explanation

Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>

* Remove easter egg

* Better outline the rationale for this MSC

Co-Authored-By: Erik Johnston <erikj@matrix.org>

* Remove the redundant point about 'protecting the user's creds'

* Simplify the argument for client registration

Co-Authored-By: Richard van der Hoff <richvdh@users.noreply.github.com>
Co-Authored-By: Erik Johnston <erikj@matrix.org>

* Clarify what we aim to deprecate

* Typo

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

---------

Co-authored-by: Matthew Hodgson <matthew@matrix.org>
Co-authored-by: greizgh <greizgh@ephax.org>
Co-authored-by: Quentin Gliech <quenting@element.io>
Co-authored-by: Travis Ralston <travisr@matrix.org>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>
Co-authored-by: Erik Johnston <erikj@matrix.org>
Co-authored-by: Richard van der Hoff <richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 8 months ago
Quentin Gliech 8d2fb67793
MSC4254: Usage of RFC7009 Token Revocation for Matrix client logout (#4254) 
* MSC4254: Usage of RFC7009 Token Revocation for Matrix client logout

* Clarify how the token_type_hint parameter is used

* Clarify what the server should do if the client_id is not provided

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Tonkku <contact@tonkku.me>

* Explain why we allow revoking without a client_id better

* Clarify how this replaces the /logout API

* Some non-contentious clarifying bits

* s/login/logout/

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Tonkku <contact@tonkku.me>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
 8 months ago
Quentin Gliech 1e689aaff8
MSC2965: OAuth 2.0 Authorization Server Metadata discovery (#2965) 
* OIDC discovery MSC

* Add `account` field

* Add id_token_hint to account management URL

* Add reference to MSC3861

* Add missing heading

* Fix reference to MSC3861

* Update proposals/2965-oidc-discovery.md

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Fix typo

* Update 2965-oidc-discovery.md

* Update proposals/2965-oidc-discovery.md

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update proposals/2965-oidc-discovery.md

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* OIDC Provider -> OpenID Provider

* Define account management URL params

* Link for account management URLs

* MSC2965: move from well-known discovery to a dedicated C-S endpoint

* MSC2965: add a note about why the well-known alternative has been discarded

* MSC2965: move the account management URL to the provider metadata

* MSC2965: line breaks

* MSC2965: update note about the account endpoint metadata

* Move the /auth_issuer endpoint to the v1 prefix

* Add the `org.matrix.cross_signing_reset` action

* Typo

* Rename MSC

* Remove account-related URLs

* Mention RFC8414 as alternative

* Outline another alternative: publish the metadata through a C-S API

* Fix the alternative flow

* Publish the auth server metadata through a new C-S API endpoint

This removes the depdency on OIDC specs

* renamed 2965-oidc-discovery.md -> 2965-auth-metadata.md

* Clarify auth & rate limiting requirements

Co-authored-by: Travis Ralston <travpc@gmail.com>

* Mention the MSCs using each metadata value

* Explain what to do when next-gen auth is not available

* Add rationale for not using a .well-known endpoint

* Reformat with prettier

* Add `issuer` to the required metadata fields

* Explain why we don't just use static C-S endpoints

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Move the rationale for not using a `.well-known` document to the alternatives section.

* Typo

* Clarify why using the .well-known would be confusing

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Clarify what 'UIA flows' are exactly

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

---------

Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
 8 months ago
Travis Ralston 9e729ec18c Fix typos 8 months ago
DeepBlueV7.X e39f38ae8a MSC3266: Room summary API (#3266) 
* Room summary proposal

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Remove alias resolution step from the federation API

* Reference #688 in the alternatives section

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Remove `is_direct` from response

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Fix unstable prefixes for implementations which keep the prefix and rest of the path separate

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add allowed_room_ids field

That way the requesting server knows, if any user would have access to
that room and it can forward the room to the user.

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Extend rationale for additional fields to reference MSC2946

Also explain that membership is already accessible information.

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add bulk API as an alternative

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Remove federation API and address feedback

- Add some additional rationale to some things.
- Federation API now reuses MSC 2946
- roomid -> roomId
- Move it out of /rooms, because it allows using an alias

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* fix prefixes again

* Remove extensions to federation API since that MSC is amended now

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Fix minor inaccuracy about the spaces sumary api

* Add encryption field back

* Add room version field

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Apply suggestions from code review

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>

* Add a bit more reasoning

* version -> room_version

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Try to address review comments

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Fix incorrect statement about encryption being a bool

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Split up the big alternatives section

* Collapse the same descriptions for publicRooms and hierarchy into one

* Shorten the 'accessible' section again

* Update proposals/3266-room-summary.md

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Update proposals/3266-room-summary.md

* Update proposals/3266-room-summary.md

Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>

* Support knock_restricted rooms and rename to room_summary

As well as a few smaller clarifications.

