From 1b3e27a05a8666e02e031972a7bf0336195d5599 Mon Sep 17 00:00:00 2001 From: Kegsay Date: Thu, 15 Jan 2015 17:26:36 +0000 Subject: [PATCH] Add Linking HTTP API Also add note on masquerading problem. --- drafts/as-http-api.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drafts/as-http-api.rst b/drafts/as-http-api.rst index 2fb9aed2..727a5ff9 100644 --- a/drafts/as-http-api.rst +++ b/drafts/as-http-api.rst @@ -156,6 +156,8 @@ Linking ``[Draft]`` user they claim to be? If we force an IS lookup, then this would resolve on its own as anyone who wants to talk to the virtual user will do a lookup before trying the application service... + - In other words, what is preventing ``@bob:matrix.org`` masquerading as + ``@.irc.freenode.alice:matrix.org``? Clients may want to link their matrix user ID to their virtual user ID. This API allows the AS to do this, so messages sent from the AS are sent as the client's @@ -186,6 +188,21 @@ Notes: pushed. - The generated access token MUST honour the restrictions laid out by the client. + +:: + + PUT /appservices/$virtual_user_id?access_token=$token + + Request format + { + restrictions: { + expires_in: 3600, + rooms: [ + "!fl3rwfehw:matrix.org", + "!fwet2yugs:matrix.org" + ] + } + } To revoke permission for an application service to masquerade as a user: @@ -198,6 +215,11 @@ Output: Side effects: - The home server invalidate all access tokens for this user ID / AS combo and push this invalidation to the application service if this response 200s. + +:: + + DELETE /appservices/$virtual_user_id?access_token=$token + Client-Server v2 API Extensions -------------------------------