Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC3861: Next-generation auth for Matrix, based on OAuth 2.0/OIDC #3861

Draft
wants to merge 12 commits into
base: main
Choose a base branch
from

Conversation

hughns
Copy link
Member

@hughns hughns commented Aug 4, 2022

@hughns hughns changed the title MSCxxxx: Matrix architecture change to delegate authentication via OIDC MSC3861: Matrix architecture change to delegate authentication via OIDC Aug 4, 2022
@turt2live turt2live added proposal A matrix spec change proposal client-server Client-Server API kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Aug 4, 2022
- 👎 Heavyweight for client and homeserver to implement and as a consequence many do not implement all capabilities
- e.g. Dendrite only does password auth
- 👎 Doesn't incorporate best security practices (particularly in case of SSO flow)
- 👎 Requires an MSC for every "new" auth capability such as 2FA and WebAuthn
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: imho this is positive as it makes sure that the community agrees on best practices. This is how matrix spec works and imho should not get bypassed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd disagree: The spec is meant to define a communications protocol. While part of that communications protocol needs to include authentication, it should not be such a massive part of the implementation complexity. With the current team's availability I don't believe we'd ever properly catch up with security best practices for authentication. As a result, it's important that we don't become a communications+authentication protocol and instead "outsource" the authentication as much as possible to a protocol which can handle security best practices in a more timely manner. We believe the best approach for this is OIDC at the moment.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the point I was trying to get across in the 👎 was: As an auth protocol, Matrix is way behind OIDC. To catch-up and keep pace with the state of art this (single) MSC proposes that Matrix adopts OIDC instead.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are right, outsourcing the authentication component to a more advanced and dedicated provider, makes sense, so that matrix can move with speed to be a communication platform.

- e.g. Dendrite only does password auth
- 👎 Doesn't incorporate best security practices (particularly in case of SSO flow)
- 👎 Requires an MSC for every "new" auth capability such as 2FA and WebAuthn
- 👎 We're training our users to enter their Matrix credentials in random web pages and native apps
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this different from any other SSO unless we would have a central server? With OIDC you end up with multiple pages still as matrix is not a central service

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is different in the sense that we would be building trust between the user and their homeserver. Right now, the user does not interact with their HS much. Here, it would make it easier for user to understand that their account is living on their HS, and therefore they should only ever enter their account credentials on a web page controlled by their homeserver, not some random web application which claims to be a secure Matrix client.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this provides any actual protection though, unless you whitelist specific apps to be trusted.

As long as the login page has a somewhat standard layout, unless I am missing something, it is trivial for a native client to replace the login page behind the scenes for the user or just inject code into the website to steal credentials.

You can only somewhat prevent that by not using a password at all and instead requiring a second device to authenticate the login or 2FA, which is orthogonal to OIDC.

Also, it's a bad idea to use an untrusted client for E2EE anyway. Under those circumstances you should rather be distrustful of the server instead of your client.

Copy link
Member

@sandhose sandhose Aug 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this provides any actual protection though, unless you whitelist specific apps to be trusted.

I'm having a hard time understanding what you mean here. What kind of whitelist are we talking about? The login page would usually be shown in the default browser, even for native apps. Sure, showing a web view embedded in your native app is tempting (and completely possible), but you usually avoid that because:

  • you would not share the cookie jar with the browser, meaning that your user would have to log in again even though they might already be logged in their browser
  • you would not access whatever passsword manager the system has easily. If you leverage the default browser, the login page would have the right origin associated with the login page, which means it would suggest the right entries instead of having the user manually look for the right entry
  • the user usually has pretty good trust in their default browser, and know where to look for to know on which origin/website they are on. Sure, it's not fool proof, and phishing attacks are possible, but it is still probably better

As long as the login page has a somewhat standard layout, unless I am missing something, it is trivial for a native client to replace the login page behind the scenes for the user or just inject code into the website to steal credentials.

If you do the login in an embedded web view, sure, but not in the system browser. Also note that on both Android and iOS, the system has APIs to open 'browser' views without changing apps. I recommend checking out the GIFs about that on https://areweoidcyet.com/

You can only somewhat prevent that by not using a password at all and instead requiring a second device to authenticate the login or 2FA, which is orthogonal to OIDC.

What do you mean by 'orthogonal'? Getting beyond passwords is very much one goal that would be easier to achieve with OIDC: you can imagine any kind of credentials (TOTP based 2FA, WebAuthN based login/2FA, or even a one-time-code sent via a Matrix DM) without having to add it to the spec. Implement that on your OIDC server, and you have support in every single Matrix client (assuming we manage to migrate those clients to OIDC) without modifying them

Also, it's a bad idea to use an untrusted client for E2EE anyway. Under those circumstances you should rather be distrustful of the server instead of your client.

That does not change, your server still doesn't have your keys. What changes though, is that a bad client can't take over your account anymore: it can't change your password, logout from other sessions or even deactivate your account.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having a hard time understanding what you mean here. What kind of whitelist are we talking about? The login page would usually be shown in the default browser, even for native apps. Sure, showing a web view embedded in your native app is tempting (and completely possible), but you usually avoid that because:

I am saying that for exactly those reasons it isn't really a security benefit. The difference between a webview and a browser is not clear to the user and just making the user only trust the webpage doesn't mean that it isn't still fairly trivial to spoof it.

If you do the login in an embedded web view, sure, but not in the system browser. Also note that on both Android and iOS, the system has APIs to open 'browser' views without changing apps. I recommend checking out the GIFs about that on https://areweoidcyet.com/

That doesn't prevent usage of a webview so users only trusting specific websites is not a significant benefit. Yes, a trustworthy app will probably use a browser, but the difference between that and a webview is not obvious to a user so you don't solve the problem usually associated with "entering the password into random websites".

What do you mean by 'orthogonal'?

I am saying that the problem of entering your into specific websites is not solved by using a homeserver provided website, it is solved by authenticating using an already trusted device that provides only the information necessary, which can be 2FA, etc. The other bullet point is completely valid that OIDC already specifies ways to do that, which makes implementation of that easier. But the specific bullet point about training people not to enter their passwords into native apps is not useful as long as any malicious app can use a webview and attack the password/auth that way.

That does not change, your server still doesn't have your keys. What changes though, is that a bad client can't take over your account anymore: it can't change your password, logout from other sessions or even deactivate your account.

No, the server doesn't know my keys, but I need to trust the client anyway, so I don't see why it can't know my password, since it already handles data that is more important than my password. The argument that you shouldn't trust random clients is simply not applicable, if you want to read your E2EE messages in that client imo.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is different in the sense that we would be building trust between the user and their homeserver. Right now, the user does not interact with their HS much. Here, it would make it easier for user to understand that their account is living on their HS, and therefore they should only ever enter their account credentials on a web page controlled by their homeserver, not some random web application which claims to be a secure Matrix client.

I would argue that by implementing OIDC like this we're training users to expect to be sent to a random-ass website that looks vaguely official, and having them input their password there. This sounds like a phishers dream to me.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the server doesn't know my keys, but I need to trust the client anyway, so I don't see why it can't know my password, since it already handles data that is more important than my password. The argument that you shouldn't trust random clients is simply not applicable, if you want to read your E2EE messages in that client imo.

We need to urgently clarify what the trust model is for E2EE clients. Some parts of this MSC are predicated on the fact that trusting the client = bad, trusting the server = good, but this is actually the opposite in an E2EE world, as you've explained. Due to this trust model, we are asserting things which negatively impact the ecosystem:

What do I do for my device which doesn’t have a web browser?

[...] Use a Resource Owner Password Credentials Grant (a.k.a. “password grant” or “direct grant”) where the username and password are entered into the client (i.e. the 3DS) and the client then sends the username and password to the OpenID Provider to get an access token.

It is important to note that the second option (Resource Owner Password Credentials Grant) is considered insecure by the OAuth 2.0 Security Best Current Practice guide. As such, it is expected that the presence of this capability in an OpenID Provider can not be relied on. For example, we don’t expect that matrix.org will support this flow.

So we are asserting that matrix.org won't support clients which don't have a web browser in an OIDC world, because we don't want to enable password grants because we trust the server more than the client. The best practice guideline states:

The resource owner password credentials grant MUST NOT be used. This grant type insecurely exposes the credentials of the resource owner to the client. Even if the client is benign, this results in an increased attack surface (credentials can leak in more places than just the AS) and users are trained to enter their credentials in places other than the AS.

But for our ecosystem this is inevitable because we support E2EE so the keys only exist on the client so we must trust the client. In fact, we go even further because we need to handle attacks where the server maliciously controls our account, so we need to protect everything worth protecting behind strong crypto (e.g cross-signing) rather than trusting the server.


