Add proposal for accepting query parameters to the login fallback endpoint. (#2604)

clokep · web-flow · commit 782aed738340 · 2020-06-28T17:00:32.000+01:00
diff --git a/proposals/2604-login-fallback-device-info.md b/proposals/2604-login-fallback-device-info.md
@@ -0,0 +1,39 @@
+# Parameters for Login Fallback
+
+The [login fallback](https://matrix.org/docs/spec/client_server/r0.6.1#login-fallback)
+API can be used by clients to support logins that they do not recognize. It is
+expected to be loaded in a web view and calls a JavaScript function
+(`window.onLogin`) when the login process is complete.
+
+Since the login fallback page does the full login process there is no 
+opportunity for the application to provide a device ID (to re-authenticate
+an expired session in the [case of soft-logout](https://matrix.org/docs/spec/client_server/r0.6.1#soft-logout))
+or an [initial device display name](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-login)
+(in the case of an initial login). This causes a few issues:
+
+* It can make it difficult for a user to manage their sessions (as additional
+  sessions get created for each soft-logout).
+* Cross-signing information gets reset when a new device ID is returned from the
+  login process. This results in users needing to re-validate their device. 
+
+## Proposal
+
+The login fallback page will accept query parameters for non-credential related
+parameters of the login endpoint. These will be forwarded by the login fallback
+API to the login API throughout the login process. Currently the following
+parameters should be accepted:
+
+* `device_id`
+* `initial_device_display_name`
+
+
+## Potential issues
+
+There are no backwards compatibility concerns: if a client provides the query
+parameters to a homeserver that does not check for them than the current
+behavior will occur.
+
+
+## Security considerations
+
+None.
