Merge pull request #272 from matrix-org/daniel/multikeys

m.third_party_invite: Allow multiple public keys
8 years ago · 5cedfc13e2
parent b9896bac71 ea170e5dca
commit 5cedfc13e2
2 changed files with 31 additions and 9 deletions
--- a/event-schemas/examples/m.room.third_party_invite
+++ b/event-schemas/examples/m.room.third_party_invite
@ -3,7 +3,11 @@
  "content": {
    "display_name": "Alice Margatroid",
    "key_validity_url": "https://magic.forest/verifykey",
-    "public_key": "abc123"
+    "public_key": "abc123",
+    "public_keys": [{
+      "public_key": "def456",
+      "key_validity_url": "https://magic.forest/verifykey"
+    }]
  },
  "state_key": "pc98",
  "origin_server_ts": 1431961217939,
--- a/event-schemas/schema/m.room.third_party_invite
+++ b/event-schemas/schema/m.room.third_party_invite
@ -14,14 +14,32 @@
                    "type": "string",
                    "description": "A user-readable string which represents the user who has been invited. This should not contain the user's third party ID, as otherwise when the invite is accepted it would leak the association between the matrix ID and the third party ID."
                },
-        "key_validity_url": {
-            "type": "string",
-            "description": "A URL which can be fetched, with querystring public_key=public_key, to validate whether the key has been revoked. The URL must return a JSON object containing a boolean property named 'valid'."
-        },
-        "public_key": {
-            "type": "string",
-            "description": "A base64-encoded ed25519 key with which token must be signed."
-        }
+                "key_validity_url": {
+                    "type": "string",
+                    "description": "A URL which can be fetched, with querystring public_key=public_key, to validate whether the key has been revoked. The URL must return a JSON object containing a boolean property named 'valid'."
+                },
+                "public_key": {
+                    "type": "string",
+                    "description": "A base64-encoded ed25519 key with which token must be signed (though a signature from any entry in public_keys is also sufficient). This exists for backwards compatibility."
+                },
+                "public_keys": {
+                    "type": "array",
+                    "description": "Keys with which the token may be signed.",
+                    "items": {
+                        "type": "object",
+                        "properties": {
+                            "public_key": {
+                                "type": "string",
+                                "description": "A base-64 encoded ed25519 key with which token may be signed."
+                            },
+                            "key_validity_url": {
+                                "type": "string",
+                                "description": "An optional URL which can be fetched, with querystring public_key=public_key, to validate whether the key has been revoked. The URL must return a JSON object containing a boolean property named 'valid'. If this URL is absent, the key must be considered valid indefinitely."
+                            },
+                        },
+                        "required": ["public_key"]
+                    }
+                }
            },
            "required": ["display_name", "key_validity_url", "public_key"]
        },