Some of the benefits of this are:

- 👍 Simpler for Homeservers and clients to implement
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I disagree. It is harder for apps and native (as in QT and others) to implement. The user has to be redirected either to a browser where then the app needs to either handle a custom proto or a webserver for the callback, or they need a webview which usually involves compiling a full chromium suite which extremely increases compile times and makes you have to do way more regular updating of the client due to the rapid amount of security issues within chromium. It overall adds a lot of complexity to the update process and especially makes the experience worse for small client devs imho.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the main point here is the abondance of off-the-shelf libraries to handle OAuth/OIDC, which helps with implementation for clients. For example, QT has an official module to handle OAuth2/OIDC logins that you might want to check out: https://doc.qt.io/qt-6/qtnetworkauth-index.html
Your point on custom proto or web server for the callback is valid (it's handled by the QT module with a local web server), although it is already the case with m.login.sso, which is used by a large portion of the user base (30% of Matrix.org, IIRC).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even with the OAuth module in Qt, the implementation is not really trivial and you usually need to test specifically against each OIDC provider to know if it is working properly, which is a lot more work than testing against 3 different homeservers. Google OAuth for example is very well known for changing in incompatible ways quite often (last time I tried it, it couldn't work with Google at all, but I assume they fixed that in the last few years). Here are a few of the potential pitfalls: https://appfluence.com/productivity/how-to-authenticate-qt-google-sso/

(The code in that example is about half as long as the UIA code in Nheko, so the implementation benefits don't seem to be particularly great considering that most of the UIA code is just putting stuff into a pretty UI so that it looks well integrated into the client.)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even with the OAuth module in Qt, the implementation is not really trivial and you usually need to test specifically against each OIDC provider to know if it is working properly, which is a lot more work than testing against 3 different homeservers.

There are indeed non-compliant 'OIDC' providers in the wild ('sign in with Apple' is a well-known example of that), as well as a lot of different scenarios to potentially support because of evolving best practices. OIDC is itself an effort to mitigate the lack of compatibility between OAuth2 servers and clients. There are also additional profiles which makes it even stricter for clients and servers for some use cases (the FAPI profiles is a good example of that). The OpenID foundation also provides a bunch of certification tools to help ensuring your server or client implementation is compliant.
In the Matrix spec, we want to be precise on what part of OIDC/OAuth 2.0 clients and servers HAVE to support to ensure compatibility between them.

That being said, the argument of having to test against 3 HS vs. having to test lots of OIDC servers is a practical one, not a spec one: if we had 40 HS implementations in the wild, would you test your client against all 40 of them? Probably only, because that's what the spec is for. The lack of diversity in homeserver implementations can be somewhat useful when implementing a client, but the spec should still be the source of truth when implementing a client or a server. That does not change with OIDC.

Moreover, we, for example, add semantics around dynamic client registration that are not present in any existing OIDC provider as far as I know, that will require specific modules to make those existing providers fully 'Matrix compliant', so don't expect users to be using any random off-the-shelf OIDC provider right away: they will probably use one of the few 'known compliant' provider, so you would probably still be in a situation where you only have to test a few implementations for your client.

Google OAuth for example is very well known for changing in incompatible ways quite often (last time I tried it, it couldn't work with Google at all, but I assume they fixed that in the last few years). Here are a few of the potential pitfalls: https://appfluence.com/productivity/how-to-authenticate-qt-google-sso/

That is a side effect of the best practices evolving over the years. OIDC/OAuth 2.0 did mature a lot since it was first introduced, so things that were considered 'secure enough' 6 years ago (in this case, using a web view instead of the system browser) are now deprecated. Having watched that space for a few years now, I think that we're in a state where modern OIDC is secure and stable enough to not have to worry about it changing too much.

(The code in that example is about half as long as the UIA code in Nheko, so the implementation benefits don't seem to be particularly great considering that most of the UIA code is just putting stuff into a pretty UI so that it looks well integrated into the client.)

I am curious about that claim. One thing to keep in mind, is that this is not only about logging in (which can be done with one HTTP request if you're using username+password), but all account management capabilities, like changing your password, 'forgot my password' flows, account registration (which can include a captcha, an email verification and terms of service acceptance), account deactivation, etc.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the Matrix spec, we want to be precise on what part of OIDC/OAuth 2.0 clients and servers HAVE to support to ensure compatibility between them.

I hope you mean, you want to restrict what OIDC/OAuth 2.0 flows are allowed to be advertized by clients? Because if something like "Sign in with Apple" is supported on even one public homeserver, clients usually have to support it no matter if it is compliant to the spec or not. So if "Sign in with Apple" is not compliant with OIDC, clients will have to implement workarounds for it.

That being said, the argument of having to test against 3 HS vs. having to test lots of OIDC servers is a practical one, not a spec one: if we had 40 HS implementations in the wild, would you test your client against all 40 of them? Probably only, because that's what the spec is for. The lack of diversity in homeserver implementations can be somewhat useful when implementing a client, but the spec should still be the source of truth when implementing a client or a server. That does not change with OIDC.

I think you will find very few client developers that agree with the statement, that you can follow the spec to implement a functioning Matrix client. You usually need to implement multiple MSCs as well as homeserver and client specific behaviour. For example Element iOS requires you send a thumbnail for a sticker to show it at all, Element Android sends wrong reply fallbacks for edits, Element Web starts the device verification flow in a long deprecated order, the spec didn't include edits for years, Synapse stored timestamps and powerlevels as strings in the past so you can't just parse them as integers if a user is still in an old room, construct sends room state in a weird order, conduit used to duplicate to_device messages for almost a year, dendrite used to store push timestamps in the wrong unit and for a long time one time and fallback keycounts were a mess. You absolutely need to test against as many options you can. I usually try all my test accounts on 4 different homeservers before a release as well as verification and calls between a few clients.

Yes, testing against 40 different homeserver implementations might not be feasible in the future, but the spec shouldn't define the minimum subset of OIDC clients should support, but rather the maximum API a client and server is allowed to support. Otherwise instead of simplifying authentication, this will make it much more complicated and fragile. I know that OIDC tries to make this standardized and interoperable, but in my experience we are still pretty far away from that (considering how much effort it is to integrate with all the different OIDC systems every time).

I am curious about that claim. One thing to keep in mind, is that this is not only about logging in (which can be done with one HTTP request if you're using username+password), but all account management capabilities, like changing your password, 'forgot my password' flows, account registration (which can include a captcha, an email verification and terms of service acceptance), account deactivation, etc.

The UIA part is implemented in a single file with about 300 lines: https://github.com/Nheko-Reborn/nheko/blob/master/src/ui/UIA.cpp

That is reused for every endpoint (apart from /login since that never switched to UIA) and drives a few hundred lines of dialogs (about 20 lines per stage type). Some pages opt in to integrate the dialogs better, which is additional UI, but I won't count that, since OIDC wouldn't allow that kind of integration. Similarly the implementation could be done in 100 lines if the fallbacks are used everywhere instead of custom dialogs. FluffyChat uses the same pattern, but notably the Element mobile clients do not (and they don't even implement the fallback properly...). Sure, Nheko doesn't implement "changing your password", but it does do registration (including registration tokens), terms of service, device deletion/renaming, device signing key uploads as a few of the endpoints that use UIA.

Adding the UIA handling to any such capability is just one line to pass the UIAHandler to the function (or rather, one extra argument). If any such things would still be handled client side instead of some webpage, they would be the same effort to implement presumably. (I know what UIA is and I have been working together with a few MSC authors to get rid of the "just send your password in plaintext option.)


- 👍 Simpler for Homeservers and clients to implement
- 👍 Benefits similar to SSO such as:
- logging into multiple clients on the same device without entering the credentials multiple times
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this actually a thing SSO/OIDC solve? Wouldn't this be a thing WebAuthn solves?

Also who actually uses THE SAME account multiple times on the same device? Aren't you usually using the same client with DIFFERENT accounts? This usecase seems either fabricated to me or customer specific

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will become in my opinion a pretty common use case, as we see other non-chat applications built on Matrix. On the same device you might be logged in your chat client, on your synapse-admin panel, in Cactus Comments, in Element Call, etc.

This does not change anything in terms of having multiple accounts on the same chat client.

Regarding WebAuthN, this is impossible to achieve with the current architecture, as WebAuthN credentials are bound the domain. If you create a WebAuthN credential from the chat.example.com origin, it won't be available on another.app.org. Here, since we're always requesting the credentials from the same origin (let's say, auth.matrix.org), we can bind WebAuthN credentials to that domain, and password managers will get a lot more useful.

- 👍 Simpler for Homeservers and clients to implement
- 👍 Benefits similar to SSO such as:
- logging into multiple clients on the same device without entering the credentials multiple times
- having the credentials bound to the auth server domain instead of the client (for password managers and WebAuthn)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer if the server does only know a hash of my password. This is usually the main issue with major security breaches. Matrix should do an best effort to prevent those.

Copy link
Member

@sandhose sandhose Aug 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I understand your concern. Right now, even though it's not enforced by the spec it's the case, Synapse only saves password hashes in its database.

We would be in the same situation here: the server will most probably store the password as hashed, not in plain text

Copy link

@mvgorcum mvgorcum Apr 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're just moving the problem from the synapse server to the auth server here, so we'll never be able to assume that the synapse server doesn't actually receive the password at some point, since the auth server and synapse server can still be on the same machine. We've added an extra step in our auth process that we can implement incorrectly. (ie: now we don't just need to make sure we do auth correctly, we also need to ensure that we do OIDC correctly). As such we're just creating a larger attack surface.

Conversely, if we keep auth as a part of a matrix server, the server can actually ensure it never learns the plaintext passwords, and as such allow this password to be reused for secure server side storage.

