Don't remove id_server and id_access_token

pull/977/head
Andrew Morgan 5 years ago
parent ec7e795112
commit 46e7137252

@ -164,8 +164,10 @@ other, which is the exact behaviour we're trying to eliminate. Doing this
also helps backward compatibility, as explained in [Backwards
compatibility](#backwards-compatibility).
The `id_server` and `id_access_token` parameters are to be removed
from all of the Client-Server API's `requestToken` endpoints. That is:
Either the homeserver itself or a service that the homeserver delegates to
should be handling the sending of validation messages, not a user-provided
server. Any mention of the homeserver being able to proxy to an identity
server in the below endpoint descriptions:
* [POST /account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken)
* [POST /account/3pid/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken)
@ -174,13 +176,10 @@ from all of the Client-Server API's `requestToken` endpoints. That is:
* [POST /account/password/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-password-email-requesttoken)
* [POST /account/password/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-password-msisdn-requesttoken)
Either the homeserver itself or a service that the homeserver delegates to
should be handling the sending of validation messages, not a user-provided
server. Any mention of the homeserver being able to proxy to an identity
server in the above endpoint descriptions, as well as the text "It is
imperative that the homeserver keep a list of trusted Identity Servers and
only proxies to those that it trusts." is to be removed from all parts of the
spec, as the homeserver should no longer need to trust any identity servers.
As well as the text "It is imperative that the homeserver keep a list of
trusted Identity Servers and only proxies to those that it trusts." is to be
removed from all parts of the spec, as the homeserver should no longer need
to trust any identity servers.
## Tradeoffs

Loading…
Cancel
Save