Skip to content

Support stable endpoint and scopes from the MSC3861 family#18549

Merged
sandhose merged 5 commits into
developfrom
quenting/msc3861-stable
Sep 2, 2025
Merged

Support stable endpoint and scopes from the MSC3861 family#18549
sandhose merged 5 commits into
developfrom
quenting/msc3861-stable

Conversation

@sandhose
Copy link
Copy Markdown
Member

@sandhose sandhose commented Jun 13, 2025
edited
Loading

This adds stable APIs for both MSC2965 and MSC2967

@sandhose sandhose marked this pull request as ready for review June 13, 2025 09:45
@sandhose sandhose requested a review from a team as a code owner June 13, 2025 09:45
MadLittleMods
MadLittleMods approved these changes Jul 11, 2025
View reviewed changes
Comment thread synapse/api/auth/msc3861_delegated.py
# Scope as defined by MSC2967
# https://github.com/matrix-org/matrix-spec-proposals/pull/2967
SCOPE_MATRIX_API = "urn:matrix:org.matrix.msc2967.client:api:*"
SCOPE_MATRIX_GUEST = "urn:matrix:org.matrix.msc2967.client:api:guest"
Copy link
Copy Markdown
Contributor

@MadLittleMods MadLittleMods Jul 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For reference, this guest scope was removed from MSC2967 in the rework commit

Comment thread synapse/api/auth/msc3861_delegated.py
if access_token != self._admin_token():
await self._record_request(request, requester)

if not allow_guest and requester.is_guest:
Copy link
Copy Markdown
Contributor

@MadLittleMods MadLittleMods Jul 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we get rid of all of the allow_guest stuff in this file now that's unused?

Copy link
Copy Markdown
Member Author

@sandhose sandhose Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Meh, it's still in the base 'auth' API, and this code is soon to go away anyway. The new stable integration doesn't have that anymore: https://github.com/element-hq/synapse/blob/develop/synapse/api/auth/mas.py

@sandhose sandhose enabled auto-merge (squash) August 4, 2025 16:19
@sandhose sandhose disabled auto-merge August 4, 2025 16:20
@sandhose sandhose requested a review from MadLittleMods August 4, 2025 16:21
@sandhose
Copy link
Copy Markdown
Member Author

sandhose commented Aug 4, 2025

@MadLittleMods re-requesting reviews as I merged develop back in this since #18759 is merged. So I did the support for the stable scope also in the stable integration

MadLittleMods
MadLittleMods reviewed Aug 4, 2025
View reviewed changes
Comment thread tests/handlers/test_oauth_delegation.py
Comment on lines +113 to +116
("urn:matrix:client:device:", "urn:matrix:client:api:*"),
(
"urn:matrix:org.matrix.msc2967.client:device:",
"urn:matrix:org.matrix.msc2967.client:api:*",
Copy link
Copy Markdown
Contributor

@MadLittleMods MadLittleMods Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could replace these with constants

Copy link
Copy Markdown
Member Author

@sandhose sandhose Sep 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to not use constants from the codebase in tests, because it can hide bugs when changing them

Comment thread synapse/api/auth/mas.py
Comment on lines +60 to +63
UNSTABLE_SCOPE_MATRIX_API = "urn:matrix:org.matrix.msc2967.client:api:*"
UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:org.matrix.msc2967.client:device:"
STABLE_SCOPE_MATRIX_API = "urn:matrix:client:api:*"
STABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:client:device:"
Copy link
Copy Markdown
Contributor

@MadLittleMods MadLittleMods Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the same as the ones below synapse/api/auth/msc3861_delegated.py. We should have these shared from a single source of truth.

Copy link
Copy Markdown
Member Author

@sandhose sandhose Sep 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

synapse/api/auth/msc3861_delegated.py should be removed sooner than later, so I don't really mind if they are shared for now

@sandhose sandhose merged commit 537e141 into develop Sep 2, 2025
76 of 78 checks passed
@sandhose sandhose deleted the quenting/msc3861-stable branch September 2, 2025 11:55
@benbz benbz mentioned this pull request Sep 26, 2025
Merged
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Oct 8, 2025
chat/matrix-synapse: Update to 1.139.0
762c0cd 
# Synapse 1.139.0 (2025-09-30)

## Features

- Add experimental support for [MSC4308: Thread Subscriptions extension to Sliding Sync](matrix-org/matrix-spec-proposals#4308) when [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) and [MSC4186: Simplified Sliding Sync](matrix-org/matrix-spec-proposals#4186) are enabled. ([\#18695](element-hq/synapse#18695))
- Update push rules for experimental [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) to follow a newer draft. ([\#18846](element-hq/synapse#18846))
- Add `get_media_upload_limits_for_user` and `on_media_upload_limit_exceeded` module API callbacks to the media repository. ([\#18848](element-hq/synapse#18848))
- Support [MSC4169](matrix-org/matrix-spec-proposals#4169) for backwards-compatible redaction sending using the `/send` endpoint. Contributed by @SpiritCroc @ Beeper. ([\#18898](element-hq/synapse#18898))
- Add an in-memory cache to `_get_e2e_cross_signing_signatures_for_devices` to reduce DB load. ([\#18899](element-hq/synapse#18899))
- Update [MSC4190](matrix-org/matrix-spec-proposals#4190) support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. ([\#18946](element-hq/synapse#18946))

## Deprecations and Removals

- Remove obsolete and experimental `/sync/e2ee` endpoint. ([\#18583](element-hq/synapse#18583))

# Synapse 1.138.0 (2025-09-09)

## Features

- Support for the stable endpoint and scopes of [MSC3861](matrix-org/matrix-spec-proposals#3861) & co. ([\#18549](element-hq/synapse#18549))
riastradh pushed a commit to riastradh/pkgsrc-test20250901 that referenced this pull request Feb 8, 2026
chat/matrix-synapse: Update to 1.139.0
a42a0dc 
# Synapse 1.139.0 (2025-09-30)

## Features

- Add experimental support for [MSC4308: Thread Subscriptions extension to Sliding Sync](matrix-org/matrix-spec-proposals#4308) when [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) and [MSC4186: Simplified Sliding Sync](matrix-org/matrix-spec-proposals#4186) are enabled. ([\#18695](element-hq/synapse#18695))
- Update push rules for experimental [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) to follow a newer draft. ([\#18846](element-hq/synapse#18846))
- Add `get_media_upload_limits_for_user` and `on_media_upload_limit_exceeded` module API callbacks to the media repository. ([\#18848](element-hq/synapse#18848))
- Support [MSC4169](matrix-org/matrix-spec-proposals#4169) for backwards-compatible redaction sending using the `/send` endpoint. Contributed by @SpiritCroc @ Beeper. ([\#18898](element-hq/synapse#18898))
- Add an in-memory cache to `_get_e2e_cross_signing_signatures_for_devices` to reduce DB load. ([\#18899](element-hq/synapse#18899))
- Update [MSC4190](matrix-org/matrix-spec-proposals#4190) support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. ([\#18946](element-hq/synapse#18946))

## Deprecations and Removals

- Remove obsolete and experimental `/sync/e2ee` endpoint. ([\#18583](element-hq/synapse#18583))

# Synapse 1.138.0 (2025-09-09)

## Features

- Support for the stable endpoint and scopes of [MSC3861](matrix-org/matrix-spec-proposals#3861) & co. ([\#18549](element-hq/synapse#18549))
msk pushed a commit to msk/pkgsrc that referenced this pull request May 11, 2026
chat/matrix-synapse: Update to 1.139.0
62d878a 
# Synapse 1.139.0 (2025-09-30)

## Features

- Add experimental support for [MSC4308: Thread Subscriptions extension to Sliding Sync](matrix-org/matrix-spec-proposals#4308) when [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) and [MSC4186: Simplified Sliding Sync](matrix-org/matrix-spec-proposals#4186) are enabled. ([\#18695](element-hq/synapse#18695))
- Update push rules for experimental [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) to follow a newer draft. ([\#18846](element-hq/synapse#18846))
- Add `get_media_upload_limits_for_user` and `on_media_upload_limit_exceeded` module API callbacks to the media repository. ([\#18848](element-hq/synapse#18848))
- Support [MSC4169](matrix-org/matrix-spec-proposals#4169) for backwards-compatible redaction sending using the `/send` endpoint. Contributed by @SpiritCroc @ Beeper. ([\#18898](element-hq/synapse#18898))
- Add an in-memory cache to `_get_e2e_cross_signing_signatures_for_devices` to reduce DB load. ([\#18899](element-hq/synapse#18899))
- Update [MSC4190](matrix-org/matrix-spec-proposals#4190) support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. ([\#18946](element-hq/synapse#18946))

## Deprecations and Removals

- Remove obsolete and experimental `/sync/e2ee` endpoint. ([\#18583](element-hq/synapse#18583))

# Synapse 1.138.0 (2025-09-09)

## Features

- Support for the stable endpoint and scopes of [MSC3861](matrix-org/matrix-spec-proposals#3861) & co. ([\#18549](element-hq/synapse#18549))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request May 13, 2026
chat/matrix-synapse: Update to 1.139.0
31cb61a 
# Synapse 1.139.0 (2025-09-30)

## Features

- Add experimental support for [MSC4308: Thread Subscriptions extension to Sliding Sync](matrix-org/matrix-spec-proposals#4308) when [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) and [MSC4186: Simplified Sliding Sync](matrix-org/matrix-spec-proposals#4186) are enabled. ([\#18695](element-hq/synapse#18695))
- Update push rules for experimental [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) to follow a newer draft. ([\#18846](element-hq/synapse#18846))
- Add `get_media_upload_limits_for_user` and `on_media_upload_limit_exceeded` module API callbacks to the media repository. ([\#18848](element-hq/synapse#18848))
- Support [MSC4169](matrix-org/matrix-spec-proposals#4169) for backwards-compatible redaction sending using the `/send` endpoint. Contributed by @SpiritCroc @ Beeper. ([\#18898](element-hq/synapse#18898))
- Add an in-memory cache to `_get_e2e_cross_signing_signatures_for_devices` to reduce DB load. ([\#18899](element-hq/synapse#18899))
- Update [MSC4190](matrix-org/matrix-spec-proposals#4190) support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. ([\#18946](element-hq/synapse#18946))

## Deprecations and Removals

- Remove obsolete and experimental `/sync/e2ee` endpoint. ([\#18583](element-hq/synapse#18583))

# Synapse 1.138.0 (2025-09-09)

## Features

- Support for the stable endpoint and scopes of [MSC3861](matrix-org/matrix-spec-proposals#3861) & co. ([\#18549](element-hq/synapse#18549))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MadLittleMods MadLittleMods MadLittleMods approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sandhose @MadLittleMods