Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Remove support for application service authentication via query params #15379

Closed
clokep opened this issue Apr 3, 2023 · 1 comment · Fixed by #16017
Closed

Remove support for application service authentication via query params #15379

clokep opened this issue Apr 3, 2023 · 1 comment · Fixed by #16017
Assignees
@H-Shay
Labels
A-Application-Service Related to AS support O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Blocks non-critical functionality, workarounds exist. T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. Z-Future-Maintenance Things that can't yet be done, but will need cleaning up in a couple of months/releases
Milestone
Revisit: Next Week

Comments

@clokep
Copy link
Member

clokep commented Apr 3, 2023

#13996 added support for MSC2832 to authenticate appservices via a header instead of query parameters. It didn't deprecate or remove the query params authentication for backwards compatibility.

This is unfortunate since passing those will end up in proxy logs, etc. #15317 intends to "deprecate" them and I'd like to disable them by default / remove them, but technically this would mean that Synapse is no longer spec compliant for spec versions < 1.4.

We have a few options for this:

  • Don't care about the spec compliant issue and just remove support.
  • Add a configuration flag (either in homeserver.yaml or an implementation-specific flag in the appservice config file) to enable support for legacy authentication.
  • Drop support for Matrix < 1.4.

There's a few other ideas in #15317 too.

Note that #15317 declares the current status-quo until at least Synapse v1.88.0.
@clokep clokep mentioned this issue Apr 3, 2023
Merged
@clokep clokep added S-Minor Blocks non-critical functionality, workarounds exist. T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. Z-Future-Maintenance Things that can't yet be done, but will need cleaning up in a couple of months/releases O-Uncommon Most users are unlikely to come across this or unexpected workflow labels Apr 3, 2023
@clokep clokep mentioned this issue Apr 3, 2023
Closed
@clokep clokep added the A-Application-Service Related to AS support label Jun 1, 2023
@clokep clokep added this to the Revisit: Next Month milestone Jun 1, 2023
@erikjohnston
Copy link
Member

  • Add a configuration flag (either in homeserver.yaml or an implementation-specific flag in the appservice config file) to enable support for legacy authentication.

Let's go with this option, as a compromise.

@H-Shay H-Shay mentioned this issue Jul 31, 2023
Merged
@clokep clokep mentioned this issue Apr 12, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@H-Shay H-Shay

Labels
A-Application-Service Related to AS support O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Blocks non-critical functionality, workarounds exist. T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. Z-Future-Maintenance Things that can't yet be done, but will need cleaning up in a couple of months/releases
Projects
None yet
Milestone
Revisit: Next Week
3 participants
@clokep @erikjohnston @H-Shay