1. Accept the set of MSCs to enable delegation via OIDC.
1. Deprecate non-OIDC auth related API endpoints or capabilities in existing Matrix APIs.
1. Provide migration support to the ecosystem.
1. Close all existing MSCs relating to non-OIDC as `obsolete`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make sure to check if those are actually solved by this when doing it. There might be some around that OIDC does not fix but actually complicates, like the Concealed login MSC.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good point. We should spend some time identifying those MSCs sooner than later, and see for each MSC if either:

  • it solves the problem solved by the MSC
  • the tradeoffs are acceptable if it is conceptually orthogonal

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since now half a year went by: is there any update on which mscs are compatible and which aren't?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a mid-read review. Submitting before I forget about it

proposals/3861-delegated-oidc-architecture.md Outdated Show resolved Hide resolved
- 👎 Heavyweight for client and homeserver to implement and as a consequence many do not implement all capabilities
- e.g. Dendrite only does password auth
- 👎 Doesn't incorporate best security practices (particularly in case of SSO flow)
- 👎 Requires an MSC for every "new" auth capability such as 2FA and WebAuthn
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd disagree: The spec is meant to define a communications protocol. While part of that communications protocol needs to include authentication, it should not be such a massive part of the implementation complexity. With the current team's availability I don't believe we'd ever properly catch up with security best practices for authentication. As a result, it's important that we don't become a communications+authentication protocol and instead "outsource" the authentication as much as possible to a protocol which can handle security best practices in a more timely manner. We believe the best approach for this is OIDC at the moment.


## Security considerations

Please refer to individual proposals.
Copy link
Contributor

@MTRNord MTRNord Feb 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if there is a better place, but:

How do we protect from ending up in the same situation as email, where big companies (like google/microsoft) end up using OIDC/OAuth2 purely to gatekeep the clients that are allowed to use? As far as I understand, matrix is supposed to be an open protocol where anyone is allowed to bring their own tools and software. So how do we make sure that this is still possible? I am aware of certain enterprise parts of matrix that want to restrict client usage, however imho this isn't something that should leak into spec.

The reasoning behind is that the Matrix Manifesto ( https://matrix.org/foundation/ ) clearly defines that we do want to be an open communication network and people shall have full control over their communication. If we end up however in a situation where we give HS admins a (too) easy way to restrict the clients that are usable we would break the goals of that manifesto at it's core, since then it's not open anymore for the users and Singular community managers can decide what tools to use with 0 protection for the users.

(edit: typos)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For additional source of my email reference, see the comment made by a thunderbird dev in https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat#OAuth2

Due to a defficiency in the OAuth2 spec, the client is usually required to send a client credential key, which in turn requires the client to be registered and approved by the email provider. Unfortunately, this not only allows email providers to block specific email clients (which is contrary to the idea of Open-Source), but also makes it impossible to support arbitrary OAuth2 servers. That's why Thunderbird is forced to hardcode the servers that it supports and the respecive client keys. That means that you cannot use OAuth2 for your own server. Only the servers listed on OAuth2Providers.jsm will work.

I am aware of the dynamic registration MSC for OIDC, but that only somewhat solves this, since there a provider still is able to refuse your client at any given time without explanation.

@hughns
Copy link
Member Author

hughns commented Feb 28, 2023

I've added references to the following MSCs that this proposal assumes are generally accepted:

| [MSC2967](https://github.com/matrix-org/matrix-doc/pull/2967) | Defines the namespace for a set of API scopes that can can expanded in future to allow for finer grained permissioning |
| [MSC3824](https://github.com/matrix-org/matrix-doc/pull/3824) | Proposes some minor changes to the C-S API to allow Matrix clients that are not fully OIDC-native to work best with an OIDC enabled homeserver that has is serving a compatibility layer |

## Potential issues
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From reviewing the Synapse implementation it seems that this MSC is missing information on how application services would register users. matrix-org/synapse#15582 keeps the old /register endpoint active for the m.login.application_service login type only.

This MSC needs to include some information IMO about how this interacts with application services.

yingziwu added a commit to yingziwu/synapse that referenced this pull request Jun 22, 2023
Synapse 1.86.0 (2023-06-20)
===========================

No significant changes since 1.86.0rc2.

Synapse 1.86.0rc2 (2023-06-14)
==============================

Bugfixes
--------

- Fix an error when having workers of different versions running. ([\matrix-org#15774](matrix-org#15774))

Synapse 1.86.0rc1 (2023-06-13)
==============================

This version was tagged but never released.

Features
--------

- Stable support for [MSC3882](matrix-org/matrix-spec-proposals#3882) to allow an existing device/session to generate a login token for use on a new device/session. ([\matrix-org#15388](matrix-org#15388))
- Support resolving a room's [canonical alias](https://spec.matrix.org/v1.7/client-server-api/#mroomcanonical_alias) via the module API. ([\matrix-org#15450](matrix-org#15450))
- Enable support for [MSC3952](matrix-org/matrix-spec-proposals#3952): intentional mentions. ([\matrix-org#15520](matrix-org#15520))
- Experimental [MSC3861](matrix-org/matrix-spec-proposals#3861) support: delegate auth to an OIDC provider. ([\matrix-org#15582](matrix-org#15582))
- Add Synapse version deploy annotations to Grafana dashboard which enables easy correlation between behavior changes witnessed in a graph to a certain Synapse version and nail down regressions. ([\matrix-org#15674](matrix-org#15674))
- Add a catch-all * to the supported relation types when redacting an event and its related events. This is an update to [MSC3912](matrix-org/matrix-spec-proposals#3861) implementation. ([\matrix-org#15705](matrix-org#15705))
- Speed up `/messages` by backfilling in the background when there are no backward extremities where we are directly paginating. ([\matrix-org#15710](matrix-org#15710))
- Expose a metric reporting the database background update status. ([\matrix-org#15740](matrix-org#15740))

Bugfixes
--------

- Correctly clear caches when we delete a room. ([\matrix-org#15609](matrix-org#15609))
- Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms. ([\matrix-org#15695](matrix-org#15695))

Improved Documentation
----------------------

- Simplify query to find participating servers in a room. ([\matrix-org#15732](matrix-org#15732))

Internal Changes
----------------

- Log when events are (maybe unexpectedly) filtered out of responses in tests. ([\matrix-org#14213](matrix-org#14213))
- Read from column `full_user_id` rather than `user_id` of tables `profiles` and `user_filters`. ([\matrix-org#15649](matrix-org#15649))
- Add support for tracing functions which return `Awaitable`s. ([\matrix-org#15650](matrix-org#15650))
- Cache requests for user's devices over federation. ([\matrix-org#15675](matrix-org#15675))
- Add fully qualified docker image names to Dockerfiles. ([\matrix-org#15689](matrix-org#15689))
- Remove some unused code. ([\matrix-org#15690](matrix-org#15690))
- Improve type hints. ([\matrix-org#15694](matrix-org#15694), [\matrix-org#15697](matrix-org#15697))
- Update docstring and traces on `maybe_backfill()` functions. ([\matrix-org#15709](matrix-org#15709))
- Add context for when/why to use the `long_retries` option when sending Federation requests. ([\matrix-org#15721](matrix-org#15721))
- Removed some unused fields. ([\matrix-org#15723](matrix-org#15723))
- Update federation error to more plainly explain we can only authorize our own membership events. ([\matrix-org#15725](matrix-org#15725))
- Prevent the `latest_deps` and `twisted_trunk` daily GitHub Actions workflows from running on forks of the codebase. ([\matrix-org#15726](matrix-org#15726))
- Improve performance of user directory search. ([\matrix-org#15729](matrix-org#15729))
- Remove redundant table join with `room_memberships` when doing a `is_host_joined()`/`is_host_invited()` call (`membership` is already part of the `current_state_events`). ([\matrix-org#15731](matrix-org#15731))
- Remove superfluous `room_memberships` join from background update. ([\matrix-org#15733](matrix-org#15733))
- Speed up typechecking CI. ([\matrix-org#15752](matrix-org#15752))
- Bump minimum supported Rust version to 1.60.0. ([\matrix-org#15768](matrix-org#15768))

* Bump importlib-metadata from 6.1.0 to 6.6.0. ([\matrix-org#15711](matrix-org#15711))
* Bump library/redis from 6-bullseye to 7-bullseye in /docker. ([\matrix-org#15712](matrix-org#15712))
* Bump log from 0.4.18 to 0.4.19. ([\matrix-org#15761](matrix-org#15761))
* Bump phonenumbers from 8.13.11 to 8.13.13. ([\matrix-org#15763](matrix-org#15763))
* Bump pyasn1 from 0.4.8 to 0.5.0. ([\matrix-org#15713](matrix-org#15713))
* Bump pydantic from 1.10.8 to 1.10.9. ([\matrix-org#15762](matrix-org#15762))
* Bump pyo3-log from 0.8.1 to 0.8.2. ([\matrix-org#15759](matrix-org#15759))
* Bump pyopenssl from 23.1.1 to 23.2.0. ([\matrix-org#15765](matrix-org#15765))
* Bump regex from 1.7.3 to 1.8.4. ([\matrix-org#15769](matrix-org#15769))
* Bump sentry-sdk from 1.22.1 to 1.25.0. ([\matrix-org#15714](matrix-org#15714))
* Bump sentry-sdk from 1.25.0 to 1.25.1. ([\matrix-org#15764](matrix-org#15764))
* Bump serde from 1.0.163 to 1.0.164. ([\matrix-org#15760](matrix-org#15760))
* Bump types-jsonschema from 4.17.0.7 to 4.17.0.8. ([\matrix-org#15716](matrix-org#15716))
* Bump types-pyopenssl from 23.1.0.2 to 23.2.0.0. ([\matrix-org#15766](matrix-org#15766))
* Bump types-requests from 2.31.0.0 to 2.31.0.1. ([\matrix-org#15715](matrix-org#15715))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jun 26, 2023
Synapse 1.86.0 (2023-06-20)
===========================

No significant changes since 1.86.0rc2.


