archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,177 Commits
23 Branches
37 Tags
18 MiB
main
release/v1.12
dbkr/msc4178
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf73fb97bc'
${ noResults }
Commit Graph

1 Commits (cf73fb97bcad584cd96c349cea787119f9f112a7)

Author SHA1 Message Date
Quentin Gliech 84ccbeacca MSC2918: Refresh tokens (#2918) 
* Refresh tokens MSC

* MSC2918: minor changes

* MSC2918: access token expiration as milliseconds

* MSC2918: account registration API changes

* MSC2918: fix `expires_in_ms` example

* MSC2918: add precision about token revocation

* MSC2918: specify error codes for the refresh API

* MSC2918: clarify that the change also applies to ASes

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* MSC2918: clarify what problem this MSC solves

* MSC2918: minor formatting and rephrasing

* MSC2918: clarify ratelimiting, masquerading and authentication on refresh token API

* MSC2918: make expires_in_ms/refresh_token optional

* MSC2918: soft logout in refresh token API

* MSC2918: add detailed rationale

While not exhaustive, it outlines a few attack vectors this MSC tries to
mitigate.

* MSC2918: minor fix

Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>

* MSC2918: clarifications on backward compatibility

* MSC2918: advertise support in the request body

* MSC2918: clarify on what happen when token expire

* MSC2918: remove redundant precision about token expiration and lifetime

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* MSC2918: minor clarification

* MSC2918: soft logout when using expired token

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
 3 years ago