* Proposal for token authenticated registration
Signed-off-by: Callum Brown <callum@calcuode.com>
* Hard-wrap lines
Signed-off-by: Callum Brown <callum@calcuode.com>
* Link to released version of spec
Signed-off-by: Callum Brown <callum@calcuode.com>
* Fix unstable prefix wording
Signed-off-by: Callum Brown <callum@calcuode.com>
* Tokens should only be invalidated after registration
Signed-off-by: Callum Brown <callum@calcuode.com>
* Change auth type to m.login.registration_token
This is consistent with the other UIAA auth types, and does not suggest
that other `m.login.*` types cannot be used for registration.
Signed-off-by: Callum Brown <callum@calcuode.com>
* Add proposal for checking the validity of a token
Signed-off-by: Callum Brown <callum@calcuode.com>
* Fix validity checking endpoint
Signed-off-by: Callum Brown <callum@calcuode.com>
* Limit allowed characters and length of token
This allows tokens to be used easily in query parameters
Signed-off-by: Callum Brown <callum@calcuode.com>
* Give reason for limiting token length and chars
Signed-off-by: Callum Brown <callum@calcuode.com>
* Note all stages must be complete for registration
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Fix mistake in MSC number
Signed-off-by: Callum Brown <callum@calcuode.com>
* Validity checking should be rate limited
Signed-off-by: Callum Brown <callum@calcuode.com>
* Change v1 to r0
Signed-off-by: Callum Brown <callum@calcuode.com>
* Include `.` and `~` in allowed characters for registration tokens
For consistency with the unreserved URL characters in RFC3986
https://www.ietf.org/rfc/rfc3986.html#section-2.3
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Callum Brown