This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Implementation of MSC2918 refresh tokens makes transaction ID scoping in violation of spec #15141
Labels
A-Spec-Compliance
places where synapse does not conform to the spec
O-Uncommon
Most users are unlikely to come across this or unexpected workflow
S-Tolerable
Minor significance, cosmetic issues, low or no impact to users.
T-Defect
Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
Comments
reivilibre
added
A-Spec-Compliance
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
MSC2918 proposed the introduction of refresh tokens to Matrix. The proposal was accepted and incorporated into v1.3 of the spec.
The non-compliance can now be demonstrated by means of a Complement test.
#13064 already exists to propose changing the implementation of transaction ID scoping in Synapse to be based on device ID not access token. However, this is also in violation of the spec.
I have created this issue so that it can be a placeholder for making Synapse spec compliant when refresh tokens are used.
However, I don't believe this is a priority right now as refresh tokens are not known to be widely used.
The text was updated successfully, but these errors were encountered: