This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
Implementation of MSC2918 refresh tokens makes transaction ID scoping in violation of spec #15141
Closed
Description
MSC2918 proposed the introduction of refresh tokens to Matrix. The proposal was accepted and incorporated into v1.3 of the spec.
The non-compliance can now be demonstrated by means of a Complement test.
#13064 already exists to propose changing the implementation of transaction ID scoping in Synapse to be based on device ID not access token. However, this is also in violation of the spec.
I have created this issue so that it can be a placeholder for making Synapse spec compliant when refresh tokens are used.
However, I don't believe this is a priority right now as refresh tokens are not known to be widely used.