archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.12
dbkr/msc4178
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e32d9a9af3'
${ noResults }
matrix-spec/proposals/2263-homeserver-pw-resets.md

3.0 KiB
Raw Blame History

MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets

In order to better protect the privacy of a user, Matrix is wanting to shift to a model where identity servers have less control over the affairs of the homeserver. Identity servers are currently used to reset the passwords of users on a given homeserver as an identity verification technique, however there is no reason why the homeserver itself can't handle the verification. This proposal allows for a homeserver to verify the identity of users itself, without the use of an identity server.

Proposal

The id_server parameter is to become optional on the following endpoints:

  • /_matrix/client/:version/account/3pid/:medium/requestToken
  • /_matrix/client/:version/register/:medium/requestToken
  • /_matrix/client/:version/account/password/:medium/requestToken

The id_server parameter is additionally deprecated with intention of being removed in a future specification release on the /register/:medium and /account/password/:medium endpoints. Once appropriate adoption has been achieved, the specification can safely remove the parameter as supported. The reason for this deprecation is to completely remove the identity server's ability to be involved in password resets/registration. Users wishing to bind their 3rd party identifiers can do so after registration, and clients can automate this if they so desire.

Note that bind_email and bind_msisdn on /register have already been removed by MSC2140.

As per MSC2140, an id_access_token is required only if an id_server is supplied.

Although not specified as required in the specification currently, the id_server as part of User-Interactive Authentication is also optional if this proposal is accepted. When the client requests a token without an id_server, it should not specify an id_server in UIA.

Homeservers can reuse HTTP 400 M_SERVER_NOT_TRUSTED as an error code on the /requestToken endpoints listed above if they do not trust the identity server the user is supplying.

In order to allow client implementations to determine if the homeserver they are developed against supports id_server being optional, an unstable feature flag of m.require_identity_server is to be added to /versions. When the flag is true or not present, clients must assume that the homeserver requires an id_server (ie: it has not yet considered it optional). If this proposal is accepted, clients are expected to use the supported specification versions the homeserver advertises instead of the feature flag's presence.

Tradeoffs

Homeservers may have to set up MSISDN/email support to their implementations. This is believed to be of minimal risk compared to allowing the identity server to continue being involved with password reset/registration.

Security considerations

The identity server was previously involved with affairs only the homeserver cares about. This is no longer the case.