Commit Graph

1 Commits (4a597ace51e600c164afd3ec82603f7426406f29)

Author SHA1 Message Date
Quentin Gliech 84ccbeacca MSC2918: Refresh tokens (#2918)
* Refresh tokens MSC

* MSC2918: minor changes

* MSC2918: access token expiration as milliseconds

* MSC2918: account registration API changes

* MSC2918: fix `expires_in_ms` example

* MSC2918: add precision about token revocation

* MSC2918: specify error codes for the refresh API

* MSC2918: clarify that the change also applies to ASes

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* MSC2918: clarify what problem this MSC solves

* MSC2918: minor formatting and rephrasing

* MSC2918: clarify ratelimiting, masquerading and authentication on refresh token API

* MSC2918: make expires_in_ms/refresh_token optional

* MSC2918: soft logout in refresh token API

* MSC2918: add detailed rationale

While not exhaustive, it outlines a few attack vectors this MSC tries to
mitigate.

* MSC2918: minor fix

Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>

* MSC2918: clarifications on backward compatibility

* MSC2918: advertise support in the request body

* MSC2918: clarify on what happen when token expire

* MSC2918: remove redundant precision about token expiration and lifetime

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* MSC2918: minor clarification

* MSC2918: soft logout when using expired token

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
3 years ago