|
|
|
# Copyright 2018 New Vector Ltd
|
|
|
|
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
openapi: 3.1.0
|
|
|
|
info:
|
|
|
|
title: Matrix Identity Service Establishing Associations API
|
|
|
|
version: 2.0.0
|
|
|
|
paths:
|
|
|
|
/3pid/getValidated3pid:
|
|
|
|
get:
|
|
|
|
summary: Check whether ownership of a 3pid was validated.
|
|
|
|
description: Determines if a given 3pid has been validated by a user.
|
|
|
|
operationId: getValidated3pidV2
|
|
|
|
security:
|
|
|
|
- accessToken: []
|
|
|
|
parameters:
|
|
|
|
- in: query
|
|
|
|
name: sid
|
|
|
|
description: The Session ID generated by the `requestToken` call.
|
|
|
|
required: true
|
|
|
|
example: "1234"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- in: query
|
|
|
|
name: client_secret
|
|
|
|
description: The client secret passed to the `requestToken` call.
|
|
|
|
required: true
|
|
|
|
example: monkeys_are_GREAT
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
responses:
|
|
|
|
"200":
|
|
|
|
description: Validation information for the session.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
medium:
|
|
|
|
type: string
|
|
|
|
description: The medium type of the 3pid.
|
|
|
|
address:
|
|
|
|
type: string
|
|
|
|
description: The address of the 3pid being looked up.
|
|
|
|
validated_at:
|
|
|
|
type: integer
|
|
|
|
format: int64
|
|
|
|
description: |-
|
|
|
|
Timestamp, in milliseconds, indicating the time that the 3pid
|
|
|
|
was validated.
|
|
|
|
required:
|
|
|
|
- medium
|
|
|
|
- address
|
|
|
|
- validated_at
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"medium": "email",
|
|
|
|
"validated_at": 1457622739026,
|
|
|
|
"address": "louise@bobs.burgers"
|
|
|
|
}
|
|
|
|
"400":
|
|
|
|
description: |-
|
|
|
|
The session has not been validated.
|
|
|
|
|
|
|
|
If the session has not been validated, then `errcode` will be
|
|
|
|
`M_SESSION_NOT_VALIDATED`. If the session has timed out, then
|
|
|
|
`errcode` will be `M_SESSION_EXPIRED`.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_SESSION_NOT_VALIDATED",
|
|
|
|
"error": "This validation session has not yet been completed"
|
|
|
|
}
|
|
|
|
"403":
|
|
|
|
description: |
|
|
|
|
The user must do something in order to use this endpoint. One example
|
|
|
|
is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_TERMS_NOT_SIGNED",
|
|
|
|
"error": "Please accept our updated terms of service before continuing"
|
|
|
|
}
|
|
|
|
"404":
|
|
|
|
description: The Session ID or client secret were not found.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_NO_VALID_SESSION",
|
|
|
|
"error": "No valid session was found matching that sid and client secret"
|
|
|
|
}
|
|
|
|
/3pid/bind:
|
|
|
|
post:
|
|
|
|
summary: Publish an association between a session and a Matrix user ID.
|
|
|
|
description: |-
|
|
|
|
Publish an association between a session and a Matrix user ID.
|
|
|
|
|
|
|
|
Future calls to `/lookup` for any of the session\'s 3pids will return
|
|
|
|
this association.
|
|
|
|
|
|
|
|
Note: for backwards compatibility with previous drafts of this
|
|
|
|
specification, the parameters may also be specified as
|
|
|
|
`application/x-form-www-urlencoded` data. However, this usage is
|
|
|
|
deprecated.
|
|
|
|
operationId: bindV2
|
|
|
|
security:
|
|
|
|
- accessToken: []
|
|
|
|
requestBody:
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
example: {
|
|
|
|
"sid": "1234",
|
|
|
|
"client_secret": "monkeys_are_GREAT",
|
|
|
|
"mxid": "@ears:matrix.org"
|
|
|
|
}
|
|
|
|
properties:
|
|
|
|
sid:
|
|
|
|
type: string
|
|
|
|
description: The Session ID generated by the `requestToken` call.
|
|
|
|
client_secret:
|
|
|
|
type: string
|
|
|
|
description: The client secret passed to the `requestToken` call.
|
|
|
|
mxid:
|
|
|
|
type: string
|
|
|
|
description: The Matrix user ID to associate with the 3pids.
|
|
|
|
required:
|
|
|
|
- sid
|
|
|
|
- client_secret
|
|
|
|
- mxid
|
|
|
|
responses:
|
|
|
|
"200":
|
|
|
|
description: The association was published.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
address:
|
|
|
|
type: string
|
|
|
|
description: The 3pid address of the user being looked up.
|
|
|
|
medium:
|
|
|
|
type: string
|
|
|
|
description: The medium type of the 3pid.
|
|
|
|
mxid:
|
|
|
|
type: string
|
|
|
|
description: The Matrix user ID associated with the 3pid.
|
|
|
|
not_before:
|
|
|
|
type: integer
|
|
|
|
format: int64
|
|
|
|
description: A unix timestamp before which the association is not known to be
|
|
|
|
valid.
|
|
|
|
not_after:
|
|
|
|
type: integer
|
|
|
|
format: int64
|
|
|
|
description: A unix timestamp after which the association is not known to be
|
|
|
|
valid.
|
|
|
|
ts:
|
|
|
|
type: integer
|
|
|
|
format: int64
|
|
|
|
description: The unix timestamp at which the association was verified.
|
|
|
|
signatures:
|
|
|
|
type: object
|
|
|
|
description: |-
|
|
|
|
The signatures of the verifying identity servers which show that the
|
|
|
|
association should be trusted, if you trust the verifying identity
|
|
|
|
services.
|
|
|
|
allOf:
|
|
|
|
- $ref: ../../schemas/server-signatures.yaml
|
|
|
|
required:
|
|
|
|
- address
|
|
|
|
- medium
|
|
|
|
- mxid
|
|
|
|
- not_before
|
|
|
|
- not_after
|
|
|
|
- ts
|
|
|
|
- signatures
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"address": "louise@bobs.burgers",
|
|
|
|
"medium": "email",
|
|
|
|
"mxid": "@ears:matrix.org",
|
|
|
|
"not_before": 1428825849161,
|
|
|
|
"not_after": 4582425849161,
|
|
|
|
"ts": 1428825849161,
|
|
|
|
"signatures": {
|
|
|
|
"matrix.org": {
|
|
|
|
"ed25519:0": "ENiU2YORYUJgE6WBMitU0mppbQjidDLanAusj8XS2nVRHPu+0t42OKA/r6zV6i2MzUbNQ3c3MiLScJuSsOiVDQ"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
"400":
|
|
|
|
description: |-
|
|
|
|
The association was not published.
|
|
|
|
|
|
|
|
If the session has not been validated, then `errcode` will be
|
|
|
|
`M_SESSION_NOT_VALIDATED`. If the session has timed out, then
|
|
|
|
`errcode` will be `M_SESSION_EXPIRED`.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_SESSION_NOT_VALIDATED",
|
|
|
|
"error": "This validation session has not yet been completed"
|
|
|
|
}
|
|
|
|
"403":
|
|
|
|
description: |
|
|
|
|
The user must do something in order to use this endpoint. One example
|
|
|
|
is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_TERMS_NOT_SIGNED",
|
|
|
|
"error": "Please accept our updated terms of service before continuing"
|
|
|
|
}
|
|
|
|
"404":
|
|
|
|
description: The Session ID or client secret were not found
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_NO_VALID_SESSION",
|
|
|
|
"error": "No valid session was found matching that sid and client secret"
|
|
|
|
}
|
|
|
|
/3pid/unbind:
|
|
|
|
post:
|
|
|
|
summary: Remove an association between a session and a Matrix user ID.
|
|
|
|
description: |-
|
|
|
|
Remove an association between a session and a Matrix user ID.
|
|
|
|
|
|
|
|
Future calls to `/lookup` for any of the session's 3pids will not
|
|
|
|
return the removed association.
|
|
|
|
|
|
|
|
The identity server should authenticate the request in one of two
|
|
|
|
ways:
|
|
|
|
|
|
|
|
1. The request is signed by the homeserver which controls the `user_id`.
|
|
|
|
2. The request includes the `sid` and `client_secret` parameters,
|
|
|
|
as per `/3pid/bind`, which proves ownership of the 3PID.
