You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
matrix-spec/proposals
Callum Brown 0c3b488805 MSC3231: Token authenticated registration (#3231)
* Proposal for token authenticated registration

Signed-off-by: Callum Brown <callum@calcuode.com>

* Hard-wrap lines

Signed-off-by: Callum Brown <callum@calcuode.com>

* Link to released version of spec

Signed-off-by: Callum Brown <callum@calcuode.com>

* Fix unstable prefix wording

Signed-off-by: Callum Brown <callum@calcuode.com>

* Tokens should only be invalidated after registration

Signed-off-by: Callum Brown <callum@calcuode.com>

* Change auth type to m.login.registration_token

This is consistent with the other UIAA auth types, and does not suggest
that other `m.login.*` types cannot be used for registration.

Signed-off-by: Callum Brown <callum@calcuode.com>

* Add proposal for checking the validity of a token

Signed-off-by: Callum Brown <callum@calcuode.com>

* Fix validity checking endpoint

Signed-off-by: Callum Brown <callum@calcuode.com>

* Limit allowed characters and length of token

This allows tokens to be used easily in query parameters

Signed-off-by: Callum Brown <callum@calcuode.com>

* Give reason for limiting token length and chars

Signed-off-by: Callum Brown <callum@calcuode.com>

* Note all stages must be complete for registration

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Fix mistake in MSC number

Signed-off-by: Callum Brown <callum@calcuode.com>

* Validity checking should be rate limited

Signed-off-by: Callum Brown <callum@calcuode.com>

* Change v1 to r0

Signed-off-by: Callum Brown <callum@calcuode.com>

* Include `.` and `~` in allowed characters for registration tokens

For consistency with the unreserved URL characters in RFC3986

https://www.ietf.org/rfc/rfc3986.html#section-2.3

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
3 years ago
..
images notes on and alternatives 4 years ago
0000-proposal-template.md Put the MSC number in the proposal template (#2622) 5 years ago
1219-storing-megolm-keys-serverside.md Update proposals/1219-storing-megolm-keys-serverside.md 5 years ago
1442-state-resolution.md Fix typo 6 years ago
1466-soft-logout.md MSC 1466 - Soft Logout (#1467) 6 years ago
1501-room-version-upgrades.md Add room version upgrades 6 years ago
1501-split-dag.png proposal for room version upgrades 6 years ago
1543-qr_code_key_verification.md Update proposals/1543-qr_code_key_verification.md 4 years ago
1659-event-id-as-hashes.md MSC 1659 Proposal: Change Event IDs to Hashes (#1659) 6 years ago
1704-matrix.to-permalinks.md Update original MSC as per proposal guidelines 6 years ago
1708-well-known-for-federation.md Clarifications and alter the error handling of .well-known 6 years ago
1711-x509-for-federation.md remove lying footnote 6 years ago
1717-key_verification.md add clarification 6 years ago
1719-olm_unwedging.md add some clarifications 6 years ago
1721-rename-cas-to-sso.md no need to rename ticket endpoint 6 years ago
1730-cs-api-in-login-response.md Add suggestion of returning a 401 for non-/login requests 6 years ago
1753-capabilities.md Specify how capabilities work in the c2s API 6 years ago
1756-cross-signing.md clarifications to cross-signing MSC 4 years ago
1759-rooms-v2.md Room v2 proposal 6 years ago
1772-groups-as-rooms.md Change space's valid `order` range to 0x7E 3 years ago
1779-open-governance.md Update MSC1779 to forward link to matrix.org/foundation 5 years ago
1794-federation-v2-invites.md Update proposals/1794-federation-v2-invites.md 6 years ago
1802-standardised-federation-response-format.md Merge branch 'babolivier/standardised-federation-response-format' of github.com:matrix-org/matrix-doc into babolivier/standardised-federation-response-format 5 years ago
1804-advertising-capable-room-versions.md Say that !stable == unstable 6 years ago
1812-federation-make-membership.md Proposal for add room_version to make_* fed APIs 6 years ago
1819-remove-presence-lists.md hard wrap to 80 chars 6 years ago
1831-srv-after-wellknown.md Merge remote-tracking branch 'origin/travis/msc/wk-before-srv' into travis/msc/wk-before-srv 6 years ago
1866-invite-unsupported-version-error-code.md Add proposal for invite error code 6 years ago
1884-replace-slashes-in-event_ids.md incorporate further feedback 6 years ago
1915-unbind-identity-server-param.md Spec 3PID unbind API 6 years ago
1930-tombstone-notifications.md Check for a state_key on the tombstone push rule 5 years ago
1946-secure_server-side_storage.md Merge pull request #2472 from uhoreg/symmetric_ssss 5 years ago
1954-remove-prev_event-from-essential-keys-list.md typos 6 years ago
1957-integrations-discovery.md Clarify that the query string is because they are widgets 5 years ago
1960-integrations-openid.md Reword following widget spec 4 years ago
1961-integrations-auth.md Disclose origin story 5 years ago
1983-leave-reasons.md Rename 0000-leave-reasons.md to 1983-leave-reasons.md 6 years ago
2002-rooms-v4.md MSC2002: Proposal for adopting MSC1884 as v4 rooms (#2002) 6 years ago
2010-spoilers.md Proposal to clarify spoilers 5 years ago
2033-whoami-device-id.md Revert "Revert "MSC2033: Adding a device_id to /account/whoami"" 4 years ago
