Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

We should mandate that /publicRooms requires an access_token (SPEC-321) #145

Open
matrixbot opened this issue Jan 8, 2016 · 3 comments
Open
Labels
A-Client-Server Issues affecting the CS API enhancement A suggestion for a relatively simple improvement to the protocol

Comments

@matrixbot
Copy link
Member

Submitted by @​matthew:matrix.org
Such that people who want to ACL the directory depending on who's viewing it can do so

(Imported from https://matrix.org/jira/browse/SPEC-321)

@matrixbot
Copy link
Member Author

Jira watchers: @dbkr

@matrixbot
Copy link
Member Author

Do we make this an option, or do we just do it everywhere?
I can see the value of keeping a public room list you can get without an access token, maybe rooms that are neither peekable or joinable by guests don't appear unless you give an access token? I think I'd prefer to have separate endpoints because getting a partial roomlist if your access token has expired sounds like the way madness lies. I think I would rather have endpoints that either work all the time or only when you have a valid login.

-- @dbkr

@matrixbot matrixbot changed the title We should mandate that /publicRooms requires an access_token We should mandate that /publicRooms requires an access_token (SPEC-321) Oct 31, 2016
@matrixbot matrixbot added spec-bug Something which is in the spec, but is wrong enhancement A suggestion for a relatively simple improvement to the protocol and removed spec-bug Something which is in the spec, but is wrong labels Nov 7, 2016
@turt2live turt2live added the A-Client-Server Issues affecting the CS API label Sep 6, 2018
@richvdh
Copy link
Member

richvdh commented Feb 13, 2019

I think I'd prefer to have separate endpoints ... I think I would rather have endpoints that either work all the time or only when you have a valid login.

I think I agree with this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-Client-Server Issues affecting the CS API enhancement A suggestion for a relatively simple improvement to the protocol
Projects
None yet
Development

No branches or pull requests

4 participants