Synapse 1.86.0rc2 (2023-06-14)
==============================

Bugfixes
--------

- Fix an error when having workers of different versions running. ([\#15774](matrix-org/synapse#15774))


Synapse 1.86.0rc1 (2023-06-13)
==============================

This version was tagged but never released.

Features
--------

- Stable support for [MSC3882](matrix-org/matrix-spec-proposals#3882) to allow an existing device/session to generate a login token for use on a new device/session. ([\#15388](matrix-org/synapse#15388))
- Support resolving a room's [canonical alias](https://spec.matrix.org/v1.7/client-server-api/#mroomcanonical_alias) via the module API. ([\#15450](matrix-org/synapse#15450))
- Enable support for [MSC3952](matrix-org/matrix-spec-proposals#3952): intentional mentions. ([\#15520](matrix-org/synapse#15520))
- Experimental [MSC3861](matrix-org/matrix-spec-proposals#3861) support: delegate auth to an OIDC provider. ([\#15582](matrix-org/synapse#15582))
- Add Synapse version deploy annotations to Grafana dashboard which enables easy correlation between behavior changes witnessed in a graph to a certain Synapse version and nail down regressions. ([\#15674](matrix-org/synapse#15674))
- Add a catch-all * to the supported relation types when redacting an event and its related events. This is an update to [MSC3912](matrix-org/matrix-spec-proposals#3861) implementation. ([\#15705](matrix-org/synapse#15705))
- Speed up `/messages` by backfilling in the background when there are no backward extremities where we are directly paginating. ([\#15710](matrix-org/synapse#15710))
- Expose a metric reporting the database background update status. ([\#15740](matrix-org/synapse#15740))


Bugfixes
--------

- Correctly clear caches when we delete a room. ([\#15609](matrix-org/synapse#15609))
- Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms. ([\#15695](matrix-org/synapse#15695))


Improved Documentation
----------------------

- Simplify query to find participating servers in a room. ([\#15732](matrix-org/synapse#15732))


Internal Changes
----------------

- Log when events are (maybe unexpectedly) filtered out of responses in tests. ([\#14213](matrix-org/synapse#14213))
- Read from column `full_user_id` rather than `user_id` of tables `profiles` and `user_filters`. ([\#15649](matrix-org/synapse#15649))
- Add support for tracing functions which return `Awaitable`s. ([\#15650](matrix-org/synapse#15650))
- Cache requests for user's devices over federation. ([\#15675](matrix-org/synapse#15675))
- Add fully qualified docker image names to Dockerfiles. ([\#15689](matrix-org/synapse#15689))
- Remove some unused code. ([\#15690](matrix-org/synapse#15690))
- Improve type hints. ([\#15694](matrix-org/synapse#15694), [\#15697](matrix-org/synapse#15697))
- Update docstring and traces on `maybe_backfill()` functions. ([\#15709](matrix-org/synapse#15709))
- Add context for when/why to use the `long_retries` option when sending Federation requests. ([\#15721](matrix-org/synapse#15721))
- Removed some unused fields. ([\#15723](matrix-org/synapse#15723))
- Update federation error to more plainly explain we can only authorize our own membership events. ([\#15725](matrix-org/synapse#15725))
- Prevent the `latest_deps` and `twisted_trunk` daily GitHub Actions workflows from running on forks of the codebase. ([\#15726](matrix-org/synapse#15726))
- Improve performance of user directory search. ([\#15729](matrix-org/synapse#15729))
- Remove redundant table join with `room_memberships` when doing a `is_host_joined()`/`is_host_invited()` call (`membership` is already part of the `current_state_events`). ([\#15731](matrix-org/synapse#15731))
- Remove superfluous `room_memberships` join from background update. ([\#15733](matrix-org/synapse#15733))
- Speed up typechecking CI. ([\#15752](matrix-org/synapse#15752))
- Bump minimum supported Rust version to 1.60.0. ([\#15768](matrix-org/synapse#15768))

### Updates to locked dependencies

* Bump importlib-metadata from 6.1.0 to 6.6.0. ([\#15711](matrix-org/synapse#15711))
* Bump library/redis from 6-bullseye to 7-bullseye in /docker. ([\#15712](matrix-org/synapse#15712))
* Bump log from 0.4.18 to 0.4.19. ([\#15761](matrix-org/synapse#15761))
* Bump phonenumbers from 8.13.11 to 8.13.13. ([\#15763](matrix-org/synapse#15763))
* Bump pyasn1 from 0.4.8 to 0.5.0. ([\#15713](matrix-org/synapse#15713))
* Bump pydantic from 1.10.8 to 1.10.9. ([\#15762](matrix-org/synapse#15762))
* Bump pyo3-log from 0.8.1 to 0.8.2. ([\#15759](matrix-org/synapse#15759))
* Bump pyopenssl from 23.1.1 to 23.2.0. ([\#15765](matrix-org/synapse#15765))
* Bump regex from 1.7.3 to 1.8.4. ([\#15769](matrix-org/synapse#15769))
* Bump sentry-sdk from 1.22.1 to 1.25.0. ([\#15714](matrix-org/synapse#15714))
* Bump sentry-sdk from 1.25.0 to 1.25.1. ([\#15764](matrix-org/synapse#15764))
* Bump serde from 1.0.163 to 1.0.164. ([\#15760](matrix-org/synapse#15760))
* Bump types-jsonschema from 4.17.0.7 to 4.17.0.8. ([\#15716](matrix-org/synapse#15716))
* Bump types-pyopenssl from 23.1.0.2 to 23.2.0.0. ([\#15766](matrix-org/synapse#15766))
* Bump types-requests from 2.31.0.0 to 2.31.0.1. ([\#15715](matrix-org/synapse#15715))

Synapse 1.85.2 (2023-06-08)
===========================

Bugfixes
--------

- Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. ([\#15746](matrix-org/synapse#15746))


Synapse 1.85.1 (2023-06-07)
===========================

Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0.

Bugfixes
--------

- Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. ([\#15738](matrix-org/synapse#15738), [\#15739](matrix-org/synapse#15739))


Synapse 1.85.0 (2023-06-06)
===========================

No significant changes since 1.85.0rc2.


## Security advisory

The following issues are fixed in 1.85.0 (and RCs).

- [GHSA-26c5-ppr8-f33p](GHSA-26c5-ppr8-f33p) / [CVE-2023-32682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32682) — Low Severity

  It may be possible for a deactivated user to login when using uncommon configurations.

- [GHSA-98px-6486-j7qc](GHSA-98px-6486-j7qc) / [CVE-2023-32683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity

  A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs).

See the advisories for more details. If you have any questions, email security@matrix.org.


Synapse 1.85.0rc2 (2023-06-01)
==============================

Bugfixes
--------

- Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. ([\#15693](matrix-org/synapse#15693))


Deprecations and Removals
-------------------------

- Deprecate calling the `/register` endpoint with an unspecced `user` property for application services. ([\#15703](matrix-org/synapse#15703))


Internal Changes
----------------

- Speed up background jobs `populate_full_user_id_user_filters` and `populate_full_user_id_profiles`. ([\#15700](matrix-org/synapse#15700))


Synapse 1.85.0rc1 (2023-05-30)
==============================

Features
--------

- Improve performance of backfill requests by performing backfill of previously failed requests in the background. ([\#15585](matrix-org/synapse#15585))
- Add a new [admin API](https://matrix-org.github.io/synapse/v1.85/usage/administration/admin_api/index.html) to [create a new device for a user](https://matrix-org.github.io/synapse/v1.85/admin_api/user_admin_api.html#create-a-device). ([\#15611](matrix-org/synapse#15611))
- Add Unix socket support for Redis connections. Contributed by Jason Little. ([\#15644](matrix-org/synapse#15644))


Bugfixes
--------

- Fix a long-standing bug where setting the read marker could fail when using message retention. Contributed by Nick @ Beeper (@Fizzadar). ([\#15464](matrix-org/synapse#15464))
- Fix a long-standing bug where the `url_preview_url_blacklist` configuration setting was not applied to oEmbed or image URLs found while previewing a URL. ([\#15601](matrix-org/synapse#15601))
- Fix a long-standing bug where filters with multiple backslashes were rejected. ([\#15607](matrix-org/synapse#15607))
- Fix a bug introduced in Synapse 1.82.0 where the error message displayed when validation of the `app_service_config_files` config option fails would be incorrectly formatted. ([\#15614](matrix-org/synapse#15614))
- Fix a long-standing bug where deactivated users were still able to login using the custom `org.matrix.login.jwt` login type (if enabled). ([\#15624](matrix-org/synapse#15624))
- Fix a long-standing bug where deactivated users were able to login in uncommon situations. ([\#15634](matrix-org/synapse#15634))


