Improve wording about how masquerading works

pull/977/head
Travis Ralston 6 years ago
parent 857bcc0fe7
commit 13a1628f59

@ -185,18 +185,17 @@ homeserver.
Identity assertion Identity assertion
++++++++++++++++++ ++++++++++++++++++
The client-server API infers the user ID from the ``access_token`` provided in The client-server API infers the user ID from the ``access_token`` provided in
every request. It would be an annoying amount of book-keeping to maintain tokens every request. To avoid the application service from having to keep track of each
for every virtual user. It would be preferable if the application service could user's access token, the application service should identify itself to the Client-Server
use the CS API with its own ``as_token`` instead, and specify the virtual user API by providing its ``as_token`` instead for the ``access_token`` alongside the
they wish to be acting on behalf of. For real users, this would require user the application service would like to masquerade as.
additional permissions granting the AS permission to masquerade as a matrix user.
Inputs: Inputs:
- Application service token (``as_token``) - Application service token (``as_token``)
- User ID in the AS namespace to act as. - User ID in the AS namespace to act as.
Notes: Notes:
- This will apply on all aspects of the Client-Server API, except for Account Management. - This applies to all aspects of the Client-Server API, except for Account Management.
- The ``as_token`` is inserted into ``access_token`` which is usually where the - The ``as_token`` is inserted into ``access_token`` which is usually where the
client token is, such as via the query string or ``Authorization`` header. This client token is, such as via the query string or ``Authorization`` header. This
is done on purpose to allow application services to reuse client SDKs. is done on purpose to allow application services to reuse client SDKs.

Loading…
Cancel
Save