Skip to content

MSC2967: API scopes #2967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 32 commits into from
Apr 5, 2025
Merged

MSC2967: API scopes #2967

merged 32 commits into from
Apr 5, 2025

Conversation

sandhose
Copy link
Member

@sandhose sandhose commented Jan 14, 2021
edited by turt2live
Loading

Rendered

  • Spec is feature complete
    • Device handling
    • Allow for APIs other than Client-Server in the urn:matrix namespace
    • Security considerations section
  • Reviewed for consistency with MSC3861
  • Implementations believed to be complete enough

Dependencies:

Implementations:

Homeservers

Homeservers:

  • Synapse with Matrix Authentication Service in OIDC Playground: https://auth-oidc.element.dev
    • urn:matrix:client:api:*
    • urn:matrix:client:device:XXXX

Clients

Clients need to request scopes appropriately.

  • Element X iOS and Android
    • urn:matrix:client:api:*
    • urn:matrix:client:device:XXXX
  • Element Web
    • urn:matrix:client:api:*
    • urn:matrix:client:device:XXXX
  • hydrogen
    • urn:matrix:client:api:*
    • urn:matrix:client:device:XXXX
  • files-sdk-demo
    • urn:matrix:client:api:*
    • urn:matrix:client:device:XXXX

SCT stuff:

checklist
FCP tickyboxes

@turt2live turt2live changed the title MSC2967: [WIP] API scope restriction [WIP] MSC2967: API scope restriction Jan 14, 2021
@turt2live turt2live marked this pull request as draft January 14, 2021 17:28
@turt2live turt2live added kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal labels Jan 14, 2021
This was referenced Jan 15, 2021
Merged
Closed
kegsay
kegsay reviewed Jan 15, 2021
View reviewed changes
erkinalp
erkinalp suggested changes Jan 31, 2021
View reviewed changes
Copy link

@erkinalp erkinalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't use the word sudo as we do not have a concept of superusers or substitute users in Matrix.

@aaronraimist
Copy link
Contributor

aaronraimist commented Mar 1, 2021
edited by richvdh
Loading

Related: matrix-org/matrix-spec#725

@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
@hughns hughns mentioned this pull request May 25, 2022
Open
@zecakeh zecakeh mentioned this pull request Jul 25, 2022
Merged
@hughns hughns changed the title [WIP] MSC2967: API scope restriction [WIP] MSC2967: API scopes Aug 3, 2022
@hughns hughns mentioned this pull request Aug 4, 2022
Merged
@hughns hughns changed the title [WIP] MSC2967: API scopes [WIP] MSC2967: OIDC API scopes Feb 28, 2023
@turt2live turt2live added the matrix-2.0 Required for Matrix 2.0 label Mar 3, 2023
clokep
clokep reviewed May 16, 2023
View reviewed changes
proposals/2967-api-scopes.md Outdated

#### Device ID handling

Presently a device ID is typically generated by the homeserver and is associated with a specific access token. In OAuth 2.0 there is no such thing as a session and so a mapping cannot be handled using the same mechanism.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this still true after refresh tokens (MSC2918)? I thought we did a bunch of work in Synapse related to this recently, but maybe I'm confusing different types of tokens.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically yes, in practice no as MSC2918-style refresh tokens are almost not adopted by anyone. Is it worth clarifying here?

clokep
clokep reviewed May 16, 2023
View reviewed changes
clokep
clokep reviewed May 16, 2023
View reviewed changes
@kerryarchibald kerryarchibald mentioned this pull request Jun 13, 2023
Closed
erikjohnston
erikjohnston reviewed Mar 19, 2025
View reviewed changes
proposals/2967-api-scopes.md

This MSC proposes that the Matrix client is responsible for generating/allocating a device ID.
A client can create a new device ID by generating a random string and asking for its associated scope on login.
A client can adopt and rehydrate an existing device ID by asking for its associated scope on login.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs some rationale for why we need/want to make this change?

I'm a bit hesitant moving the creation of IDs to clients, as it adds all sorts of edges cases that need to be addressed (clashes, incorrect grammar, etc) and means servers can't encode any information in the device ID (which we don't currently, but you could imagine would be useful).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked out of band last Friday morning, and there sounds like there is a bunch of historical context here (that has since become mostly outdated). Conclusion was for @sandhose to comment with the background and a bit or a rationale, and then we can make a final call on whether we want device IDs to be generated on the client or server.

Something that I didn't realise is that the spec currently allows clients to generate device IDs when they log in (mostly for bots and the like).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've explained why the change isn't bad in practice, and the historical context why it is like that in 082625d

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible for the homeserver to still generate a device ID if a urn:matrix:client:device:<device ID> scope is omitted? Or would that be odd behaviour in the OAuth 2.0 world?

