Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC4190: Device management for application services #4190

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

MSC4190: Device management for application services #4190

wants to merge 6 commits into from
+93 −0

Conversation

sandhose
Copy link
Member

@sandhose sandhose commented Sep 12, 2024
edited by tulir
Loading

Rendered

Homeserver implementations:

Appservice implementations:

In line with matrix-org/matrix-spec#1700, the following disclosure applies:

I am a Software Engineer at Element. This proposal was written and published as an Element employee.

SCT stuff:

checklist

FCP tickyboxes

@sandhose sandhose changed the title Device management for application services MSC4190: Device management for application services Sep 12, 2024
@sandhose sandhose marked this pull request as ready for review September 12, 2024 13:17
@turt2live turt2live added proposal A matrix spec change proposal application services kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Sep 12, 2024
This was referenced Sep 13, 2024
Draft
Merged
This was referenced Sep 20, 2024
Closed
Open
@MTRNord MTRNord mentioned this pull request Sep 28, 2024
Open
@spantaleev spantaleev mentioned this pull request Oct 22, 2024
Closed
@tulir tulir added implementation-needs-checking The MSC has an implementation, but the SCT has not yet checked it. and removed needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Nov 13, 2024
anoadragon453
anoadragon453 reviewed Dec 2, 2024
View reviewed changes
Copy link
Member

@anoadragon453 anoadragon453 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall lgtm, just a couple sticking points.

yingziwu added a commit to yingziwu/synapse that referenced this pull request Dec 20, 2024
@yingziwu
Merge tag 'v1.121.0' into develop
3ca171d 
This release contains the security fixes from [v1.120.2](https://github.com/element-hq/synapse/releases/tag/v1.120.2).

- Fix release process to not create duplicate releases. ([\#18025](element-hq/synapse#18025))

- Support for [MSC4190](matrix-org/matrix-spec-proposals#4190): device management for Application Services. ([\#17705](element-hq/synapse#17705))
- Update [MSC4186](matrix-org/matrix-spec-proposals#4186) Sliding Sync to include invite, ban, kick, targets when `$LAZY`-loading room members. ([\#17947](element-hq/synapse#17947))
- Use stable `M_USER_LOCKED` error code for locked accounts, as per [Matrix 1.12](https://spec.matrix.org/v1.12/client-server-api/#account-locking). ([\#17965](element-hq/synapse#17965))
- [MSC4076](matrix-org/matrix-spec-proposals#4076): Add `disable_badge_count` to pusher configuration. ([\#17975](element-hq/synapse#17975))

- Fix long-standing bug where read receipts could get overly delayed being sent over federation. ([\#17933](element-hq/synapse#17933))

- Add OIDC example configuration for Forgejo (fork of Gitea). ([\#17872](element-hq/synapse#17872))
- Link to element-docker-demo from contrib/docker*. ([\#17953](element-hq/synapse#17953))

- [MSC4108](matrix-org/matrix-spec-proposals#4108): Add a `Content-Type` header on the `PUT` response to work around a faulty behavior in some caching reverse proxies. ([\#17253](element-hq/synapse#17253))
- Fix incorrect comment in new schema delta. ([\#17936](element-hq/synapse#17936))
- Raise setuptools_rust version cap to 1.10.2. ([\#17944](element-hq/synapse#17944))
- Enable encrypted appservice related experimental features in the complement docker image. ([\#17945](element-hq/synapse#17945))
- Return whether the user is suspended when querying the user account in the Admin API. ([\#17952](element-hq/synapse#17952))
- Fix new scheduled tasks jumping the queue. ([\#17962](element-hq/synapse#17962))
- Bump pyo3 and dependencies to v0.23.2. ([\#17966](element-hq/synapse#17966))
- Update setuptools-rust and fix building abi3 wheels in latest version. ([\#17969](element-hq/synapse#17969))
- Consolidate SSO redirects through `/_matrix/client/v3/login/sso/redirect(/{idpId})`. ([\#17972](element-hq/synapse#17972))
- Fix Docker and Complement config to be able to use `public_baseurl`. ([\#17986](element-hq/synapse#17986))
- Fix building wheels for MacOS which was temporarily disabled in Synapse 1.120.2. ([\#17993](element-hq/synapse#17993))
- Fix release process to not create duplicate releases. ([\#17970](element-hq/synapse#17970), [\#17995](element-hq/synapse#17995))

* Bump bytes from 1.8.0 to 1.9.0. ([\#17982](element-hq/synapse#17982))
* Bump pysaml2 from 7.3.1 to 7.5.0. ([\#17978](element-hq/synapse#17978))
* Bump serde_json from 1.0.132 to 1.0.133. ([\#17939](element-hq/synapse#17939))
* Bump tomli from 2.0.2 to 2.1.0. ([\#17959](element-hq/synapse#17959))
* Bump tomli from 2.1.0 to 2.2.1. ([\#17979](element-hq/synapse#17979))
* Bump tornado from 6.4.1 to 6.4.2. ([\#17955](element-hq/synapse#17955))
@TheOneWithTheBraid TheOneWithTheBraid mentioned this pull request Feb 10, 2025
Open
14 tasks
@tulir tulir removed the implementation-needs-checking The MSC has an implementation, but the SCT has not yet checked it. label Mar 13, 2025
@samip5 samip5 mentioned this pull request Mar 24, 2025
Closed
@tulir
Copy link
Member

tulir commented Apr 2, 2025
edited
Loading

MSCs proposed for Final Comment Period (FCP) should meet the requirements outlined in the checklist prior to being accepted into the spec. This checklist is a bit long, but aims to reduce the number of follow-on MSCs after a feature lands.

