pull/977/head
Andrew Morgan 5 years ago
parent 6ed0ae36ba
commit be77b5823c

@ -1,20 +1,25 @@
# Allowing 3PID Owners to Rebind # Allowing 3PID Owners to Rebind
```
3PID 3PID
noun noun
A third-party identifier such as an email address or phone number, that
A "third-party identifier" such as an email address or phone number, that
can be tied to your Matrix ID in order for your contacts outside of can be tied to your Matrix ID in order for your contacts outside of
Matrix to find you, typically with the help of an [identity Matrix to find you, typically with the help of an identity server.
server](https://matrix.org/docs/spec/identity_service/r0.2.1.html).
As part of the on-going privacy work, Matrix client applications are Identity server
attempting to make the concept of an identity server more clear to the user, noun
as well as allowing a user to interact with multiple identity servers while
they're logged in.
As part of facilitating this work, Matrix clients should be able to allow A queryable server that holds mappings between 3PIDs and Matrix IDs.
users, while logged in, the ability to pick an identity server, see what ```
3PIDs they currently have bound to their Matrix ID, and bind/unbind as they
As part of the on-going privacy work, Matrix client applications are
attempting to make the concept of an identity server clearer to the user, as
well as allowing a user to interact with multiple identity servers while
logged in. In facilitating this, Matrix clients should be able to allow
logged-in users the ability to pick an identity server, see what 3PIDs they
currently have bound to their Matrix ID, and bind/unbind addresses as they
desire. desire.
When implementating this functionality, a technicality in the spec was found When implementating this functionality, a technicality in the spec was found
@ -23,14 +28,14 @@ The line "The homeserver must check that the given email address is **not**
already associated with an account on this homeserver." appears under the already associated with an account on this homeserver." appears under the
[POST [POST
/_matrix/client/r0/account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken) /_matrix/client/r0/account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken)
line. The same goes for the [equivalent msisdn endpoint description. The same goes for the [equivalent msisdn (phone)
endpoint](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken). endpoint](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken).
If a user binds their email address, through the homeserver to identity When a user binds their 3PID through a homeserver to identity server A, the
server A, then switches to identity server B to try and do the same, the homeserver keeps a record and attaches the address to the local account.
homeserver will reject the second request as this email address has already Then, if the user switches to identity server B to try and do the same, the
been bound. This is due to the homeserver attaching the email address user's homeserver will reject the second request as this address has already been
accounts whenever a bind is performed through them. bound.
## Proposal ## Proposal
@ -38,13 +43,14 @@ This proposal calls for allowing 3PID owners to rebind their 3PIDs using the
[POST [POST
/_matrix/client/r0/account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken) and [POST /_matrix/client/r0/account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken) and [POST
/_matrix/client/r0/account/3pid/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken) /_matrix/client/r0/account/3pid/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken)
endpoints by extending the definition of what homeservers should check before rejecting a bind. endpoints by extending the definition of what homeservers should check before
rejecting a bind.
Homeservers should reject the binding of a 3PID if it already been bound, Homeservers should reject the binding of a 3PID if it already been bound,
**unless** the requesting user is the one who originally bound that 3PID. If **unless** the requesting user is the one who originally bound that 3PID. If
so, then they should be able to bind it again if they choose. so, then they should be able to bind it again and again if they so choose.
In doing so, it would allow users to bind their 3PIDs to multiple identity In doing so, users would be able to bind their 3PIDs to multiple identity
servers, even if the homeserver has already been made aware of it. servers, even if the homeserver has already been made aware of it.
## Tradeoffs ## Tradeoffs
@ -63,6 +69,10 @@ Clients should be prepared to understand that this may just mean they are
dealing with an old homeserver, versus the 3PID already being bound on this dealing with an old homeserver, versus the 3PID already being bound on this
homeserver by another user. homeserver by another user.
Homeservers will need to keep track of each identity server that an address
has been bound with, and upon user account deactivation, should attempt to
unbind all of them.
## Security considerations ## Security considerations
None. None.

Loading…
Cancel
Save