dbkr/msc4178
main
release/v1.12
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
${ noResults }
1 Commits (783624d2cd11a90c5ea76c36d165a078a957dc0f)
Author | SHA1 | Message | Date |
---|---|---|---|
Quentin Gliech | 84ccbeacca |
MSC2918: Refresh tokens (#2918)
* Refresh tokens MSC * MSC2918: minor changes * MSC2918: access token expiration as milliseconds * MSC2918: account registration API changes * MSC2918: fix `expires_in_ms` example * MSC2918: add precision about token revocation * MSC2918: specify error codes for the refresh API * MSC2918: clarify that the change also applies to ASes * Apply suggestions from code review Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * MSC2918: clarify what problem this MSC solves * MSC2918: minor formatting and rephrasing * MSC2918: clarify ratelimiting, masquerading and authentication on refresh token API * MSC2918: make expires_in_ms/refresh_token optional * MSC2918: soft logout in refresh token API * MSC2918: add detailed rationale While not exhaustive, it outlines a few attack vectors this MSC tries to mitigate. * MSC2918: minor fix Co-authored-by: Hubert Chathi <hubert@uhoreg.ca> * MSC2918: clarifications on backward compatibility * MSC2918: advertise support in the request body * MSC2918: clarify on what happen when token expire * MSC2918: remove redundant precision about token expiration and lifetime Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * MSC2918: minor clarification * MSC2918: soft logout when using expired token Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Co-authored-by: Hubert Chathi <hubert@uhoreg.ca> |
3 years ago |