wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add registration token UIA type (#3616)

Browse source 
* Add registration token UIA type

MSC: https://github.com/matrix-org/matrix-doc/pull/3231

**Note**: This introduces the endpoint as v1 rather than r0 given the global versioning changes landed between the acceptance of the MSC and now.

* Fix swagger

* Changelogs

* Update data/api/client-server/registration_tokens.yaml

Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>

Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
This commit is contained in:
Travis Ralston 2022-01-04 20:27:58 -07:00 committed by GitHub
parent 20bd445602
commit e4057072bd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

44
content/client-server-api/_index.md
View file

@ -618,6 +618,7 @@ This specification defines the following auth types:
- `m.login.email.identity`
- `m.login.msisdn`
- `m.login.dummy`
- `m.login.registration_token`
##### Password-based
@ -789,6 +790,49 @@ just the type and session, if provided:
}
```
##### Token-authenticated registration
{{% added-in v="1.2" %}}
| Type | Description |
|-------------------------------|-------------------------------------------------------------------|
| `m.login.registration_token` | Registers an account with a pre-shared token for authentication |
{{% boxes/note %}}
The `m.login.registration_token` authentication type is only valid on the
[`/register`](#post_matrixclientv3register) endpoint.
{{% /boxes/note %}}
This authentication type provides homeservers the ability to allow registrations
to a limited set of people instead of either offering completely open registrations
or completely closed registration (where the homeserver administrators create
and distribute accounts).
The token required for this authentication type is shared out of band from
Matrix and is an opaque string with maximum length of 64 characters in the
range `[A-Za-z0-9._~-]`. The server can keep any number of tokens for any
length of time/validity. Such cases might be a token limited to 100 uses or
for the next 2 hours - after the tokens expire, they can no longer be used
to create accounts.
To use this authentication type, clients should submit an auth dict with just
the type, token, and session:
```json
{
"type": "m.login.registration_token",
"token": "fBVFdqVE",
"session": "<session ID>"
}
```
To determine if a token is valid before attempting to use it, the client can
use the `/validity` API defined below. The API doesn't guarantee that a token
will be valid when used, but does avoid cases where the user finds out late
in the registration process that their token has expired.
{{% http-api spec="client-server" api="registration_tokens" %}}
#### Fallback
Clients cannot be expected to be able to know how to process every