archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
matthew/msc4132
tulir/msc4142
release/v1.10
travis/release-steps-update-mar192024
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8c874176d2'
${ noResults }
matrix-spec/specification/modules/guest_access.rst

88 lines
3.9 KiB
ReStructuredText
Raw Normal View History Unescape Escape

Specify guest room access This was reviewed as PR #150 and merged from daniel/anonymousaccess
9 years ago
Guest access
============
.. _module:guest-access:
There are times when it is desirable for clients to be able to interact with
rooms without having to fully register for an account on a homeserver or join
the room. This module specifies how these clients should interact with servers
in order to participate in rooms as guests.
Guest users retrieve access tokens from a homeserver using the ordinary
`register endpoint <#post-matrix-client-api-v2-alpha-register>`_, specifying
the ``kind`` parameter as ``guest``. They may then interact with the
client-server API as any other user would, but will only have access to a subset
of the API as described the Client behaviour subsection below.
Homeservers may choose not to allow this access at all to their local users, but
have no information about whether users on other homeservers are guests or not.
This module does not fully factor in federation; it relies on individual
homeservers properly adhering to the rules set out in this module, rather than
allowing all homeservers to enforce the rules on each other.
Events
------
{{m_room_guest_access_event}}
Client behaviour
----------------
The following API endpoints are allowed to be accessed by guest accounts for
retrieving events:
* `GET /rooms/:room_id/state <#get-matrix-client-api-v1-rooms-roomid-state>`_
* `GET /rooms/:room_id/state/:event_type/:state_key <#get-matrix-client-api-v1-rooms-roomid-state-eventtype-statekey>`_
* `GET /rooms/:room_id/messages <#get-matrix-client-api-v1-rooms-roomid-messages>`_
Guest users are allowed room initialSync
9 years ago
* `GET /rooms/:room_id/initialSync <#get-matrix-client-api-v1-rooms-roomid-initialsync>`_
Specify guest room access This was reviewed as PR #150 and merged from daniel/anonymousaccess
9 years ago
There is also a special version of the
`GET /events <#get-matrix-client-api-v1-events>`_ endpoint:
{{guest_events_http_api}}
They will only return events which happened while the room state had the
``m.room.history_visibility`` state event present with ``history_visibility``
value ``world_readable``. Guest clients do not need to join rooms in order to
receive events for them.
The following API endpoints are allowed to be accessed by guest accounts for
sending events:
* `POST /rooms/:room_id/join <#post-matrix-client-api-v1-rooms-roomid-join>`_
* `PUT /rooms/:room_id/send/m.room.message/:txn_id <#put-matrix-client-api-v1-rooms-roomid-send-eventtype-txnid>`_
Guest clients *do* need to join rooms in order to send events to them.
Guests are allowed to set displaynames
9 years ago
The following API endpoints are allowed to be accessed by guest accounts for
their own account maintenance:
* `PUT /profile/:user_id/displayname <#put-matrix-client-api-v1-profile-userid-displayname>`_
Specify guest room access This was reviewed as PR #150 and merged from daniel/anonymousaccess
9 years ago
Server behaviour
----------------
Servers are required to only return events to guest accounts for rooms where
the room state at the event had the ``m.room.history_visibility`` state event
present with ``history_visibility`` value ``world_readable``. These events may
be returned even if the anonymous user is not joined to the room.
Servers MUST only allow guest users to join rooms if the ``m.room.guest_access``
state event is present on the room, and has the ``guest_access`` value
``can_join``. If the ``m.room.guest_access`` event is changed to stop this from
being the case, the server MUST set those users' ``m.room.member`` state to
``leave``.
Security considerations
-----------------------
Each homeserver manages its own guest accounts itself, and whether an account
is a guest account or not is not information passed from server to server.
Accordingly, any server participating in a room is trusted to properly enforce
the permissions outlined in this section.
Clients may wish to display to their users that rooms which are
``world_readable`` *may* be showing messages to non-joined users. There is no
way using this module to find out whether any non-joined guest users *do* see
events in the room, or to list or count any guest users.
Homeservers may want to enable protections such as captchas for guest
registration to prevent spam, denial of service, and similar attacks.