Enable login_via_existing_session by default #15719
base: develop
Are you sure you want to change the base?
Conversation
ba0cdc5
to
66def71
Compare
66def71
to
327555d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if this PR wanted review; it's a draft but it's also in the queue.
@@ -0,0 +1 @@ | |||
Enabled login_via_existing_session by default. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would probably promote this to feature
and write out in words what this allows, so that it's more noticeable (I expect some admins may want to turn this off, so best not hide it in misc
which should not generally contain user-noticeable changes).
To protect against malicious clients abusing this capability, user-interactive authentication | ||
is required unless the `require_ui_auth` sub-option is set to `False`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be missing rationale for why this feature would be useful if you have to authenticate anyway — why don't you 'just authenticate on the device where you're logging in'?
I can imagine some reasons but it might be nice to give a brief summary here.
@hughns Should we put this into the review queue? |
Following discussion in #15388 (review) this PR enables the login_via_existing_session capability from MSC3882 by default.
As UIA is required by default and there is a rate limit of 1 request per minute on the new endpoint, I believe this qualifies as "secure by default".
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.(run the linters)