Improved Documentation
----------------------

- Warn users that at least 3.75GB of space is needed for the nix Synapse development environment. ([\#15613](matrix-org/synapse#15613))
- Remove outdated comment from the generated and sample homeserver log configs. ([\#15648](matrix-org/synapse#15648))
- Improve contributor docs to make it more clear that Rust is a necessary prerequisite. Contributed by @grantm. ([\#15668](matrix-org/synapse#15668))


Deprecations and Removals
-------------------------

- Remove the old version of the R30 (30-day retained users) phone-home metric. ([\#10428](matrix-org/synapse#10428))


Internal Changes
----------------

- Create dependabot changelogs at release time. ([\#15481](matrix-org/synapse#15481))
- Add not null constraint to column `full_user_id` of tables `profiles` and `user_filters`. ([\#15537](matrix-org/synapse#15537))
- Allow connecting to HTTP Replication Endpoints by using `worker_name` when constructing the request. ([\#15578](matrix-org/synapse#15578))
- Make the `thread_id` column on `event_push_actions`, `event_push_actions_staging`, and `event_push_summary` non-null. ([\#15597](matrix-org/synapse#15597))
- Run mypy type checking with the minimum supported Python version to catch new usage that isn't backwards-compatible. ([\#15602](matrix-org/synapse#15602))
- Fix subscriptable type usage in Python <3.9. ([\#15604](matrix-org/synapse#15604))
- Update internal terminology. ([\#15606](matrix-org/synapse#15606), [\#15620](matrix-org/synapse#15620))
- Instrument `state` and `state_group` storage-related operations to better picture what's happening when tracing. ([\#15610](matrix-org/synapse#15610), [\#15647](matrix-org/synapse#15647))
- Trace how many new events from the backfill response we need to process. ([\#15633](matrix-org/synapse#15633))
- Re-type config paths in `ConfigError`s to be `StrSequence`s instead of `Iterable[str]`s. ([\#15615](matrix-org/synapse#15615))
- Update Mutual Rooms ([MSC2666](matrix-org/matrix-spec-proposals#2666)) implementation to match new proposal text. ([\#15621](matrix-org/synapse#15621))
- Remove the unstable identifiers from faster joins ([MSC3706](matrix-org/matrix-spec-proposals#3706)). ([\#15625](matrix-org/synapse#15625))
- Fix the olddeps CI. ([\#15626](matrix-org/synapse#15626))
- Remove duplicate timestamp from test logs (`_trial_temp/test.log`). ([\#15636](matrix-org/synapse#15636))
- Fix two memory leaks in `trial` test runs. ([\#15630](matrix-org/synapse#15630))
- Limit the size of the `HomeServerConfig` cache in trial test runs. ([\#15646](matrix-org/synapse#15646))
- Improve type hints. ([\#15658](matrix-org/synapse#15658), [\#15659](matrix-org/synapse#15659))
- Add requesting user id parameter to key claim methods in `TransportLayerClient`. ([\#15663](matrix-org/synapse#15663))
- Speed up rebuilding of the user directory for local users. ([\#15665](matrix-org/synapse#15665))
- Implement "option 2" for [MSC3820](matrix-org/matrix-spec-proposals#3820): Room version 11. ([\#15666](matrix-org/synapse#15666), [\#15678](matrix-org/synapse#15678))

### Updates to locked dependencies

* Bump furo from 2023.3.27 to 2023.5.20. ([\#15642](matrix-org/synapse#15642))
* Bump log from 0.4.17 to 0.4.18. ([\#15681](matrix-org/synapse#15681))
* Bump prometheus-client from 0.16.0 to 0.17.0. ([\#15682](matrix-org/synapse#15682))
* Bump pydantic from 1.10.7 to 1.10.8. ([\#15685](matrix-org/synapse#15685))
* Bump pygithub from 1.58.1 to 1.58.2. ([\#15643](matrix-org/synapse#15643))
* Bump requests from 2.28.2 to 2.31.0. ([\#15651](matrix-org/synapse#15651))
* Bump sphinx from 6.1.3 to 6.2.1. ([\#15641](matrix-org/synapse#15641))
* Bump types-bleach from 6.0.0.1 to 6.0.0.3. ([\#15686](matrix-org/synapse#15686))
* Bump types-pillow from 9.5.0.2 to 9.5.0.4. ([\#15640](matrix-org/synapse#15640))
* Bump types-pyyaml from 6.0.12.9 to 6.0.12.10. ([\#15683](matrix-org/synapse#15683))
* Bump types-requests from 2.30.0.0 to 2.31.0.0. ([\#15684](matrix-org/synapse#15684))
* Bump types-setuptools from 67.7.0.2 to 67.8.0.0. ([\#15639](matrix-org/synapse#15639))

Synapse 1.84.1 (2023-05-26)
===========================

This patch release fixes a major issue with homeservers that do not have an `instance_map` defined but which do use workers.
If you have already upgraded to Synapse 1.84.0 and your homeserver is working normally, then there is no need to update to this patch release.


Bugfixes
--------

- Fix a bug introduced in Synapse v1.84.0 where workers do not start up when no `instance_map` was provided. ([\#15672](matrix-org/synapse#15672))


Internal Changes
----------------

- Add `dch` and `notify-send` to the development Nix flake so that the release script can be used. ([\#15673](matrix-org/synapse#15673))


Synapse 1.84.0 (2023-05-23)
===========================

The `worker_replication_*` configuration settings have been deprecated in favour of configuring the main process consistently with other instances in the `instance_map`. The deprecated settings will be removed in Synapse v1.88.0, but changing your configuration in advance is recommended. See the [upgrade notes](https://github.com/matrix-org/synapse/blob/release-v1.84/docs/upgrade.md#upgrading-to-v1840) for more information.

Bugfixes
--------

- Fix a bug introduced in Synapse 1.84.0rc1 where errors during startup were not reported correctly on Python < 3.10. ([\#15599](matrix-org/synapse#15599))


Synapse 1.84.0rc1 (2023-05-16)
==============================

Features
--------

- Add an option to prevent media downloads from configured domains. ([\#15197](matrix-org/synapse#15197))
- Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them. ([\#15224](matrix-org/synapse#15224))
- Add redis TLS configuration options. ([\#15312](matrix-org/synapse#15312))
- Add a config option to delay push notifications by a random amount, to discourage time-based profiling. ([\#15516](matrix-org/synapse#15516))
- Stabilize support for [MSC2659](matrix-org/matrix-spec-proposals#2659): application service ping endpoint. Contributed by Tulir @ Beeper. ([\#15528](matrix-org/synapse#15528))
- Implement [MSC4009](matrix-org/matrix-spec-proposals#4009) to expand the supported characters in Matrix IDs. ([\#15536](matrix-org/synapse#15536))
- Advertise support for Matrix 1.6 on `/_matrix/client/versions`. ([\#15559](matrix-org/synapse#15559))
- Print full error and stack-trace of any exception that occurs during startup/initialization. ([\#15569](matrix-org/synapse#15569))


Bugfixes
--------

- Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu. ([\#15523](matrix-org/synapse#15523))
- Experimental support for [MSC4010](matrix-org/matrix-spec-proposals#4010) which rejects setting the `"m.push_rules"` via account data. ([\#15554](matrix-org/synapse#15554), [\#15555](matrix-org/synapse#15555))
- Fix a long-standing bug where an invalid membership event could cause an internal server error. ([\#15564](matrix-org/synapse#15564))
- Require at least poetry-core v1.1.0. ([\#15566](matrix-org/synapse#15566), [\#15571](matrix-org/synapse#15571))


Deprecations and Removals
-------------------------

- Remove need for `worker_replication_*` based settings in worker configuration yaml by placing this data directly on the `instance_map` instead. ([\#15491](matrix-org/synapse#15491))


Updates to the Docker image
---------------------------

- Add pkg-config package to Stage 0 to be able to build Dockerfile on ppc64le architecture. ([\#15567](matrix-org/synapse#15567))


Improved Documentation
----------------------

- Clarify documentation of the "Create or modify account" Admin API. ([\#15544](matrix-org/synapse#15544))
- Fix path to the `statistics/database/rooms` admin API in documentation. ([\#15560](matrix-org/synapse#15560))
- Update and improve Mastodon Single Sign-On documentation. ([\#15587](matrix-org/synapse#15587))


