wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Actually we're going with "identity server" afterall

Browse source
This commit is contained in:
Travis Ralston 2018-08-31 15:03:48 -06:00
parent ec248b436f
commit 7ac76fa27c
32 changed files with 152 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

24
api/client-server/administrative_contact.yaml
View file

@ -35,7 +35,7 @@ paths:
associated with the user's account.
This is *not* the same as the list of third party identifiers bound to
the user's Matrix ID in identity services.
the user's Matrix ID in identity servers.
Identifiers in this list may be used by the homeserver as, for example,
identifiers that it will accept to reset the user's account password.
@ -77,7 +77,7 @@ paths:
format: int64
description: |-
The timestamp, in milliseconds, when the identifier was
validated by the identity service.
validated by the identity server.
added_at:
type: integer
format: int64
@ -106,13 +106,13 @@ paths:
properties:
client_secret:
type: string
description: The client secret used in the session with the identity service.
description: The client secret used in the session with the identity server.
id_server:
type: string
description: The identity service to use.
description: The identity server to use.
sid:
type: string
description: The session identifier given by the identity service.
description: The session identifier given by the identity server.
required: ["client_secret", "id_server", "sid"]
bind:
type: boolean
@ -138,11 +138,11 @@ paths:
schema:
type: object
403:
description: The credentials could not be verified with the identity service.
description: The credentials could not be verified with the identity server.
examples:
application/json: {
"errcode": "M_THREEPID_AUTH_FAILED",
"error": "The third party credentials could not be verified by the identity service."
"error": "The third party credentials could not be verified by the identity server."
}
schema:
"$ref": "definitions/errors/error.yaml"
@ -153,7 +153,7 @@ paths:
summary: Deletes a third party identifier from the user's account
description: |-
Removes a third party identifier from the user's account. This might not
cause an unbind of the identifier from the identity service.
cause an unbind of the identifier from the identity server.
operationId: delete3pidFromAccount
security:
- accessToken: []
@ -187,7 +187,7 @@ paths:
post:
summary: Begins the validation process for an email address for association with the user's account.
description: |-
Proxies the identity service API ``validate/email/requestToken``, but
Proxies the identity server API ``validate/email/requestToken``, but
first checks that the given email address is **not** already associated
with an account on this homeserver. This API should be used to request
validation tokens when adding an email address to an account. This API's
@ -206,7 +206,7 @@ paths:
id_server:
type: string
description: |-
The hostname of the identity service to communicate with. May
The hostname of the identity server to communicate with. May
optionally include a port.
example: "id.example.com"
required: ['id_server']
@ -241,7 +241,7 @@ paths:
post:
summary: Begins the validation process for a phone number for association with the user's account.
description: |-
Proxies the identity service API ``validate/msisdn/requestToken``, but
Proxies the identity server API ``validate/msisdn/requestToken``, but
first checks that the given phone number is **not** already associated
with an account on this homeserver. This API should be used to request
validation tokens when adding a phone number to an account. This API's
@ -260,7 +260,7 @@ paths:
id_server:
type: string
description: |-
The hostname of the identity service to communicate with. May
The hostname of the identity server to communicate with. May
optionally include a port.
example: "id.example.com"
required: ['id_server']

4
api/client-server/create_room.yaml
View file

@ -138,10 +138,10 @@ paths:
properties:
id_server:
type: string
description: The hostname+port of the identity service which should be used for third party identifier lookups.
description: The hostname+port of the identity server which should be used for third party identifier lookups.
medium:
type: string
# TODO: Link to identity service spec when it eixsts
# TODO: Link to identity server spec when it eixsts
description: The kind of address being passed in the address field, for example ``email``.
address:
type: string

6
api/client-server/definitions/wellknown/identity_server.yaml
View file

@ -11,14 +11,14 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
title: Identity Service Information
title: Identity Server Information
description: |-
Used by clients to discover identity service information.
Used by clients to discover identity server information.
type: object
properties:
base_url:
type: string
description: The base URL for the identity service for client-server connections.
description: The base URL for the identity server for client-server connections.
example: https://identity.example.com
required:
- base_url

