MSC2918: Refresh tokens#2918
Merged
turt2live merged 22 commits intomatrix-org:old_masterfrom Sep 28, 2021
Merged
Conversation
clokep
reviewed
Dec 18, 2020
turt2live
added
kind:feature
turt2live
changed the title
This was referenced Feb 19, 2021
richvdh
reviewed
May 4, 2021
Member
Author
|
Just pushed two changes:
|
richvdh
reviewed
Jun 2, 2021
sandhose
commented
Jun 3, 2021
Member
Author
sandhose
left a comment
sandhose
left a comment
There was a problem hiding this comment.
A few recent changes:
- d433e3b specify what error code should be used related to this)
- b320001 suggest what to do with refresh token revocation on use (this is what is implemented in Synapse)
- 87566c3 clarify that it also applies to ASes
turt2live
added
the
needs-implementation
sandhose
commented
Jun 17, 2021
Member
Author
sandhose
left a comment
sandhose
left a comment
There was a problem hiding this comment.
I'm pretty confortable with the current state of the MSC. The implementation in Synapse is pretty much done and working (matrix-org/synapse#9450) and in a working state in Hydrogen (element-hq/hydrogen-web#235).
richvdh
removed
the
needs-implementation
richvdh
reviewed
Jun 30, 2021
Member
|
this looks good to me. @mscbot fcp merge |
turt2live
added
spec-pr-missing
Fizzadar
pushed a commit
to Fizzadar/synapse
that referenced
this pull request
Oct 26, 2021
Synapse 1.38.0 (2021-07-13) =========================== This release includes a database schema update which could result in elevated disk usage. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1380) for more information. No significant changes since 1.38.0rc3. Synapse 1.38.0rc3 (2021-07-13) ============================== Internal Changes ---------------- - Build the Debian packages in CI. ([\matrix-org#10247](matrix-org#10247), [\matrix-org#10379](matrix-org#10379)) Synapse 1.38.0rc2 (2021-07-09) ============================== Bugfixes -------- - Fix bug where inbound federation in a room could be delayed due to not correctly dropping a lock. Introduced in v1.37.1. ([\matrix-org#10336](matrix-org#10336)) Improved Documentation ---------------------- - Update links to documentation in the sample config. Contributed by @dklimpel. ([\matrix-org#10287](matrix-org#10287)) - Fix broken links in [INSTALL.md](INSTALL.md). Contributed by @dklimpel. ([\matrix-org#10331](matrix-org#10331)) Synapse 1.38.0rc1 (2021-07-06) ============================== Features -------- - Implement refresh tokens as specified by [MSC2918](matrix-org/matrix-spec-proposals#2918). ([\matrix-org#9450](matrix-org#9450)) - Add support for evicting cache entries based on last access time. ([\matrix-org#10205](matrix-org#10205)) - Omit empty fields from the `/sync` response. Contributed by @deepbluev7. ([\matrix-org#10214](matrix-org#10214)) - Improve validation on federation `send_{join,leave,knock}` endpoints. ([\matrix-org#10225](matrix-org#10225), [\matrix-org#10243](matrix-org#10243)) - Add SSO `external_ids` to the Query User Account admin API. ([\matrix-org#10261](matrix-org#10261)) - Mark events received over federation which fail a spam check as "soft-failed". ([\matrix-org#10263](matrix-org#10263)) - Add metrics for new inbound federation staging area. ([\matrix-org#10284](matrix-org#10284)) - Add script to print information about recently registered users. ([\matrix-org#10290](matrix-org#10290)) Bugfixes -------- - Fix a long-standing bug which meant that invite rejections and knocks were not sent out over federation in a timely manner. ([\matrix-org#10223](matrix-org#10223)) - Fix a bug introduced in v1.26.0 where only users who have set profile information could be deactivated with erasure enabled. ([\matrix-org#10252](matrix-org#10252)) - Fix a long-standing bug where Synapse would return errors after 2<sup>31</sup> events were handled by the server. ([\matrix-org#10264](matrix-org#10264), [\matrix-org#10267](matrix-org#10267), [\matrix-org#10282](matrix-org#10282), [\matrix-org#10286](matrix-org#10286), [\matrix-org#10291](matrix-org#10291), [\matrix-org#10314](matrix-org#10314), [\matrix-org#10326](matrix-org#10326)) - Fix the prometheus `synapse_federation_server_pdu_process_time` metric. Broke in v1.37.1. ([\matrix-org#10279](matrix-org#10279)) - Ensure that inbound events from federation that were being processed when Synapse was restarted get promptly processed on start up. ([\matrix-org#10303](matrix-org#10303)) Improved Documentation ---------------------- - Move the upgrade notes to [docs/upgrade.md](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md) and convert them to markdown. ([\matrix-org#10166](matrix-org#10166)) - Choose Welcome & Overview as the default page for synapse documentation website. ([\matrix-org#10242](matrix-org#10242)) - Adjust the URL in the README.rst file to point to irc.libera.chat. ([\matrix-org#10258](matrix-org#10258)) - Fix homeserver config option name in presence router documentation. ([\matrix-org#10288](matrix-org#10288)) - Fix link pointing at the wrong section in the modules documentation page. ([\matrix-org#10302](matrix-org#10302)) Internal Changes ---------------- - Drop `Origin` and `Accept` from the value of the `Access-Control-Allow-Headers` response header. ([\matrix-org#10114](matrix-org#10114)) - Add type hints to the federation servlets. ([\matrix-org#10213](matrix-org#10213)) - Improve the reliability of auto-joining remote rooms. ([\matrix-org#10237](matrix-org#10237)) - Update the release script to use the semver terminology and determine the release branch based on the next version. ([\matrix-org#10239](matrix-org#10239)) - Fix type hints for computing auth events. ([\matrix-org#10253](matrix-org#10253)) - Improve the performance of the spaces summary endpoint by only recursing into spaces (and not rooms in general). ([\matrix-org#10256](matrix-org#10256)) - Move event authentication methods from `Auth` to `EventAuthHandler`. ([\matrix-org#10268](matrix-org#10268)) - Re-enable a SyTest after it has been fixed. ([\matrix-org#10292](matrix-org#10292))
This was referenced Feb 15, 2022
turt2live
added a commit
to matrix-org/matrix-react-sdk
that referenced
this pull request
Feb 15, 2022
MSC: matrix-org/matrix-spec-proposals#2918 Fixes element-hq/element-web#18698 Fixes element-hq/element-web#20648 **Requires matrix-org/matrix-js-sdk#2178 **Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date). ---- This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens. If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again. This additionally contains a change to fix soft logout not working, per the issue links above. Of interest may be the IPC approach which was ultimately declined in favour of this change instead: #7803
Member
|
FTR, I'm working on the spec PR for this |
15 tasks
Member
|
Spec PR: matrix-org/matrix-spec#1056 |
turt2live
added
spec-pr-in-review
uhoreg
added
merged
Member
|
merged! 🎉 |
66 tasks
Member
|
I've added Element Web and iOS implementations of this MSC to the PR description. |
Member
|
@anoadragon453 ftr, the web implementation was reverted: matrix-org/matrix-react-sdk#7821 |
Member
|
Oh, thanks for letting me know! |
16 tasks
16 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rendered
Related: matrix-org/matrix-spec#410, matrix-org/matrix-spec#636
Implementations: synapse, hydrogen,
Element Web/Desktop(reverted), Element iOSFCP proposal: #2918 (comment)