Internal Changes
----------------

- Use oEmbed to generate URL previews for YouTube Shorts. ([\#15025](matrix-org/synapse#15025))
- Create new `Client` for use with HTTP Replication between workers. Contributed by Jason Little. ([\#15470](matrix-org/synapse#15470))
- Bump pyicu from 2.10.2 to 2.11. ([\#15509](matrix-org/synapse#15509))
- Remove references to supporting per-user flag for [MSC2654](matrix-org/matrix-spec-proposals#2654). ([\#15522](matrix-org/synapse#15522))
- Don't use a trusted key server when running the demo scripts. ([\#15527](matrix-org/synapse#15527))
- Speed up rebuilding of the user directory for local users. ([\#15529](matrix-org/synapse#15529))
- Speed up deleting of old rows in `event_push_actions`. ([\#15531](matrix-org/synapse#15531))
- Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment. ([\#15532](matrix-org/synapse#15532), [\#15533](matrix-org/synapse#15533), [\#15545](matrix-org/synapse#15545))
- Implement [MSC3987](matrix-org/matrix-spec-proposals#3987) by removing `"dont_notify"` from the list of actions in default push rules. ([\#15534](matrix-org/synapse#15534))
- Move various module API callback registration methods to a dedicated class. ([\#15535](matrix-org/synapse#15535))
- Proxy `/user/devices` federation queries to application services for [MSC3984](matrix-org/matrix-spec-proposals#3984). ([\#15539](matrix-org/synapse#15539))
- Factor out an `is_mine_server_name` method. ([\#15542](matrix-org/synapse#15542))
- Allow running Complement tests using [podman](https://podman.io/) by adding a `PODMAN` environment variable to `scripts-dev/complement.sh`. ([\#15543](matrix-org/synapse#15543))
- Bump serde from 1.0.160 to 1.0.162. ([\#15548](matrix-org/synapse#15548))
- Bump types-setuptools from 67.6.0.5 to 67.7.0.1. ([\#15549](matrix-org/synapse#15549))
- Bump sentry-sdk from 1.19.1 to 1.22.1. ([\#15550](matrix-org/synapse#15550))
- Bump ruff from 0.0.259 to 0.0.265. ([\#15551](matrix-org/synapse#15551))
- Bump hiredis from 2.2.2 to 2.2.3. ([\#15552](matrix-org/synapse#15552))
- Bump types-requests from 2.29.0.0 to 2.30.0.0. ([\#15553](matrix-org/synapse#15553))
- Add `org.matrix.msc3981` info to `/_matrix/client/versions`. ([\#15558](matrix-org/synapse#15558))
- Declare unstable support for [MSC3391](matrix-org/matrix-spec-proposals#3391) under `/_matrix/client/versions` if the experimental implementation is enabled. ([\#15562](matrix-org/synapse#15562))
- Implement [MSC3821](matrix-org/matrix-spec-proposals#3821) to update the redaction rules. ([\#15563](matrix-org/synapse#15563))
- Implement updated redaction rules from [MSC3389](matrix-org/matrix-spec-proposals#3389). ([\#15565](matrix-org/synapse#15565))
- Allow `pip install` to use setuptools_rust 1.6.0 when building Synapse. ([\#15570](matrix-org/synapse#15570))
- Deal with upcoming Github Actions deprecations. ([\#15576](matrix-org/synapse#15576))
- Export `run_as_background_process` from the module API. ([\#15577](matrix-org/synapse#15577))
- Update build system requirements to allow building with poetry-core==1.6.0. ([\#15588](matrix-org/synapse#15588))
- Bump serde from 1.0.162 to 1.0.163. ([\#15589](matrix-org/synapse#15589))
- Bump phonenumbers from 8.13.7 to 8.13.11. ([\#15590](matrix-org/synapse#15590))
- Bump types-psycopg2 from 2.9.21.9 to 2.9.21.10. ([\#15591](matrix-org/synapse#15591))
- Bump types-commonmark from 0.9.2.2 to 0.9.2.3. ([\#15592](matrix-org/synapse#15592))
- Bump types-setuptools from 67.7.0.1 to 67.7.0.2. ([\#15594](matrix-org/synapse#15594))


Synapse 1.83.0 (2023-05-09)
===========================

No significant changes since 1.83.0rc1.


Synapse 1.83.0rc1 (2023-05-02)
==============================

Features
--------

- Experimental support to recursively provide relations per [MSC3981](matrix-org/matrix-spec-proposals#3981). ([\#15315](matrix-org/synapse#15315))
- Experimental support for [MSC3970](matrix-org/matrix-spec-proposals#3970): Scope transaction IDs to devices. ([\#15318](matrix-org/synapse#15318))
- Add an [admin API endpoint](https://matrix-org.github.io/synapse/v1.83/admin_api/experimental_features.html) to support per-user feature flags. ([\#15344](matrix-org/synapse#15344))
- Add a module API to send an HTTP push notification. ([\#15387](matrix-org/synapse#15387))
- Add an [admin API endpoint](https://matrix-org.github.io/synapse/v1.83/admin_api/statistics.html#get-largest-rooms-by-size-in-database) to query the largest rooms by disk space used in the database. ([\#15482](matrix-org/synapse#15482))


Bugfixes
--------

- Disable push rule evaluation for rooms excluded from sync. ([\#15361](matrix-org/synapse#15361))
- Fix a long-standing bug where cached server key results which were directly fetched would not be properly re-used. ([\#15417](matrix-org/synapse#15417))
- Fix a bug introduced in Synapse 1.73.0 where some experimental push rules were returned by default. ([\#15494](matrix-org/synapse#15494))


Improved Documentation
----------------------

- Add Nginx loadbalancing example with sticky mxid for workers. ([\#15411](matrix-org/synapse#15411))
- Update outdated development docs that mention restrictions in versions of SQLite that we no longer support. ([\#15498](matrix-org/synapse#15498))


Internal Changes
----------------

- Speedup tests by caching HomeServerConfig instances. ([\#15284](matrix-org/synapse#15284))
- Add denormalised event stream ordering column to membership state tables for future use. Contributed by Nick @ Beeper (@Fizzadar). ([\#15356](matrix-org/synapse#15356))
- Always use multi-user device resync replication endpoints. ([\#15418](matrix-org/synapse#15418))
- Add column `full_user_id` to tables `profiles` and `user_filters`. ([\#15458](matrix-org/synapse#15458))
- Update support for [MSC3983](matrix-org/matrix-spec-proposals#3983) to allow always returning fallback-keys in a `/keys/claim` request. ([\#15462](matrix-org/synapse#15462))
- Improve type hints. ([\#15465](matrix-org/synapse#15465), [\#15496](matrix-org/synapse#15496), [\#15497](matrix-org/synapse#15497))
- Support claiming more than one OTK at a time. ([\#15468](matrix-org/synapse#15468))
- Bump types-pyyaml from 6.0.12.8 to 6.0.12.9. ([\#15471](matrix-org/synapse#15471))
- Bump pyasn1-modules from 0.2.8 to 0.3.0. ([\#15473](matrix-org/synapse#15473))
- Bump cryptography from 40.0.1 to 40.0.2. ([\#15474](matrix-org/synapse#15474))
- Bump types-netaddr from 0.8.0.7 to 0.8.0.8. ([\#15475](matrix-org/synapse#15475))
- Bump types-jsonschema from 4.17.0.6 to 4.17.0.7. ([\#15476](matrix-org/synapse#15476))
- Ask bug reporters to provide logs as text. ([\#15479](matrix-org/synapse#15479))
- Add a Nix flake for use as a development environment. ([\#15495](matrix-org/synapse#15495))
- Bump anyhow from 1.0.70 to 1.0.71. ([\#15507](matrix-org/synapse#15507))
- Bump types-pillow from 9.4.0.19 to 9.5.0.2. ([\#15508](matrix-org/synapse#15508))
- Bump packaging from 23.0 to 23.1. ([\#15510](matrix-org/synapse#15510))
- Bump types-requests from 2.28.11.16 to 2.29.0.0. ([\#15511](matrix-org/synapse#15511))
- Bump setuptools-rust from 1.5.2 to 1.6.0. ([\#15512](matrix-org/synapse#15512))
- Update the check_schema_delta script to account for when the schema version has been bumped locally. ([\#15466](matrix-org/synapse#15466))


Synapse 1.82.0 (2023-04-25)
===========================

No significant changes since 1.82.0rc1.


Synapse 1.82.0rc1 (2023-04-18)
==============================

Features
--------

- Allow loading the `/directory/room/{roomAlias}` endpoint on workers. ([\#15333](matrix-org/synapse#15333))
- Add some validation to `instance_map` configuration loading. ([\#15431](matrix-org/synapse#15431))
- Allow loading the `/capabilities` endpoint on workers. ([\#15436](matrix-org/synapse#15436))


Bugfixes
--------

- Delete server-side backup keys when deactivating an account. ([\#15181](matrix-org/synapse#15181))
- Fix and document untold assumption that `on_logged_out` module hooks will be called before the deletion of pushers. ([\#15410](matrix-org/synapse#15410))
- Improve robustness when handling a perspective key response by deduplicating received server keys. ([\#15423](matrix-org/synapse#15423))
- Synapse now correctly fails to start if the config option `app_service_config_files` is not a list. ([\#15425](matrix-org/synapse#15425))
- Disable loading `RefreshTokenServlet` (`/_matrix/client/(r0|v3|unstable)/refresh`) on workers. ([\#15428](matrix-org/synapse#15428))


Improved Documentation
----------------------

- Note that the `delete_stale_devices_after` background job always runs on the main process. ([\#15452](matrix-org/synapse#15452))


Deprecations and Removals
-------------------------

- Remove the broken, unspecced registration fallback. Note that the *login* fallback is unaffected by this change. ([\#15405](matrix-org/synapse#15405))