26
api/client-server/registration.yaml
View file

@ -92,7 +92,7 @@ paths:
type: boolean
description: |-
If true, the server binds the email used for authentication to
the Matrix ID with the identity service.
the Matrix ID with the identity server.
example: false
username:
type: string
@ -204,9 +204,9 @@ paths:
post:
summary: Begins the validation process for an email to be used during registration.
description: |-
Proxies the identity service API ``validate/email/requestToken``, but
Proxies the identity server API ``validate/email/requestToken``, but
first checks that the given email address is not already associated
with an account on this homeserver. See the identity service API for
with an account on this homeserver. See the identity server API for
further information.
operationId: requestTokenToRegisterEmail
parameters:
@ -221,7 +221,7 @@ paths:
id_server:
type: string
description: |-
The hostname of the identity service to communicate with. May
The hostname of the identity server to communicate with. May
optionally include a port.
example: "id.example.com"
required: ['id_server']
@ -251,7 +251,7 @@ paths:
instead send an email to the user with instructions on how to reset their password.
This prevents malicious parties from being able to determine if a given email address
has an account on the homeserver in question.
* ``M_SERVER_NOT_TRUSTED`` : The ``id_server`` parameter refers to an identity service
* ``M_SERVER_NOT_TRUSTED`` : The ``id_server`` parameter refers to an identity server
that is not trusted by this homeserver.
examples:
application/json: {
@ -264,9 +264,9 @@ paths:
post:
summary: Requests a validation token be sent to the given phone number for the purpose of registering an account
description: |-
Proxies the identity service API ``validate/msisdn/requestToken``, but
Proxies the identity server API ``validate/msisdn/requestToken``, but
first checks that the given phone number is not already associated
with an account on this homeserver. See the identity service API for
with an account on this homeserver. See the identity server API for
further information.
operationId: requestTokenToRegisterMSISDN
parameters:
@ -281,7 +281,7 @@ paths:
id_server:
type: string
description: |-
The hostname of the identity service to communicate with. May
The hostname of the identity server to communicate with. May
optionally include a port.
example: "id.example.com"
required: ['id_server']
@ -311,7 +311,7 @@ paths:
instead send an SMS message to the user with instructions on how to reset their password.
This prevents malicious parties from being able to determine if a given phone number
has an account on the homeserver in question.
* ``M_SERVER_NOT_TRUSTED`` : The ``id_server`` parameter refers to an identity service
* ``M_SERVER_NOT_TRUSTED`` : The ``id_server`` parameter refers to an identity server
that is not trusted by this homeserver.
examples:
application/json: {
@ -373,7 +373,7 @@ paths:
post:
summary: Requests a validation token be sent to the given email address for the purpose of resetting a user's password
description: |-
Proxies the identity service API ``validate/email/requestToken``, but
Proxies the identity server API ``validate/email/requestToken``, but
first checks that the given email address **is** associated with an account
on this homeserver. This API should be used to request
validation tokens when authenticating for the
@ -400,7 +400,7 @@ paths:
id_server:
type: string
description: |-
The hostname of the identity service to communicate with. May
The hostname of the identity server to communicate with. May
optionally include a port.
example: "id.example.com"
required: ['id_server']
@ -435,7 +435,7 @@ paths:
post:
summary: Requests a validation token be sent to the given phone number for the purpose of resetting a user's password.
description: |-
Proxies the identity service API ``validate/msisdn/requestToken``, but
Proxies the identity server API ``validate/msisdn/requestToken``, but
first checks that the given phone number **is** associated with an account
on this homeserver. This API should be used to request
validation tokens when authenticating for the
@ -462,7 +462,7 @@ paths:
id_server:
type: string
description: |-
The hostname of the identity service to communicate with. May
The hostname of the identity server to communicate with. May
optionally include a port.
example: "id.example.com"
required: ['id_server']

18
api/client-server/third_party_membership.yaml
View file

@ -36,7 +36,7 @@ paths:
*Note that there are two forms of this API, which are documented separately.
This version of the API does not require that the inviter know the Matrix
identifier of the invitee, and instead relies on third party identifiers.
The homeserver uses an identity service to perform the mapping from
The homeserver uses an identity server to perform the mapping from
third party identifier to a Matrix identifier. The other is documented in the*
`joining rooms section`_.
@ -47,31 +47,31 @@ paths:
Only users currently in a particular room can invite other users to
join that room.
If the identity service did know the Matrix user identifier for the
If the identity server did know the Matrix user identifier for the
third party identifier, the homeserver will append a ``m.room.member``
event to the room.
If the identity service does not know a Matrix user identifier for the
If the identity server does not know a Matrix user identifier for the
passed third party identifier, the homeserver will issue an invitation
which can be accepted upon providing proof of ownership of the third
party identifier. This is achieved by the identity service generating a
party identifier. This is achieved by the identity server generating a
token, which it gives to the inviting homeserver. The homeserver will
add an ``m.room.third_party_invite`` event into the graph for the room,
containing that token.
When the invitee binds the invited third party identifier to a Matrix
user ID, the identity service will give the user a list of pending
user ID, the identity server will give the user a list of pending
invitations, each containing:
- The room ID to which they were invited
- The token given to the homeserver
- A signature of the token, signed with the identity service's private key
- A signature of the token, signed with the identity server's private key
- The matrix user ID who invited them to the room
If a token is requested from the identity service, the homeserver will
If a token is requested from the identity server, the homeserver will
append a ``m.room.third_party_invite`` event to the room.
.. _joining rooms section: `invite-by-user-id-endpoint`_
@ -98,10 +98,10 @@ paths:
properties:
id_server:
type: string
description: The hostname+port of the identity service which should be used for third party identifier lookups.
description: The hostname+port of the identity server which should be used for third party identifier lookups.
medium:
type: string
# TODO: Link to identity service spec when it eixsts
# TODO: Link to identity server spec when it eixsts
description: The kind of address being passed in the address field, for example ``email``.
address:
type: string

2
api/client-server/wellknown.yaml
View file

@ -54,7 +54,7 @@ paths:
description: Information about the homeserver to connect to.
"$ref": "definitions/wellknown/homeserver.yaml"
m.identity_server:
description: Optional. Information about the identity service to connect to.
description: Optional. Information about the identity server to connect to.
"$ref": "definitions/wellknown/identity_server.yaml"
additionalProperties:
description: Application-dependent keys using Java package naming convention.