2076-enforce-validity-periods.md MSC2076: Enforce key-validity periods when validating event signatures 6 years ago
2077-rooms-v5.md clarifications 6 years ago
2078-homeserver-password-resets.md be super explicit 6 years ago
2134-identity-hash-lookup.md Make hashes real values 5 years ago
2140-terms-of-service-2.md Spec client-server IS unbind API 5 years ago
2174-move-redacts-key.md Add some compatibility hacks. 5 years ago
2175-remove-creator-field.md MSC2175: Remove the `creator` field from `m.room.create` events (#2175) 5 years ago
2176-update-redaction-rules.md clarification 5 years ago
2181-user-deactivated-errcode.md MSC2181: Add an Error Code for Signaling a Deactivated User (#2181) 5 years ago
2184-allow-html-details.md Allow the use of the HTML <details> tag 5 years ago
2197-search_filter_in_federation_publicrooms.md Address @richvdh's comments 5 years ago
2209-auth-rules-other-keys-in-m.room.power.levels.md 3rd draft of MSC2209 5 years ago
2229-rebind-existing-3pid.md Update proposals/2229-rebind-existing-3pid.md 5 years ago
2230-identity-server-account-data.md Update migration mechanism 5 years ago
2240-rooms-v6.md Fix MSC reference 5 years ago
2241-e2e-verification-in-dms.md decouple from MSC1849/MSC2674 4 years ago
2244-mass-redactions.md Add section about backwards compatibility 5 years ago
2263-homeserver-pw-resets.md Let's not doubly remove things 5 years ago
2265-email-lowercase.md iterate 3 years ago
2284-optional-identity-server-discovery.md Add explanation 5 years ago
2290-separate-threepid-bind-hs.md Don't remove id_server and id_access_token 5 years ago
2312-matrix-uri.md Fix a left-over spotted in the last moment 4 years ago
2313-moderation-policy-rooms.md m.policy.rule won the debate 5 years ago
2320-identity-versions.md Remove reference to second endpoint 5 years ago
2324-when-to-ship.md MSC2324: Facilitating early releases of software dependent on spec (#2324) 5 years ago
2334-default-room-version-v5.md Wrap lines 5 years ago
2366-key-verification-accept.md more clarifications 5 years ago
2367-membership-reasons.md Add note about using PUT /state/m.room.member/ 5 years ago
2399-reporting-no-key-sent.md clarification 5 years ago
2403-knock.md Use the same domain for room ID and avatar URL. 3 years ago
2414-optional-content-reporting-reason.md Use endpoint instead of API 4 years ago
2422-allow-color-attribute-on-font-tag.md Update proposals/2422-allow-color-attribute-on-font-tag.md 5 years ago
2432-revised-alias-publishing.md clarifications 5 years ago
2451-remove-query_auth-federation-endpoint.md Update and expand the proposal based on feedback and additional info. 5 years ago
2454-ui-interactive-auth-for-sso.md 2454-ui-interactive-auth-for-sso.md: markup fix 5 years ago
2457-password-modification-invalidating-devices.md Fix incorrect statement about the current spec's guidance. 5 years ago
2472-symmetric-ssss.md add information to check the key 5 years ago
2526-add-delete-backup.md document error codes and remove a statement that isn't true 5 years ago
2540-stricter-event-validation.md Give more guidance on how invalid events should be handled. 5 years ago
2557-spoiler-clarifications.md Spell words correctly 5 years ago
2582-remove-mimetype-from-encrypted-file.md MSC2582: Remove mimetype from EncryptedFile object (#2582) 3 years ago
2604-login-fallback-device-info.md Add proposal for accepting query parameters to the login fallback endpoint. (#2604) 4 years ago
2610-remove-oauth2-auth-type.md Apply suggestions from code review 5 years ago
2611-remove-login-auth-type.md Proposal to remove `m.login.token` ui auth type 5 years ago
2630-sas-check-public-keys.md FluffyChat doesn't include any verification yet 5 years ago
2663-errors-nonexistent-push-rules.md inexistent may or may not be a non-existent word 4 years ago
2689-fix-e2ee-for-guests.md Update proposals/2689-fix-e2ee-for-guests.md 4 years ago
2713-remove-deprecated-identity-endpoints.md assign number 4 years ago
2732-olm-fallback-keys.md Apply suggestions from code review 4 years ago
2758-textual-id-grammar.md Update 2758-textual-id-grammar.md 4 years ago
2765-widget-avatars.md Update proposals/2765-widget-avatars.md 4 years ago
2774-widget-id.md spelling 4 years ago
2778-appservice-login.md Remove what appears to be leftover notes 3 years ago
2788-v6-default-version.md Fix number 4 years ago
2801-untrusted-event-data.md Update proposals/2801-untrusted-event-data.md 4 years ago
2844-global-versioning.md Make deprecation industry standard 4 years ago
2858-Multiple-SSO-Identity-Providers.md update UIA 4 years ago
2874-single-ssss.md add example 4 years ago
2998-rooms-v7.md Clarify prose 4 years ago
3083-restricted-rooms.md Add note about redacting the allow key. 3 years ago
3122-deprecate-starting-verifications-without-request.md add link to relevant spec 3 years ago
3173-expose-stripped-state-events.md Remove unstable prefixes. 3 years ago
3231-token-authenticated-registration.md MSC3231: Token authenticated registration (#3231) 3 years ago
3289-rooms-v8.md Revert "Update redaction rules." 3 years ago
3375-room-v9.md MSC3375: Room version 9. (#3375) 3 years ago