* Be more explicit about authentication

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Fix error codes and missing "Optional"

* Also add allowed_room_ids to hierarchy API

It suffers from the same knock_restricted issue.

* Apply suggestions from code review

Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update spec links

* Clarify accessibility rules

* Update proposals/3266-room-summary.md

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Update proposals/3266-room-summary.md

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

* Unauthenticated access is impl-dependent

* add  to response

* Clarify resposnse documentation.

* Clarify situation for invited rooms

* further clarification about unauth access

* Update proposals/3266-room-summary.md

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

---------

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>
Co-authored-by: Richard van der Hoff <richard@matrix.org>
Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 8 months ago
Travis Ralston a15271b608
MSC4260: Reporting users (Client-Server API) (#4260) 
* MSC: Reporting users (Client-Server API)

* Add guest access requirements

* Add examples; fix reason

* Clarify that reports don't transit federation, but can still be received
 9 months ago
Johannes Marbach 3f3b34a427
MSC3765: Rich text in room topics (#3765) 
* Add rich room topic MSC

Signed-off-by: Johannes Marbach <johannesm@element.io>

* Rename to reflect propper MSC number

* Fix typo

* Explain why m.topic is kept separate from m.message

* Use json5 for formatting code snippet

Co-authored-by: Travis Ralston <travisr@matrix.org>

* Remove unneeded unstable room version

* Adapt to latest version of MSC1767

* Add paragraph about preventing formatting abuse

* Introduce wrapping m.topic content block (#4111)

* Clarify the case of HTML-only topics and transition logic (#4112)

* Clarify and simplify transition logic

* Clarify the case of HTML-only topics

* Make it more explicit that m.topic replaces m.room.topic without deprecation (#4181)

* Remove line-based formatting logic and limit length of topics (#4182)

* Update MSC3765: Rich text in room topics (#4215)

Updates MSC from feedback,

* Accept suggestion

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

* Clarify length / display limits.

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

* Apply clarifications from author

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

* Make MSC3765 independent of extensible events and new room versions (#4240)

* Apply suggestions from code review

* Update proposals/3765-rich-room-topics.md

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

* Properly explain why the m.topic content block is needed (#4251)

* Apply suggestions from code review

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

---------

Signed-off-by: Johannes Marbach <johannesm@element.io>
Co-authored-by: Travis Ralston <travisr@matrix.org>
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
 9 months ago
David Baker 93b0353581
MSC4183: Additional Error Codes for submitToken endpoint (#4183) 
* MSC4180: Additional Error Codes for submitToken endpoint

* Bah, markdown

* Line wrapping

* Typos

* Right MSC number

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>

* Rename

* Add http status code

* Apply suggestions from code review

Spelling / grammar fixes

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Word wrap

* Clearer wording

* clarify

* Clarify

* Add note about not reusing error code

* Clarify that we're taking about the submittoken api in requestToken

* spelling

* Clearer wording

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Add note on POST email submitToken api

and how it isn't really a thing in practice

* Hopefully make more clearer

* Apply same change to other submitToken endpoints

...from the other requestToken enpoints

Also try to further clarify the note about the largely unused POST email submitToken

* Remove stray lines, more clarifications & consistency fix

* clarify only c/s api

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Typos & clarity

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Clarify

---------

Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
 9 months ago
Tom Foster eb813af46d
MSC4133: Extending User Profile API with Key:Value Pairs (#4133) 
* Extended profile fields

* Unstable client features

* Clarification on limits

* Warning about avatar_url and displayname limits

* Error code clarification

* Whitespace fixes

* Adjusted size limits

* Clarified Canonical JSON

* Clarifications

* Clarifications

* Remove UTF-16

* Clarify key persistence

* Out of date line

* Clarify only `u.*` namespace is limited to 512 bytes

* Include read-only fields in capability

* Change missing capability behaviour

* Typo correction

* Privacy clarification for T&S

* Consolidation and rewrite

* Whitespace fix

* Safety and security updates

* Clarify servers can hide fields

* References to MSC4201 and MSC4202

* Clarify redacted `m.room.member` events

* Error codes and redundant instructions

* Removing custom fields

* Typo fix

* Clarifications and readability

* Correct key length error to match common grammar limit

* Remove PATCH/PUT.

* Removed redundant sections after `PUT` and `PATCH` methods removed

* Re-add client feature for managing profile fields

* Update proposals/4133-extended-profiles.md

Co-authored-by: Travis Ralston <travpc@gmail.com>

* Clarify 403 error scenarios

* Add section on caching behaviour under S-S API

* Link to Canonical JSON in current spec

* Cut down instructions for clients on when to display content from federated users.

