UIAA on /account/3pid/add

pull/977/head
Andrew Morgan 5 years ago
parent 40420d9633
commit 1a51a24768

@ -45,8 +45,15 @@ will validate threepids being bound to themselves.
## Proposal ## Proposal
To solve this problem, two new endpoints will be added to the Client Server To solve this problem, two new endpoints will be added to the Client Server
API: `POST /account/3pid/bind` and `POST /account/3pid/add`. Both will API: `POST /account/3pid/bind` and `POST /account/3pid/add`. Binding to an
require authentication and be rate-limited. The request parameters of `POST identity server will require standard authentication, whereas adding a 3pid
to a user account will require [User-Interactive
Authentication](https://matrix.org/docs/spec/client_server/r0.5.0#user-interactive-authentication-api).
The latter is to prevent someone from adding a 3pid (which can be used to
reset passwords) to someone who's left their account open on a public
computer, without needing their password to do so.
Both endpoints will be rate-limited. The request parameters of `POST
/account/3pid/bind` are the same as [POST /account/3pid/bind` are the same as [POST
/account/3pid](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid), /account/3pid](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid),
minus the `bind` flag, and the contents of `three_pid_creds` have been minus the `bind` flag, and the contents of `three_pid_creds` have been

Loading…
Cancel
Save