wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #2037 from matrix-org/travis/1.0/appservice-hs-token

Browse source 
Clarify how homeservers are meant to auth themselves to appservices
This commit is contained in:
Travis Ralston 2019-05-28 12:56:28 -06:00 committed by GitHub
commit 76829ad988
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
changelogs/application_service/newsfragments/2037.clarification Normal file
View file

@ -0,0 +1 @@
Add missing definition for how appservices verify requests came from a homeserver.

9
specification/application_service_api.rst
View file

@ -187,6 +187,15 @@ An example registration file for an IRC-bridging application service is below:
Homeserver -> Application Service API Homeserver -> Application Service API
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Authorization
+++++++++++++
Homeservers MUST include a query parameter named ``access_token`` containing the
``hs_token`` from the application service's registration when making requests to
the application service. Application services MUST verify the provided ``access_token``
matches their known ``hs_token``, failing the request with a ``M_FORBIDDEN`` error
if it does not match.
Legacy routes Legacy routes
+++++++++++++ +++++++++++++