Having the ability for the homeserver to generate the device ID does make very simple matrix clients even simpler (no need to randomly generate a string). But I don't feel strongly that this behaviour must remain; it's only a nice-to-have.

Similarly, I recognise that it's useful for the client to provide a device ID upon login (for device rehydration and other use cases). So I'm happy to see that's still supported.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the explanation @sandhose. SCT had a discussion and I believe the conclusion was broadly that this is fine for now, there's not much reason to change it so late in the day.

erikjohnston
erikjohnston requested changes Mar 25, 2025
View reviewed changes
proposals/2967-api-scopes.md

This MSC proposes that the Matrix client is responsible for generating/allocating a device ID.
A client can create a new device ID by generating a random string and asking for its associated scope on login.
A client can adopt and rehydrate an existing device ID by asking for its associated scope on login.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked out of band last Friday morning, and there sounds like there is a bunch of historical context here (that has since become mostly outdated). Conclusion was for @sandhose to comment with the background and a bit or a rationale, and then we can make a final call on whether we want device IDs to be generated on the client or server.

Something that I didn't realise is that the spec currently allows clients to generate device IDs when they log in (mostly for bots and the like).

anoadragon453
anoadragon453 reviewed Mar 25, 2025
View reviewed changes
proposals/2967-api-scopes.md

This MSC proposes that the Matrix client is responsible for generating/allocating a device ID.
A client can create a new device ID by generating a random string and asking for its associated scope on login.
A client can adopt and rehydrate an existing device ID by asking for its associated scope on login.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible for the homeserver to still generate a device ID if a urn:matrix:client:device:<device ID> scope is omitted? Or would that be odd behaviour in the OAuth 2.0 world?

Having the ability for the homeserver to generate the device ID does make very simple matrix clients even simpler (no need to randomly generate a string). But I don't feel strongly that this behaviour must remain; it's only a nice-to-have.

Similarly, I recognise that it's useful for the client to provide a device ID upon login (for device rehydration and other use cases). So I'm happy to see that's still supported.

clokep
clokep reviewed Mar 25, 2025
View reviewed changes
@mscbot
Copy link
Collaborator

mscbot commented Mar 31, 2025

🔔 This is now entering its final comment period, as per the review above. 🔔

@mscbot mscbot added final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. and removed proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. labels Mar 31, 2025
@turt2live turt2live moved this from Ready for FCP ticks to In FCP in Spec Core Team Backlog Mar 31, 2025
@mscbot
Copy link
Collaborator

mscbot commented Apr 5, 2025

The final comment period, with a disposition to merge, as per the review above, is now complete.

@mscbot mscbot added finished-final-comment-period and removed disposition-merge final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. labels Apr 5, 2025
@turt2live turt2live merged commit b2ea1a7 into matrix-org:main Apr 5, 2025
1 check passed
@turt2live turt2live moved this from In FCP to Requires spec writing in Spec Core Team Backlog Apr 5, 2025
@turt2live turt2live added spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec and removed finished-final-comment-period labels Apr 5, 2025
@NinekoTheCat NinekoTheCat mentioned this pull request Apr 18, 2025
Open
@zecakeh
Copy link
Contributor

zecakeh commented May 25, 2025

spec PR: matrix-org/matrix-spec#2149

@tulir tulir added spec-pr-in-review A proposal which has been PR'd against the spec and is in review and removed spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec labels May 25, 2025
@turt2live turt2live moved this from Requires spec writing to Requires spec PR review in Spec Core Team Backlog Jun 10, 2025
@richvdh
Copy link
Member

richvdh commented Jun 17, 2025

spec PR: matrix-org/matrix-spec#2149

Merged! 🎉

@richvdh richvdh added merged A proposal whose PR has merged into the spec! and removed spec-pr-in-review A proposal which has been PR'd against the spec and is in review labels Jun 17, 2025
@turt2live turt2live moved this from Requires spec PR review to Done to some definition in Spec Core Team Backlog Jun 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clokep clokep clokep left review comments

@ara4n ara4n ara4n left review comments

@anoadragon453 anoadragon453 anoadragon453 left review comments

@richvdh richvdh richvdh requested changes

@tonkku107 tonkku107 tonkku107 left review comments

@hughns hughns hughns left review comments

@kegsay kegsay kegsay left review comments

@erikjohnston erikjohnston erikjohnston requested changes

@erkinalp erkinalp erkinalp requested changes

@turt2live turt2live Awaiting requested review from turt2live

@dbkr dbkr Awaiting requested review from dbkr

Assignees
No one assigned
Labels
kind:core MSC which is critical to the protocol's success matrix-2.0 Required for Matrix 2.0 merged A proposal whose PR has merged into the spec! proposal A matrix spec change proposal
Projects
Spec Core Team Backlog
Status: Done to some definition
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.