Spec the v2 IS auth APIs #2255
Spec the v2 IS auth APIs #2255
Conversation
turt2live
force-pushed
the
travis/spec/is-auth
branch
from
62d22bb to
fad9974
Compare
|
I've not had time to read this, but please can it specify the expected behaviour for the various endpoints when no id access token is given, with respect to fallback to v1 apis? |
|
ok, but how is a homeserver that supports both cs api 0.5 and cs api 0.6 supposed to behave when it gets a call to /invite (or whatever) without an id_access_token? |
|
I'm not saying its the right answer, but the answer I have is that the homeserver can't support r0.5 and r0.6 |
|
That sounds like a terrible idea :/ |
|
The right answer is probably amending the MSC to clarify that homeservers can perform calls without it, if they want to. They'd just have to use the (now-deprecated) v1 IS API. |
|
The MSC does say that, although I would argue here that if a client supplies id_server but not id_access_token, it is respecting r0.5 and not r0.6. Just because the spec mandates that a parameter must be supplied, doesn't mean a server must also mandate it: the server can allow it to be optional in order to be compatible with both r0.5 and r0.6. |
|
I'll add a note to the spec to clarify that, just to avoid the future question. |
This is part 2 of many, as shown by #2253
It may be easier to review this commit by commit. See 'docs' status check for what this looks like in the spec.
This PR intentionally does not include terms of service handling to try and keep the PR reviewable.
Specs part of MSC2140.