* Revert c82dab67d1

* Clarify caching and freshness challenges

* Adjust abuse section

* Authentication/rate-limiting/guest access requirements

* Un-revert accidental revert of af87bbeb26

* Simplify caching recommendations

* Up to clients whether they check capability

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Technically correct is the best kind of correct

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Link to current federation profile endpoint

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Mention check for spec version when using profile fields

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Attempt to clarify what servers should not enforce about key naming

* Fix line wrapping after 9b2918e373

* Add `M_MISSING_PARAM` error

* Clarify where errors apply

* Clarify optional ability to not always federate every field

* Fix inconsistent line wrapping

* Offer suggestions for hiding extended fields when member event redacted

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Fix wrapping length of one line

---------

Co-authored-by: Patrick Cloke <patrickc@matrix.org>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 10 months ago
Travis Ralston 4c1cfb1125
MSC4239: Room version 11 as the default room version (#4239) 
* MSC: Room version 11 as the default room version

* s
 10 months ago
Johannes Marbach 03197edb69
MSC4213: Remove server_name parameter (#4213) 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 11 months ago
Hubert Chathi 51ebe01d75
MSC4147: Including device keys with Olm-encrypted events (#4147) 12 months ago
Richard van der Hoff 5370f489cd
MSC4225: Specification of an order in which one-time-keys should be issued (#4225) 
* Initial proposal

* edits

* typos

* Add impl note about dropping old keys
 12 months ago
David Teller aa7a3fc035
MSC3823: Account Suspension (#3823) 
* MSC: A code for account suspension

Signed-off-by: David Teller <davidt@element.io>

* WIP: Adding prefix

* Update proposals/3823-code-for-account-suspension.md

Co-authored-by: Travis Ralston <travpc@gmail.com>

* Apply suggestions from code review

Co-authored-by: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com>

* Update for latest requirements

* Add list of permitted/forbidden actions
* Remove `href` from error code - this will be handled in a later MSC
* Match modern template

* Clarify MSC

* Clarify differences in locking vs suspension, and future scope

---------

Signed-off-by: David Teller <davidt@element.io>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com>
Co-authored-by: Travis Ralston <travisr@matrix.org>
 1 year ago
DeepBlueV7.X 9deddd1558 MSC2781: Remove the reply fallbacks from the specification (#2781) 
* MSC2781: Down with the fallbacks

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add a note about dropping the html requirement

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add an unstable prefix for removed fallbacks.

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add a section about fallbacks not being properly specified.

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add appendix about which clients do not support replies (and why, if possible)

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Correct weechat status

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Add another alternative

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Document a few more issues with fallbacks

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Update client status, remove proposal for edits and try to turn down the language a bit

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Remove mistaken reference to the Qt renderer

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Try to make motivation a bit clearer in the proposal

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* How do anchors work?

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Drop reference to issues with edit fallbacks

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Typos

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Address review comments

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* More edits

Move edit section to a single sentence in "interaction with other
features".

Spell out why the IRC example is there.

Reword body stripping.

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Implementation traps

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Add dates to client status list

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Mention pushrules proposal in the alternatives section

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

* Update proposal to 2024

This also addresses several review comments from clokep and Travis.

* Be explicit about removal

* Apply suggestions from code review

Thanks dbkr, richvdh and clokep!

Co-authored-by: David Baker <dbkr@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Update proposals/2781-down-with-the-fallbacks.md

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Simplify wording around invalid html and potential issues

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>

---------

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 1 year ago
Richard van der Hoff 22c774de58 Revert "MSC3061: Sharing room keys for past messages (#3061)" 
This reverts commit 6a3ab1d64c.

Per https://matrix.org/blog/2024/10/security-disclosure-matrix-js-sdk-and-matrix-react-sdk/
and https://github.com/matrix-org/matrix-spec-proposals/pull/3061#issuecomment-2444845098,
we are removing the merged status of this PR.
 1 year ago
Travis Ralston b76697ed1a spelling 1 year ago
Sorunome c1fc612e86 MSC2409: Proposal to send EDUs to appservices (#2409) 
* Initial proposal commit

* Add body of proposal

* rename file

* finish up MSC

* address issues

* change key names and add unstable prefix

* Clarifications; to-device handling

* It's not exactly like sync

* Move to-device messages

* Copy edu_type behaviour

* Add full transaction example

* Add implementation notes for to-device cleanup

* Use type instead of edu_type to match realities of implementations

* Add note to say ephemeral can be omitted.

* Improve wording on why we use a seperate array.