SCT members: please check off things you check for, and raise a concern against FCP if the checklist is incomplete. If an item doesn't apply, prefer to check it rather than remove it. Unchecking items is encouraged where applicable.

Checklist:

  • Are appropriate implementation(s)
    specified in the MSC’s PR description?
  • Are all MSCs that this MSC depends on already accepted?
  • For each new endpoint that is introduced:
    • Have authentication requirements been specified?
    • Have rate-limiting requirements been specified?
    • Have guest access requirements been specified?
    • Are error responses specified?
      • Does each error case have a specified errcode (e.g. M_FORBIDDEN) and HTTP status code?
        • If a new errcode is introduced, is it clear that it is new?
  • Will the MSC require a new room version, and if so, has that been made clear?
    • Is the reason for a new room version clearly stated? For example,
      modifying the set of redacted fields changes how event IDs are calculated,
      thus requiring a new room version.
  • Are backwards-compatibility concerns appropriately addressed?
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this?
    • Will the endpoint return unbounded data? If so, has pagination been considered?
    • If the endpoint utilises pagination, is it consistent with
      the appendices?
  • An introduction exists and clearly outlines the problem being solved.
    Ideally, the first paragraph should be understandable by a non-technical audience.
  • All outstanding threads are resolved
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative
  • While the exact sections do not need to be present,
    the details implied by the proposal template are covered. Namely:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section
    • Unstable prefixes consider the awkward accepted-but-not-merged state
    • Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
  • Changes have applicable Sign Off from all authors/editors/contributors
  • There is a dedicated "Security Considerations" section which detail
    any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.".
    See RFC3552 for things to think about,
    but in particular pay attention to the OWASP Top Ten.

@tulir
Copy link
Member

tulir commented Apr 2, 2025

This is implemented in Synapse and most mautrix bridges. It'd be nice if it was in the same spec release as the rest of next-gen auth

@mscbot fcp merge

@mscbot
Copy link
Collaborator

mscbot commented Apr 2, 2025
edited by turt2live
Loading

Team member @mscbot has proposed to merge this. The next step is review by the rest of the tagged people:

Concerns:

  • checklist not complete
  • Breaking change on register endpoint

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

@mscbot mscbot added proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. disposition-merge labels Apr 2, 2025
@tulir
Copy link
Member

tulir commented Apr 2, 2025

@mscbot concern checklist not complete

@mscbot mscbot added the unresolved-concerns This proposal has at least one outstanding concern label Apr 2, 2025
@turt2live turt2live self-requested a review April 2, 2025 16:29
@github-project-automation github-project-automation bot moved this to Needs idea feedback / initial review in Spec Core Team Backlog Apr 2, 2025
@turt2live turt2live moved this from Needs idea feedback / initial review to Ready for FCP ticks in Spec Core Team Backlog Apr 2, 2025
@tulir
Copy link
Member

tulir commented Apr 5, 2025

@mscbot resolve checklist not complete

@mscbot mscbot removed the unresolved-concerns This proposal has at least one outstanding concern label Apr 5, 2025
turt2live
turt2live requested changes Apr 5, 2025
View reviewed changes
proposals/4190-as-device-management.md Outdated
Comment on lines 60 to 63
The change to `/v3/register` is technically backwards-incompatible. However,
most application services likely ignore the returned access token, and next-gen
auth will break the token generation anyway. It's better to stop returning a
token than break the endpoint entirely by returning an error.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An error would be preferred, as appservices which rely on the token will subtly break rather than a clear an obvious signal.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to return an error with a new M_APPSERVICE_LOGIN_UNSUPPORTED errcode. It could also do M_MISSING_PARAM since technically the error is "missing ?inhibit_login=true", but probably better to have a new explicit error code.

@turt2live
Copy link
Member

@mscbot concern Breaking change on register endpoint

@mscbot mscbot added the unresolved-concerns This proposal has at least one outstanding concern label Apr 5, 2025
@tulir tulir requested a review from turt2live April 8, 2025 10:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anoadragon453 anoadragon453 anoadragon453 left review comments

@tulir tulir tulir left review comments

@onestacked onestacked onestacked left review comments

@girlbossceo girlbossceo girlbossceo left review comments

@turt2live turt2live Awaiting requested review from turt2live

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
application services disposition-merge kind:core MSC which is critical to the protocol's success proposal A matrix spec change proposal proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. unresolved-concerns This proposal has at least one outstanding concern
Projects
Spec Core Team Backlog
Status: Ready for FCP ticks
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@sandhose @tulir @mscbot @turt2live @anoadragon453 @onestacked @girlbossceo