archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.12
dbkr/msc4178
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9ca94235c6'
${ noResults }
matrix-spec/proposals/2604-login-fallback-device-...

40 lines
1.6 KiB
Markdown
Raw Blame History

# Parameters for Login Fallback
The [login fallback](https://matrix.org/docs/spec/client_server/r0.6.1#login-fallback)
API can be used by clients to support logins that they do not recognize. It is
expected to be loaded in a web view and calls a JavaScript function
(`window.onLogin`) when the login process is complete.
Since the login fallback page does the full login process there is no
opportunity for the application to provide a device ID (to re-authenticate
an expired session in the [case of soft-logout](https://matrix.org/docs/spec/client_server/r0.6.1#soft-logout))
or an [initial device display name](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-login)
(in the case of an initial login). This causes a few issues:
* It can make it difficult for a user to manage their sessions (as additional
sessions get created for each soft-logout).
* Cross-signing information gets reset when a new device ID is returned from the
login process. This results in users needing to re-validate their device.
## Proposal
The login fallback page will accept query parameters for non-credential related
parameters of the login endpoint. These will be forwarded by the login fallback
API to the login API throughout the login process. Currently the following
parameters should be accepted:
* `device_id`
* `initial_device_display_name`
## Potential issues
There are no backwards compatibility concerns: if a client provides the query
parameters to a homeserver that does not check for them than the current
behavior will occur.
## Security considerations
None.
Reference in New Issue View Git Blame Copy Permalink