Internal Changes
----------------

- Bump black from 23.1.0 to 23.3.0. ([\#15372](matrix-org/synapse#15372))
- Bump pyopenssl from 23.1.0 to 23.1.1. ([\#15373](matrix-org/synapse#15373))
- Bump types-psycopg2 from 2.9.21.8 to 2.9.21.9. ([\#15374](matrix-org/synapse#15374))
- Bump types-netaddr from 0.8.0.6 to 0.8.0.7. ([\#15375](matrix-org/synapse#15375))
- Bump types-opentracing from 2.4.10.3 to 2.4.10.4. ([\#15376](matrix-org/synapse#15376))
- Bump dawidd6/action-download-artifact from 2.26.0 to 2.26.1. ([\#15404](matrix-org/synapse#15404))
- Bump parameterized from 0.8.1 to 0.9.0. ([\#15412](matrix-org/synapse#15412))
- Bump types-pillow from 9.4.0.17 to 9.4.0.19. ([\#15413](matrix-org/synapse#15413))
- Bump sentry-sdk from 1.17.0 to 1.19.1. ([\#15414](matrix-org/synapse#15414))
- Bump immutabledict from 2.2.3 to 2.2.4. ([\#15415](matrix-org/synapse#15415))
- Bump dawidd6/action-download-artifact from 2.26.1 to 2.27.0. ([\#15441](matrix-org/synapse#15441))
- Bump serde_json from 1.0.95 to 1.0.96. ([\#15442](matrix-org/synapse#15442))
- Bump serde from 1.0.159 to 1.0.160. ([\#15443](matrix-org/synapse#15443))
- Bump pillow from 9.4.0 to 9.5.0. ([\#15444](matrix-org/synapse#15444))
- Bump furo from 2023.3.23 to 2023.3.27. ([\#15445](matrix-org/synapse#15445))
- Bump types-pyopenssl from 23.1.0.0 to 23.1.0.2. ([\#15446](matrix-org/synapse#15446))
- Bump mypy from 1.0.0 to 1.0.1. ([\#15447](matrix-org/synapse#15447))
- Bump psycopg2 from 2.9.5 to 2.9.6. ([\#15448](matrix-org/synapse#15448))
- Improve DB performance of clearing out old data from `stream_ordering_to_exterm`. ([\#15382](matrix-org/synapse#15382), [\#15429](matrix-org/synapse#15429))
- Implement [MSC3989](matrix-org/matrix-spec-proposals#3989) redaction algorithm. ([\#15393](matrix-org/synapse#15393))
- Implement [MSC2175](matrix-org/matrix-spec-proposals#2175) to stop adding `creator` to create events. ([\#15394](matrix-org/synapse#15394))
- Implement [MSC2174](matrix-org/matrix-spec-proposals#2174) to move the `redacts` key to a `content` property. ([\#15395](matrix-org/synapse#15395))
- Trust dtonlay/rust-toolchain in CI. ([\#15406](matrix-org/synapse#15406))
- Explicitly install Synapse during typechecking in CI. ([\#15409](matrix-org/synapse#15409))
- Only load the SSO redirect servlet if SSO is enabled. ([\#15421](matrix-org/synapse#15421))
- Refactor `SimpleHttpClient` to pull out a base class. ([\#15427](matrix-org/synapse#15427))
- Improve type hints. ([\#15432](matrix-org/synapse#15432))
- Convert async to normal tests in `TestSSOHandler`. ([\#15433](matrix-org/synapse#15433))
- Speed up the user directory background update. ([\#15435](matrix-org/synapse#15435))
- Disable directory listing for static resources in `/_matrix/static/`. ([\#15438](matrix-org/synapse#15438))
- Move various module API callback registration methods to a dedicated class. ([\#15453](matrix-org/synapse#15453))


Synapse 1.81.0 (2023-04-11)
===========================

Synapse now attempts the versioned appservice paths before falling back to the
[legacy paths](https://spec.matrix.org/v1.6/application-service-api/#legacy-routes).
Usage of the legacy routes should be considered deprecated.

Additionally, Synapse has supported sending the application service access token
via [the `Authorization` header](https://spec.matrix.org/v1.6/application-service-api/#authorization)
since v1.70.0. For backwards compatibility it is *also* sent as the `access_token`
query parameter. This is insecure and should be considered deprecated.

A future version of Synapse (v1.88.0 or later) will remove support for legacy
application service routes and query parameter authorization.


No significant changes since 1.81.0rc2.


Synapse 1.81.0rc2 (2023-04-06)
==============================

Bugfixes
--------

- Fix the `set_device_id_for_pushers_txn` background update crash. ([\#15391](matrix-org/synapse#15391))


Internal Changes
----------------

- Update CI to run complement under the latest stable go version. ([\#15403](matrix-org/synapse#15403))


Synapse 1.81.0rc1 (2023-04-04)
==============================

Features
--------

- Add the ability to enable/disable registrations when in the OIDC flow. ([\#14978](matrix-org/synapse#14978))
- Add a primitive helper script for listing worker endpoints. ([\#15243](matrix-org/synapse#15243))
- Experimental support for passing One Time Key and device key requests to application services ([MSC3983](matrix-org/matrix-spec-proposals#3983) and [MSC3984](matrix-org/matrix-spec-proposals#3984)). ([\#15314](matrix-org/synapse#15314), [\#15321](matrix-org/synapse#15321))
- Allow loading `/password_policy` endpoint on workers. ([\#15331](matrix-org/synapse#15331))
- Add experimental support for Unix sockets. Contributed by Jason Little. ([\#15353](matrix-org/synapse#15353))
- Build Debian packages for Ubuntu 23.04 (Lunar Lobster). ([\#15381](matrix-org/synapse#15381))


Bugfixes
--------

- Fix a long-standing bug where edits of non-`m.room.message` events would not be correctly bundled. ([\#15295](matrix-org/synapse#15295))
- Fix a bug introduced in Synapse v1.55.0 which could delay remote homeservers being able to decrypt encrypted messages sent by local users. ([\#15297](matrix-org/synapse#15297))
- Add a check to [SQLite port_db script](https://matrix-org.github.io/synapse/latest/postgres.html#porting-from-sqlite)
  to ensure that the sqlite database passed to the script exists before trying to port from it. ([\#15306](matrix-org/synapse#15306))
- Fix a bug introduced in Synapse 1.76.0 where responses from worker deployments could include an internal `_INT_STREAM_POS` key. ([\#15309](matrix-org/synapse#15309))
- Fix a long-standing bug that Synpase only used the [legacy appservice routes](https://spec.matrix.org/v1.6/application-service-api/#legacy-routes). ([\#15317](matrix-org/synapse#15317))
- Fix a long-standing bug preventing users from rejoining rooms after being banned and unbanned over federation. Contributed by Nico. ([\#15323](matrix-org/synapse#15323))
- Fix bug in worker mode where on a rolling restart of workers the "typing" worker would consume 100% CPU until it got restarted. ([\#15332](matrix-org/synapse#15332))
- Fix a long-standing bug where some to_device messages could be dropped when using workers. ([\#15349](matrix-org/synapse#15349))
- Fix a bug introduced in Synapse 1.70.0 where the background sync from a faster join could spin for hours when one of the events involved had been marked for backoff. ([\#15351](matrix-org/synapse#15351))
- Fix missing app variable in mail subject for password resets. Contributed by Cyberes. ([\#15352](matrix-org/synapse#15352))
- Fix a rare bug introduced in Synapse 1.66.0 where initial syncs would fail when the user had been kicked from a faster joined room that had not finished syncing. ([\#15383](matrix-org/synapse#15383))


Improved Documentation
----------------------

- Fix a typo in login requests ratelimit defaults. ([\#15341](matrix-org/synapse#15341))
- Add some clarification to the doc/comments regarding TCP replication. ([\#15354](matrix-org/synapse#15354))
- Note that Synapse 1.74 queued a rebuild of the user directory tables. ([\#15386](matrix-org/synapse#15386))


Internal Changes
----------------

- Use `immutabledict` instead of `frozendict`. ([\#15113](matrix-org/synapse#15113))
- Add developer documentation for the Federation Sender and add a documentation mechanism using Sphinx. ([\#15265](matrix-org/synapse#15265), [\#15336](matrix-org/synapse#15336))
- Make the pushers rely on the `device_id` instead of the `access_token_id` for various operations. ([\#15280](matrix-org/synapse#15280))
- Bump sentry-sdk from 1.15.0 to 1.17.0. ([\#15285](matrix-org/synapse#15285))
- Allow running the Twisted trunk job against other branches. ([\#15302](matrix-org/synapse#15302))
- Remind the releaser to ask for changelog feedback in [#synapse-dev](https://matrix.to/#/#synapse-dev:matrix.org). ([\#15303](matrix-org/synapse#15303))
- Bump dtolnay/rust-toolchain from e12eda571dc9a5ee5d58eecf4738ec291c66f295 to fc3253060d0c959bea12a59f10f8391454a0b02d. ([\#15304](matrix-org/synapse#15304))
- Reject events with an invalid "mentions" property per [MSC3952](matrix-org/matrix-spec-proposals#3952). ([\#15311](matrix-org/synapse#15311))
- As an optimisation, use `TRUNCATE` on Postgres when clearing the user directory tables. ([\#15316](matrix-org/synapse#15316))
- Fix `.gitignore` rule for the Complement source tarball downloaded automatically by `complement.sh`. ([\#15319](matrix-org/synapse#15319))
- Bump serde from 1.0.157 to 1.0.158. ([\#15324](matrix-org/synapse#15324))
- Bump regex from 1.7.1 to 1.7.3. ([\#15325](matrix-org/synapse#15325))
- Bump types-pyopenssl from 23.0.0.4 to 23.1.0.0. ([\#15326](matrix-org/synapse#15326))
- Bump furo from 2022.12.7 to 2023.3.23. ([\#15327](matrix-org/synapse#15327))
- Bump ruff from 0.0.252 to 0.0.259. ([\#15328](matrix-org/synapse#15328))
- Bump cryptography from 40.0.0 to 40.0.1. ([\#15329](matrix-org/synapse#15329))
- Bump mypy-zope from 0.9.0 to 0.9.1. ([\#15330](matrix-org/synapse#15330))
- Speed up unit tests when using SQLite3. ([\#15334](matrix-org/synapse#15334))
- Speed up pydantic CI job. ([\#15339](matrix-org/synapse#15339))
- Speed up sample config CI job. ([\#15340](matrix-org/synapse#15340))
- Fix copyright year in SSO footer template. ([\#15358](matrix-org/synapse#15358))
- Bump peaceiris/actions-gh-pages from 3.9.2 to 3.9.3. ([\#15369](matrix-org/synapse#15369))
- Bump serde from 1.0.158 to 1.0.159. ([\#15370](matrix-org/synapse#15370))
- Bump serde_json from 1.0.94 to 1.0.95. ([\#15371](matrix-org/synapse#15371))
- Speed up membership queries for users with forgotten rooms. ([\#15385](matrix-org/synapse#15385))
DMRobertson pushed a commit to matrix-org/synapse that referenced this pull request Sep 5, 2023
- Add configuration setting for CAS protocol version. Contributed by Aurélien Grimpard. ([\#15816](#15816))
- Suppress notifications from message edits per [MSC3958](matrix-org/matrix-spec-proposals#3958). ([\#16113](#16113))
- Return a `Retry-After` with `M_LIMIT_EXCEEDED` error responses. ([\#16136](#16136))
- Add `last_seen_ts` to the [admin users API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\#16218](#16218))
- Improve resource usage when sending data to a large number of remote hosts that are marked as "down". ([\#16223](#16223))

