- do not use the term 'cross-signing keys' anymore: Previously, the term
'cross-signing keys' was used to refer to the master, user-signing and
self-signing keys. This is not ideal since the master key is used for
cross-signing but may also be used to sign the backup key, for example.
In these contexts, the master key is not used for cross-signing.
The term 'cross-signing keys' has therefor been replaced by 'keys used
for cross-signing' or, more explicitely, by 'master, user-signing and
self-signing key'.
- the naming of the master key has been harmonised (no more 'master
cross-signing key' or 'master signing keys'). Also the abbr. 'MSK' has been
replaced by 'MK'.
- in the QR code example, the term 'cross-signing key' has been replaced
by 'master key' since in mode 0x00, the current user's own master key and
what the device thinks the other user's master key is used.
- it has been made more explicit that private keys used for cross-signing can
be stored on the server are stored as described in the secrets module (as
opposed to store them in unencrypted form)
Signed-off-by: codedust <codedust@so.urceco.de>
* Clarify that SSO login applies to the legacy authentication API
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Do not point to specific authentication API for obtaining access token
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add warnings about incompatibility with OAuth 2.0 to endpoints that use UIA
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add changelog
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add note about API standards not applying to OAuth 2.0
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Apply suggestions from code review
---------
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Co-authored-by: Travis Ralston <travpc@gmail.com>
I tried to summarize MSC3861, and add sections to be able to find quickly how to do something with either API.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Since account locking and suspension are authentication API agnostic,
this is a pre-requisite to adding the new OAuth 2.0-based API.
This also splits the endpoints that where all included in the
registration OpenAPI data, to separate them cleanly in the spec, and
avoid having deactivation show before registration.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Kim Brose <2803622+HarHarLinks@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* MSC4260: Reporting users (Client-Server API)
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
* Add changelog
* Update data/api/client-server/report_content.yaml
Co-authored-by: Kévin Commaille <76261501+zecakeh@users.noreply.github.com>
* Move option to consistently respond with 200 to user reporting endpoint
* Move optional random delay to event and user reporting endpoints
* Make reason required for user and room reports
* Fix requiredness syntax
---------
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
Co-authored-by: Kévin Commaille <76261501+zecakeh@users.noreply.github.com>
* Specify account suspension
* changelog
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add some links
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add error codes from MSC4178
* changelog
* Put changelog in the right place
* Move newsfile
* Add the codes to the right endpoint
* Also add M_THREEPID_IN_USE
which was always used and is specified in the IS API, but not in the
C/S API. We decided this was well-specced enough that it didn't need
its own MSC.
* Use json instead of json5 for syntax highlighting
Chroma, the library used for syntax highlighting in Hugo, does not support JSON5 so those code blocks were not highlighted.
However it supports comments in JSON so they are highlighted correctly in the rendered spec.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
* Add changelog
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
---------
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
The first commit allows to lazy-load the diagrams, which should improve the loading time of the CS API on mobile. In the process it also improves the alt text of the images.
The second commit serves the diagrams as high-resolution WebPs. Encoding a high resolution diagram as WebP gives a file of approximately the same size as the lower resolution PNG. For maximum compatibility we also serve them as a lower resolution WebP and a fallback PNG. WebP was chosen because it is one of the export formats of draw.io/diagrams.net, and it is widely available in modern browsers.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
The `<>` delimiters are not necessary for the shortcode to be rendered inline, and in some cases they break some expectations: a shortcode that is separated from other text to be in its own paragraph is not actually wrapped by a `p` element, breaking the spacing between paragraphs.
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
codedust