|
|
|
|
|
|
|
|
If this endpoint returns a JSON Matrix error, that error should be passed
|
|
|
|
through to the client requesting an unbind through a homeserver, if the
|
|
|
|
homeserver is acting on behalf of a client.
|
|
|
|
operationId: unbindV2
|
|
|
|
security:
|
|
|
|
- accessToken: []
|
|
|
|
requestBody:
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
example: {
|
|
|
|
"sid": "1234",
|
|
|
|
"client_secret": "monkeys_are_GREAT",
|
|
|
|
"mxid": "@ears:example.org",
|
|
|
|
"threepid": {
|
|
|
|
"medium": "email",
|
|
|
|
"address": "monkeys_have_ears@example.org"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
properties:
|
|
|
|
sid:
|
|
|
|
type: string
|
|
|
|
description: The Session ID generated by the `requestToken` call.
|
|
|
|
client_secret:
|
|
|
|
type: string
|
|
|
|
description: The client secret passed to the `requestToken` call.
|
|
|
|
mxid:
|
|
|
|
type: string
|
|
|
|
description: The Matrix user ID to remove from the 3pids.
|
|
|
|
threepid:
|
|
|
|
type: object
|
|
|
|
title: 3PID
|
|
|
|
description: |-
|
|
|
|
The 3PID to remove. Must match the 3PID used to generate the session
|
|
|
|
if using `sid` and `client_secret` to authenticate this request.
|
|
|
|
properties:
|
|
|
|
medium:
|
|
|
|
type: string
|
|
|
|
description: |-
|
|
|
|
A medium from the [3PID Types](/appendices/#3pid-types) Appendix, matching the medium
|
|
|
|
of the identifier to unbind.
|
|
|
|
address:
|
|
|
|
type: string
|
|
|
|
description: The 3PID address to remove.
|
|
|
|
required:
|
|
|
|
- medium
|
|
|
|
- address
|
|
|
|
required:
|
|
|
|
- threepid
|
|
|
|
- mxid
|
|
|
|
responses:
|
|
|
|
"200":
|
|
|
|
description: The association was successfully removed.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {}
|
|
|
|
"400":
|
|
|
|
description: |-
|
|
|
|
If the response body is not a JSON Matrix error, the identity server
|
|
|
|
does not support unbinds. If a JSON Matrix error is in the response
|
|
|
|
body, the requesting party should respect the error.
|
|
|
|
"403":
|
|
|
|
description: |-
|
|
|
|
The credentials supplied to authenticate the request were invalid.
|
|
|
|
This may also be returned if the identity server does not support
|
|
|
|
the chosen authentication method (such as blocking homeservers from
|
|
|
|
unbinding identifiers).
|
|
|
|
|
|
|
|
Another common error code is `M_TERMS_NOT_SIGNED` where the user
|
|
|
|
needs to [agree to more terms](/identity-service-api/#terms-of-service) in order to continue.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_FORBIDDEN",
|
|
|
|
"error": "Invalid homeserver signature"
|
|
|
|
}
|
|
|
|
"404":
|
|
|
|
description: |-
|
|
|
|
If the response body is not a JSON Matrix error, the identity server
|
|
|
|
does not support unbinds. If a JSON Matrix error is in the response
|
|
|
|
body, the requesting party should respect the error.
|
|
|
|
"501":
|
|
|
|
description: |-
|
|
|
|
If the response body is not a JSON Matrix error, the identity server
|
|
|
|
does not support unbinds. If a JSON Matrix error is in the response
|
|
|
|
body, the requesting party should respect the error.
|
|
|
|
servers:
|
|
|
|
- url: "{protocol}://{hostname}{basePath}"
|
|
|
|
variables:
|
|
|
|
protocol:
|
|
|
|
enum:
|
|
|
|
- http
|
|
|
|
- https
|
|
|
|
default: https
|
|
|
|
hostname:
|
|
|
|
default: localhost:8090
|
|
|
|
basePath:
|
|
|
|
default: /_matrix/identity/v2
|
|
|
|
components:
|
|
|
|
securitySchemes:
|
|
|
|
$ref: definitions/security.yaml
|