- Fix IPv6-related bugs on SMTP settings, adding groundwork to fix similar issues. Contributed by @evilham and @telmich (ungleich.ch). ([\#16155](#16155))
- Fix a spec compliance issue where requests to the `/publicRooms` federation API would specify `include_all_networks` as a string. ([\#16185](#16185))
- Fix inaccurate error message while attempting to ban or unban a user with the same or higher PL by spliting the conditional statements. Contributed by @leviosacz. ([\#16205](#16205))
- Fix a rare bug that broke looping calls, which could lead to e.g. linearly increasing memory usage. Introduced in v1.90.0. ([\#16210](#16210))
- Fix a long-standing bug where uploading images would fail if we could not generate thumbnails for them. ([\#16211](#16211))
- Fix a long-standing bug where we did not correctly back off from servers that had "gone" if they returned 4xx series error codes. ([\#16221](#16221))

- Update links to the [matrix.org blog](https://matrix.org/blog/). ([\#16008](#16008))
- Document which [admin APIs](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) are disabled when experimental [MSC3861](matrix-org/matrix-spec-proposals#3861) support is enabled. ([\#16168](#16168))
- Document [`exclude_rooms_from_sync`](https://matrix-org.github.io/synapse/v1.92/usage/configuration/config_documentation.html#exclude_rooms_from_sync) configuration option. ([\#16178](#16178))

- Prepare unit tests for Python 3.12. ([\#16099](#16099))
- Fix nightly CI jobs. ([\#16121](#16121), [\#16213](#16213))
- Describe which rate limiter was hit in logs. ([\#16135](#16135))
- Simplify presence code when using workers. ([\#16170](#16170))
- Track per-device information in the presence code. ([\#16171](#16171), [\#16172](#16172))
- Stop using the `event_txn_id` table. ([\#16175](#16175))
- Use `AsyncMock` instead of custom code. ([\#16179](#16179), [\#16180](#16180))
- Improve error reporting of invalid data passed to `/_matrix/key/v2/query`. ([\#16183](#16183))
- Task scheduler: add replication notify for new task to launch ASAP. ([\#16184](#16184))
- Improve type hints. ([\#16186](#16186), [\#16188](#16188), [\#16201](#16201))
- Bump black version to 23.7.0. ([\#16187](#16187))
- Log the details of background update failures. ([\#16212](#16212))
- Cache device resync requests over replication. ([\#16241](#16241))

* Bump anyhow from 1.0.72 to 1.0.75. ([\#16141](#16141))
* Bump furo from 2023.7.26 to 2023.8.19. ([\#16238](#16238))
* Bump phonenumbers from 8.13.18 to 8.13.19. ([\#16237](#16237))
* Bump psycopg2 from 2.9.6 to 2.9.7. ([\#16196](#16196))
* Bump regex from 1.9.3 to 1.9.4. ([\#16195](#16195))
* Bump ruff from 0.0.277 to 0.0.286. ([\#16198](#16198))
* Bump sentry-sdk from 1.29.2 to 1.30.0. ([\#16236](#16236))
* Bump serde from 1.0.184 to 1.0.188. ([\#16194](#16194))
* Bump serde_json from 1.0.104 to 1.0.105. ([\#16140](#16140))
* Bump types-psycopg2 from 2.9.21.10 to 2.9.21.11. ([\#16200](#16200))
* Bump types-pyyaml from 6.0.12.10 to 6.0.12.11. ([\#16199](#16199))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Sep 8, 2023
# Synapse 1.91.2 (2023-09-06)

### Bugfixes

- Revert [MSC3861](matrix-org/matrix-spec-proposals#3861) introspection cache, admin impersonation and account lock. ([\#16258](matrix-org/synapse#16258))


# Synapse 1.91.1 (2023-09-04)

### Bugfixes

- Fix a performance regression introduced in Synapse 1.91.0 where event persistence would cause an excessive linear growth in CPU usage. ([\#16220](matrix-org/synapse#16220))
Fizzadar added a commit to beeper/synapse-legacy-fork that referenced this pull request Sep 18, 2023
- Revert [MSC3861](matrix-org/matrix-spec-proposals#3861) introspection cache, admin impersonation and account lock. ([\matrix-org#16258](matrix-org#16258))

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEF3tZXk38tRDFVnUIM/xY9qcRMEgFAmT4oZsACgkQM/xY9qcR
# MEhqCQ//WPvR3BMlw73hJZIcJXx+57PpgjBteq6xoiY1V6iB3mE9OlMMByGFlo/G
# 36mrQuwNWQvJ+3Dza82oMi3cyicPxVzDlyLBW76lc03eMmHV1shDee+XU+GzdLOF
# qCn1HQPo9CWLATZlBZyHMayzMGrwQ3bpNLtvszfAsoKX3Q7Ryh/0r+JOv7PbzHtp
# EV0hIdkyxCHnZKhcsvrtNE/XUkhk2Om6sIfyhMRDbIxVhFwtn6EihO5KItIEeO/z
# oriQep3Od97xBm457zIVODJ+Aav7d5jc9cOtiD4L4z3f6BtnmtEhw+sBCTDMfGPJ
# X3+vd/ngWU2zzmudXbKkH4DQWIAgQqoo8zaN0VlHuHG+6ZgVv0RwY980RjnepnJ/
# fjaOo674K/a0mWzgDdmpoAg4KbKxsDU4otgu5DrPVTgjbdlF63fdtc99NAY8RbA8
# WUM4vfzhZEnz951IWkZ2DWMW1F5s6Waoc8K633DZ1B6DUKi3K13XKd5MRRQp2xQ5
# e+TEpjD2kBefXRyyTgD4kh53LymglZUEN3VeRXyK+JYFgL/lVYzf+hezGNxHjYLd
# maXlTLBXfYoPqmVdZJQoZsNDS9nH179bfhFdHXi1Mx1j+9Zvdtqpu66arJTh/0DE
# qXXEMlYiYUXjaadHJ1T0bxk+TrtQS6Ay1c2ARu3c1OCeqbJPR9E=
# =9XJw
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed Sep  6 16:58:19 2023 BST
# gpg:                using RSA key 177B595E4DFCB510C556750833FC58F6A7113048
# gpg: key 33FC58F6A7113048: public key "Patrick Cloke <patrickc@matrix.org>" imported
# gpg: Total number processed: 1
# gpg:               imported: 1
# gpg: Good signature from "Patrick Cloke <patrickc@matrix.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 177B 595E 4DFC B510 C556  7508 33FC 58F6 A711 3048

# Conflicts:
#	.github/workflows/twisted_trunk.yml
#	synapse/app/generic_worker.py
#	synapse/storage/databases/main/__init__.py
@@ -0,0 +1,132 @@
# MSC3861: Matrix architecture change to delegate authentication via OIDC
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be unable to find the right line in this huge amount of MSCs, but how does this new system translate users to mxids for events There needs to be some mapping right?

@tranquillity-codes
Copy link

Do I understand right that should this be merged into the spec, every client would have to support viewing or opening arbitrary websites with possibly complex CSS and JavaScript, making implementing a Matrix client essentially impossible on lightweight operating systems that lack support by any major web browser?

@programmerjake
Copy link

Do I understand right that should this be merged into the spec, every client would have to support viewing or opening arbitrary websites with possibly complex CSS and JavaScript, making implementing a Matrix client essentially impossible on lightweight operating systems that lack support by any major web browser?

maybe there's a way to use QR codes to transfer the necessary data so you can authenticate on some other system that supports web browsers

yingziwu added a commit to yingziwu/synapse that referenced this pull request May 15, 2024