You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
matrix-spec/proposals/2604-login-fallback-device-...

1.6 KiB

Parameters for Login Fallback

The login fallback API can be used by clients to support logins that they do not recognize. It is expected to be loaded in a web view and calls a JavaScript function (window.onLogin) when the login process is complete.

Since the login fallback page does the full login process there is no opportunity for the application to provide a device ID (to re-authenticate an expired session in the case of soft-logout) or an initial device display name (in the case of an initial login). This causes a few issues:

  • It can make it difficult for a user to manage their sessions (as additional sessions get created for each soft-logout).
  • Cross-signing information gets reset when a new device ID is returned from the login process. This results in users needing to re-validate their device.

Proposal

The login fallback page will accept query parameters for non-credential related parameters of the login endpoint. These will be forwarded by the login fallback API to the login API throughout the login process. Currently the following parameters should be accepted:

  • device_id
  • initial_device_display_name

Potential issues

There are no backwards compatibility concerns: if a client provides the query parameters to a homeserver that does not check for them than the current behavior will occur.

Security considerations

None.