Co-authored-by: Kevin Cox <kevincox@kevincox.ca>

* push_ephemeral -> receive_ephemeral

* Fix some typos and clarify EDU room association

* Clarify EDU formatting

* Explicitly list all event types

* Delete to-device events

to be moved to a new MSC

* Update spec link and fix typo

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Add private read receipt rules

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Wrap lines

* Apply suggestions from code review

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Explicitly mention to-device events are not here

* Mention the possibility of more granular filtering

---------

Co-authored-by: Will Hunt <will@half-shot.uk>
Co-authored-by: Travis Ralston <travisr@matrix.org>
Co-authored-by: Kevin Cox <kevincox@kevincox.ca>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 1 year ago
Johannes Marbach 6b10266b14
MSC4170: 403 error responses for profile APIs (#4170) 
Relates to matrix-org/matrix-spec#1867

Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 1 year ago
Travis Ralston 4c0ec1ea73
MSC4189: Allowing guests to access uploaded media (#4189) 1 year ago
Catalan Lover e5f33b9839
Clean up MSC_CHECKLIST.md (#4200) 
Signed-off-by: Catalan Lover catalanlover@protonmail.com
 1 year ago
Kegan Dougal 27bc9a50e9
Mandate a 'Security Considerations' section on MSCs (#4199) 
And link to lists of possible problems to think about.
This is part of an effort to improve the overall security
of Matrix during the design process.
 1 year ago
Travis Ralston f633d3006e
Update spec text for CORS MSC (#4187) 1 year ago
David Baker 41495d2355
MSC4178: Additional Error Codes for requestToken endpoint (#4178) 1 year ago
Travis Ralston abaaaee1c5
MSC4138: Update allowed HTTP methods in CORS responses (#4138) 1 year ago
DeepBlueV7.X 3b7108535b
Add a stable flag to MSC3916 (#4180) 
In conversation with several client and homeserver developers it has
come up that the current schedule for rolling out authenticated media is
hard for them to follow if they have to support all of 1.11 at once.

I think the value of authenticated media is high enough to warrant a
stable flag to encourage a faster rollout of authenticated media. This
allows servers to support authenticated media without supporting all of
1.11 already and the additional burden on client developers is minimal.

This flag is already in use by serveral implementations:

- 51b5c98033
- 2dce08bab1

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
 1 year ago
Johannes Marbach 4251928aed
MSC4156: Migrate server_name to via (#4156) 1 year ago
Matthias Ahouansou cf4cdf2663
MSC4163: Make ACLs apply to EDUs (#4163) 1 year ago
Josh Simmons f07c4508a8
drop real/legal name requirement from DCO (#4172) 
Co-authored-by: Josh Simmons <git@josh.tel>
 1 year ago
Johannes Marbach bbe54bc1c2
MSC4159: Remove the deprecated name attribute on HTML anchor elements (#4159) 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 1 year ago
Tulir Asokan f2c6766e09
Clarify "real name" in contributor requirements (#4160) 
This updates the sign-off requirements to match what most other
matrix-org and element-hq repos already have. The change was first made
in synapse: https://github.com/matrix-org/synapse/pull/3467

Signed-off-by: Tulir Asokan <tulir@maunium.net>
 1 year ago
Marcus d04470eca4 MSC2867: Marking rooms as unread (#2867) 
* marking rooms as unread

Signed-off-by: Marcus Hoffmann <bubu@bubu1.eu>

* Add alternative suggestion by @turt2live

Co-authored-by: Travis Ralston <travpc@gmail.com>

* mention that this msc lacks thread support

* typo fix

* clarify type of notification we are referring to

* fix some small typos

* Update proposals/2867-rooms_marked_unread.md

grammar improvement

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

---------

Signed-off-by: Marcus Hoffmann <bubu@bubu1.eu>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
 1 year ago
Travis Ralston 9acf41a92b
MSC4151: Reporting rooms (Client-Server API) (#4151) 
* MSC: Reporting rooms (Client-Server API)

* Add legal notes, and limit scope creep on those notes

* Mention MSC3840

* Mention information disclosure.

* Update proposals/4151-report-room.md

Co-authored-by: Quentin Gliech <quenting@element.io>

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 1 year ago
Richard van der Hoff 36c5ec47a2
MSC3916: Authentication for media (#3916) 2 years ago
Richard van der Hoff 712dd41e4f
MSC4115: membership information on events (#4115) 
* Proposal for membership information on events

* unstable prefix

* typo

* Update proposals/4115-membership-on-events.md

Co-authored-by: Matthew Hodgson <matthew@matrix.org>

* Update MSC4115

 * Make the new property *optional*.
 * Describe linear-DAG situation.
 * Mention client-side calculation as an alternative.

* spleling

* Return state *after* the event

This is much easier to calculate in Synapse.

* Clarificatoins to scope of MSC

* List of endpoints is incomplete

* RFC2119 keywords

* Remove non-issue potential issue

* Expand on why doing it client side doesn't work

* Update proposals/4115-membership-on-events.md

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update proposals/4115-membership-on-events.md

* Update proposals/4115-membership-on-events.md

* fix formatting

---------

Co-authored-by: Matthew Hodgson <matthew@matrix.org>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
 2 years ago