New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

/rooms/{roomId}/members is not specified as requiring authentication #1245

florianjacob opened this Issue May 17, 2018 · 1 comment


None yet
2 participants

florianjacob commented May 17, 2018

This currently makes the endpoint incompatible between synapse and ruma-client.

synapse enforces authentication here and will return a status code 403 for every request without an access token.

ruma-client-api conforms to what the spec says here and only sends an access token if the endpoint is marked as requiring authentication, getting a 403 from synapse every time.

This seems to be a simple omission, as the behaviour depends on which user calls the endpoint, and therefore requires authentication:

A list of members of the room. If you are joined to the room then this will be the current members of the room. If you have left the room then this will be the members of the room when you left.

Additionally, the status code 403 "You aren't a member of the room and weren't previously a member of the room." is actually specified.

Also, the very similar /rooms/{room_id}/joined_members requires authentication as well.

Possible solution if this is just an omission: #1244


This comment has been minimized.


richvdh commented May 18, 2018

fixed by #1244

@richvdh richvdh closed this May 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment