MSC4170: 403 error responses for profile APIs

[Johennes]

Rendered

Relates to matrix-org/matrix-spec#1867

---

In line with matrix-org/matrix-spec#1700, the following disclosure applies:

I am a Systems Architect at gematik, Software Engineer at Unomed, Matrix community member and former Element employee. This proposal was written and published with my gematik hat on.

---

FCP tickyboxes

[richvdh]

I think this would fix matrix-org/matrix-spec#168? @Johennes: might be good to mention that in the proposal text.

[richvdh]

Other than the editorial nits mentioned, this lgtm.

@mscbot fcp merge

[mscbot]

Team member @richvdh has proposed to merge this. The next step is review by the rest of the tagged people:

• @clokep
• @dbkr
• @uhoreg
• @turt2live
• @ara4n
• @anoadragon453
• @richvdh
• @tulir
• @erikjohnston
• @KitsuneRal

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

[turt2live]

overall the concept looks great - just a few small details to clarify before this is set for FCP imo.

[Johennes]

I think this would fix matrix-org/matrix-spec#168? @Johennes: might be good to mention that in the proposal text.

@richvdh I think this issue has actually already been addressed through MSC3550. Have commented on the issue.

[thoraj]

We're building a multitenant solution based on matrix (homeserver is Synapse).

An important part of this is delegating user_directory/search to our own backend to enforce user discoverability.

If a user is discoverable (according to rules enforced in our custom user_directory) it must also be possible to invite the user to a room.

Currently Element require a profile lookup to be able to do so. The solution is to allow profile lookups WITHOUT requiring users to share a room (using the synapse setting mentioned above).

AFAIK nothing in the spec mandates such a flag, but IMO the spec shoul make a mention that HS implementation MAY (or SHOULD) allow opting into profile lookup (non 403/404 responses) even if a user is not in a public or shared room.

Unrelated to this specific MSC, but the spec should perhaps also spell out the requirements to be allowed to invite someone into a room?

[Johennes]

Thanks for the feedback from an actual use case! 🙏

Currently Element require a profile lookup to be able to do so. The solution is to allow profile lookups WITHOUT requiring users to share a room (using the synapse setting mentioned above).

AFAIK nothing in the spec mandates such a flag, but IMO the spec shoul make a mention that HS implementation MAY (or SHOULD) allow opting into profile lookup (non 403/404 responses) even if a user is not in a public or shared room.

Leaving servers the freedom to allow profile look-ups in more, possibly even all cases was definitely the intention of this proposal. It's implicitly captured in this paragraph. The room membership conditions are only a "minimum" requirement and servers "MAY" (not MUST) deny profile queries if these conditions are unmet.

Whether it's worth spelling this out further is probably a discussion for the matrix-spec pull request¹ that follows if and when this proposal is accepted.

Unrelated to this specific MSC, but the spec should perhaps also spell out the requirements to be allowed to invite someone into a room?

Interesting question. This is probably best covered in an issue on https://github.com/matrix-org/matrix-spec.

Footnotes

1. I'll probably just revive https://github.com/matrix-org/matrix-spec/pull/1867 ↩