Some spelling fixes

pull/977/head
Will Hunt 4 years ago
parent 3a649839c2
commit 4751785a8c

@ -32,7 +32,8 @@ Example request
The response body should be unchanged from the existing `/login` specification. The response body should be unchanged from the existing `/login` specification.
If If:
- The access token is not provided - The access token is not provided
- The access token does not correspond to a appservice - The access token does not correspond to a appservice
- The access token does not correspond to a appservice that manages this user - The access token does not correspond to a appservice that manages this user
@ -44,7 +45,7 @@ Homeservers should ignore the `access_token` parameter if a type other than
`m.login.application_service` has been provided. `m.login.application_service` has been provided.
The expected flow for appservices would be to `/register` their users, and The expected flow for appservices would be to `/register` their users, and
then `/login` to generate the appropraite device. then `/login` to generate the appropriate device.
## Potential issues ## Potential issues
@ -56,12 +57,13 @@ new devices should the appservice intentionally or inadvertently lost the client
One minor tweak to the current proposal could be to include the token as part of the auth data, rather than One minor tweak to the current proposal could be to include the token as part of the auth data, rather than
being part of the header/params to the request. An argument could be made for either, but since the specification being part of the header/params to the request. An argument could be made for either, but since the specification
expects the appservice to pass the token this way in all requests, including /register it seems wise to keep expects the appservice to pass the token this way in all requests, including `/register`, it seems wise to keep
it that way. it that way.
Some community members have used implementation details such as a "shared secret" authentication method to Some community members have used implementation details such as a "shared secret" authentication method to
log into the accounts without having to use the /login process at all. Synapse provides such a function, log into the accounts without having to use the /login process at all. Synapse provides such a function,
but also means the appservice can now authenticate as any user on the homeserver. but also means the appservice can now authenticate as any user on the homeserver. This seems undesirable from a
security standpoint.
A third option could be to create a new endpoint that simply creates a new device for an appservice user on demand. A third option could be to create a new endpoint that simply creates a new device for an appservice user on demand.
Given the rest of the matrix eco-system does this with /login, and /login is already extensible with `type`, it would Given the rest of the matrix eco-system does this with /login, and /login is already extensible with `type`, it would

Loading…
Cancel
Save