MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets #2263
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets | ||
|
|
||
| In order to better protect the privacy of a user, Matrix is wanting to shift to | ||
| a model where identity servers have less control over the affairs of the homeserver. | ||
| Identity servers are currently used to reset the passwords of users on a given homeserver | ||
| as an identity verification technique, however there is no reason why the homeserver | ||
| itself can't handle the verification. This proposal allows for a homeserver to verify | ||
| the identity of users itself, without the use of an identity server. | ||
|
|
||
| ## Proposal | ||
|
|
||
| The `id_server` parameter is to become optional on the following endpoints: | ||
|
|
||
| * `/_matrix/client/:version/account/3pid/:medium/requestToken` | ||
| * `/_matrix/client/:version/register/:medium/requestToken` | ||
| * `/_matrix/client/:version/account/password/:medium/requestToken` | ||
|
|
||
| The `id_server` parameter is additionally deprecated with intention of being removed | ||
| in a future specification release on the `/register/:medium` and `/account/password/:medium` | ||
| endpoints. Once appropriate adoption has been achieved, the specification can safely | ||
| remove the parameter as supported. The reason for this deprecation is to completely | ||
| remove the identity server's ability to be involved in password resets/registration. | ||
| Users wishing to bind their 3rd party identifiers can do so after registration, and | ||
| clients can automate this if they so desire. | ||
|
|
||
| Note that `bind_email` and `bind_msisdn` on `/register` have already been removed | ||
| by [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). | ||
|
|
||
| As per [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140), an `id_access_token` | ||
| is required only if an `id_server` is supplied. | ||
|
|
||
| Although not specified as required in the specification currently, the `id_server` | ||
| as part of User-Interactive Authentication is also optional if this proposal is accepted. | ||
| When the client requests a token without an `id_server`, it should not specify an | ||
| `id_server` in UIA. | ||
|
|
||
| Homeservers can reuse HTTP 400 `M_SERVER_NOT_TRUSTED` as an error code on the `/requestToken` | ||
| endpoints listed above if they do not trust the identity server the user is supplying. | ||
|
|
||
| In order to allow client implementations to determine if the homeserver they are developed | ||
|
There was a problem hiding this comment. This should be "... to determine if the homeserver they are using supports There was a problem hiding this comment. not really, because the flag has an expected timeline for death. Once the MSC lands in the spec, the flag is irrelevant. It's only useful to those writing implementations which are likely to ship the feature in some capacity before the spec releases it. |
||
| against supports `id_server` being optional, an unstable feature flag of `m.require_identity_server` | ||
anoadragon453 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| is to be added to `/versions`. When the flag is `true` or not present, clients must assume | ||
| that the homeserver requires an `id_server` (ie: it has not yet considered it optional). | ||
| If this proposal is accepted, clients are expected to use the supported specification versions | ||
| the homeserver advertises instead of the feature flag's presence. | ||
|
|
||
| ## Tradeoffs | ||
|
|
||
| Homeservers may have to set up MSISDN/email support to their implementations. This is believed | ||
| to be of minimal risk compared to allowing the identity server to continue being involved | ||
| with password reset/registration. | ||
|
|
||
| ## Security considerations | ||
|
|
||
| The identity server was previously involved with affairs only the homeserver cares about. | ||
| This is no longer the case. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could see this being useful if someone tries to set "http://127.0.0.1" as their
id_server.