Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Support MSC 1467 - Soft logout #4280

Closed
erikjohnston opened this issue Dec 10, 2018 · 2 comments
Closed

Support MSC 1467 - Soft logout #4280

erikjohnston opened this issue Dec 10, 2018 · 2 comments
Assignees

Comments

@erikjohnston
Copy link
Member

MSC 1467 has just been merged, which allows servers to specify how clients should handle 401's with regards to keeping or deleting encryption keys.

Synapse should implement a mechanism for soft logging out devices or users via the admin API. We may also want to consider what other circumstances we should use soft logout, e.g. unrecognised access tokens, deleting devices, etc

@richvdh
Copy link
Member

richvdh commented Jul 11, 2019

#5660 adds a lifetime to access tokens, after which requests will return a soft_logout 401.

@richvdh richvdh self-assigned this Jul 11, 2019
@richvdh
Copy link
Member

richvdh commented Jul 12, 2019

Possibly we need an administrative way of triggering an expiry, but that can be done by poking things into the database, so I'm declaring that to be a separate feature, and calling this fixed by #5660.

@richvdh richvdh closed this as completed Jul 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants