Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST /_matrix/identity/v2/store-invite returns unspecced public_key property #561

Open
richvdh opened this issue Apr 5, 2023 · 2 comments
Open

POST /_matrix/identity/v2/store-invite returns unspecced public_key property #561

richvdh opened this issue Apr 5, 2023 · 2 comments
Labels
A-Spec-Compliance places where sydent does not conform to the spec S-Minor T-Defect

Comments

@richvdh
Copy link
Member

richvdh commented Apr 5, 2023
edited
Loading

Sydent returns:

{
    "token": "token",
    "public_key": "sydentPubKeyBase64",
    "public_keys": [
        {
            "public_key": "sydentPubKeyBase64",
            "key_validity_url":  "https://<server>/_matrix/identity/api/v1/pubkey/isvalid"
        },
        {
            "public_key": "ephemeralPublicKeyBase64",
            "key_validity_url": "https://<server>/_matrix/identity/api/v1/pubkey/ephemeral/isvalid",
        }
    ],
    "display_name": "<redacted email>"
}

the top-level public_key property is redundant. It predates public_keys (added in #10, as modified by #13), and has never been specced. It should be removed.
@richvdh richvdh added T-Defect A-Spec-Compliance places where sydent does not conform to the spec labels Apr 5, 2023
@richvdh richvdh mentioned this issue Apr 5, 2023
Closed
@anoadragon453
Copy link
Member

@richvdh This issue talks about /_matrix/identity/v2/store-invite, whereas matrix-org/matrix-spec#495 is talking about /_matrix/identity/api/v1/store-invite (v1 vs. v2). From the description of #495, it sounds like the public_key field should not have existed in either API?

public_key is redundant. ... It should be removed.

This is currently referenced by the following projects:

/_matrix/identity/v2/store-invite

/_matrix/identity/api/v1/store-invite

Hits in for public_key field did not appear in the following projects, but were checked explicitly: matrix-rust-sdk, matrix-ios-sdk, matrix-android-sdk2, Ruma, famedlysdk (Matrix Dart SDK), ma1sd, Construct and Complement.

@richvdh
Copy link
Member Author

richvdh commented May 3, 2023
edited
Loading

@richvdh This issue talks about /_matrix/identity/v2/store-invite, whereas matrix-org/matrix-spec#495 is talking about /_matrix/identity/api/v1/store-invite (v1 vs. v2).

I don't think matrix-org/matrix-spec#495 is specific to v1 or v2: it predates the existence of v2 (which was added in matrix-org/matrix-spec-proposals#2255), but the same error was carried over to the v2 spec.

Note also that matrix-org/matrix-spec#495 is talking about the format of public_keys rather than the top-level public_key.

From the description of #495, it sounds like the public_key field should not have existed in either API?

I agree that public_key should not have existed in either API. When I opened this issue, I only mentioned v2 because v1 shouldn't exist at all (#338).

public_key is redundant. ... It should be removed.

This is currently referenced by the following projects:

/_matrix/identity/v2/store-invite

It's referenced in the model, but that doesn't necessarily mean the project is actually using it.

I'm also a bit surprised that a bot SDK needs to reference this. Per the ASCII art at https://spec.matrix.org/v1.6/client-server-api/#server-behaviour-7, it should be up to the homeserver to make this request.

Yup, looks like that line needs removing too, to make sytest return spec-compliant responses.

See matrix-org/synapse#6036. We should remove it.

/_matrix/identity/api/v1/store-invite

As above, needs a fix.

Again, hard to tell if this means it's actually used. I'd hope that fixing sytest would confirm one way or the other.

Thanks for doing all this research!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Spec-Compliance places where sydent does not conform to the spec S-Minor T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anoadragon453 @richvdh @erikjohnston