Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4183: Additional Error Codes for submitToken endpoint #4183

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

MSC4183: Additional Error Codes for submitToken endpoint #4183

Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
e2cc52f
MSC4180: Additional Error Codes for submitToken endpoint
dbkr Aug 28, 2024
daa2132
Bah, markdown
dbkr Aug 28, 2024
f4fdd0f
Line wrapping
dbkr Aug 28, 2024
0cdf8c6
Typos
dbkr Aug 28, 2024
7fb14aa
Right MSC number
dbkr Aug 29, 2024
725f2ec
Rename
dbkr Aug 29, 2024
d383285
Add http status code
dbkr Aug 29, 2024
7809ced
Apply suggestions from code review
dbkr Oct 2, 2024
be435a8
Word wrap
dbkr Oct 2, 2024
007d364
Clearer wording
dbkr Oct 2, 2024
43638f1
clarify
dbkr Oct 23, 2024
5b8b163
Clarify
dbkr Oct 23, 2024
c026da7
Add note about not reusing error code
dbkr Nov 18, 2024
70d3e07
Clarify that we're taking about the submittoken api in requestToken
dbkr Nov 18, 2024
28d1128
spelling
dbkr Nov 18, 2024
7c53dc9
Clearer wording
dbkr Nov 26, 2024
63dcbe0
Add note on POST email submitToken api
dbkr Nov 27, 2024
af1dc86
Hopefully make more clearer
dbkr Nov 29, 2024
0f43a51
Apply same change to other submitToken endpoints
dbkr Nov 29, 2024
9c12f64
Remove stray lines, more clarifications & consistency fix
dbkr Nov 29, 2024
c630214
clarify only c/s api
dbkr Nov 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions proposals/4183-submitToken-error-codes.md
View file
Open in desktop
dbkr marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# MSC4183: Additional Error Codes for submitToken endpoint

The [`POST
/_matrix/identity/v2/validate/email/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validateemailsubmittoken)
and [`POST
/_matrix/identity/v2/validate/msisdn/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validatemsisdnsubmittoken)
endpoints do not specify any specific error codes, instead relying on the common error codes defined in the identity
service API.

However, these common error codes don't have any codes to signal many errors that can occur in these APIs: most
obviously, that the token the user entered was incorrect.

This MSC can be considered similar to [MSC4178](https://github.com/matrix-org/matrix-spec-proposals/pull/4178) although
that MSC is for `requestToken` on the C/S API only.

The numerous `requestToken` endpoints (enumerated in the proposal section) in the C/S API also specify a `submit_url`
response parameter, defining their parameters to be the same as the Identity API's `submitToken` endpoints. Everything
this MSC specifies applies to these endpoint in the same way.

Note that the `POST` version of the email `submitToken` endpoint ([`POST
/_matrix/identity/v2/validate/email/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validateemailsubmittoken))
is not generally used in practice: Sydent's emails includes a link to click instead of the `submit_url` response field and
therefore use the `GET` version. Synapse does not implement the `POST` API for email validation for this reason. This
proposal updates both for consistency.

## Proposal

Add the following specific error code as a code that can be returned by both
[`POST
/_matrix/identity/v2/validate/email/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validateemailsubmittoken)
and [`POST
/_matrix/identity/v2/validate/msisdn/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validatemsisdnsubmittoken):
* `M_TOKEN_INCORRECT`: Indicates that the token that the user entered to validate the session is incorrect.
richvdh marked this conversation as resolved.
Show resolved Hide resolved

Note that we deliberately chose not to re-use `M_UNKNOWN_TOKEN` since that refers to an access token, whereas this
refers to a token that the user enters.

HTTP status code 400 should be used for this error.

Additionally specify that the following common error codes can be returned:
* `M_INVALID_PARAM`: One of the supplied parameters in not valid.
* `M_SESSION_EXPIRED`: The validation session is question has expired.

HTTP status code 400 should also be used for both of these errors.

Also apply the same change to all the `submit_url` fields in the various response to the `POST requestToken` endpoints in the client-server API, i.e.:

* [`POST /_matrix/client/v3/register/email/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3registeremailrequesttoken)
* [`POST /_matrix/client/v3/register/msisdn/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3registerrequesttoken)
* [`POST /_matrix/client/v3/account/3pid/email/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3account3pidemailrequesttoken)
* [`POST /_matrix/client/v3/account/3pid/msisdn/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3account3pidmsisdnrequesttoken)
* [`POST /_matrix/client/v3/account/password/email/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3accountpasswordemailrequesttoken)
* [`POST /_matrix/client/v3/account/password/msisdn/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3accountpasswordmsisdnrequesttoken)
Comment on lines +48 to +53
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

haven't checked this morning, but I'm pretty sure your synapse implementation PR doesn't change all of these.

(I don't think synapse returns a submit_url from the email/requestToken endpoints, but it does from the msisdn/requestToken endpoints, and you haven't updated all the implementations of those submit_url endpoints.)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It actually does (so it's just as well we included the other endpoints): the various different rest classes use that function in the handler to do the request to the ID server and then the error code is in the exception that it throws.


...to specify that response parameters and error codes are the same as the I/S API version, as well as request parameters.

## Potential issues

None foreseen.

## Alternatives

None considered.

## Security considerations

None foreseen.

## Unstable prefix

No unstable prefix is deemed necessary. Sydent already sends the common error codes and also sends
`M_NO_VALID_SESSION` if the code is incorrect. Once an identity server (or homeserver) switches to
use the new error code, clients (including homeservers proxying the IS API) may not recognise the
error condition correctly until updated to support the new code. We say that this is acceptable in
favour of avoiding the complexity of negotiating error codes with API versions. Since the identity
server is generally used via the homeserver now, most users of this API will not currently receive
a sensible error code in this situation anyway.

## Dependencies

None