Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4183: Additional Error Codes for submitToken endpoint #4183

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

MSC4183: Additional Error Codes for submitToken endpoint #4183

Changes from 12 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
e2cc52f
MSC4180: Additional Error Codes for submitToken endpoint
dbkr Aug 28, 2024
daa2132
Bah, markdown
dbkr Aug 28, 2024
f4fdd0f
Line wrapping
dbkr Aug 28, 2024
0cdf8c6
Typos
dbkr Aug 28, 2024
7fb14aa
Right MSC number
dbkr Aug 29, 2024
725f2ec
Rename
dbkr Aug 29, 2024
d383285
Add http status code
dbkr Aug 29, 2024
7809ced
Apply suggestions from code review
dbkr Oct 2, 2024
be435a8
Word wrap
dbkr Oct 2, 2024
007d364
Clearer wording
dbkr Oct 2, 2024
43638f1
clarify
dbkr Oct 23, 2024
5b8b163
Clarify
dbkr Oct 23, 2024
c026da7
Add note about not reusing error code
dbkr Nov 18, 2024
70d3e07
Clarify that we're taking about the submittoken api in requestToken
dbkr Nov 18, 2024
28d1128
spelling
dbkr Nov 18, 2024
7c53dc9
Clearer wording
dbkr Nov 26, 2024
63dcbe0
Add note on POST email submitToken api
dbkr Nov 27, 2024
af1dc86
Hopefully make more clearer
dbkr Nov 29, 2024
0f43a51
Apply same change to other submitToken endpoints
dbkr Nov 29, 2024
9c12f64
Remove stray lines, more clarifications & consistency fix
dbkr Nov 29, 2024
c630214
clarify only c/s api
dbkr Nov 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions proposals/4183-submitToken-error-codes.md
View file
Open in desktop
dbkr marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# MSC4183: Additional Error Codes for submitToken endpoint

The [`POST
/_matrix/identity/v2/validate/email/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validateemailsubmittoken)
and [`POST
/_matrix/identity/v2/validate/msisdn/submitToken`](https://spec.matrix.org/v1.11/identity-service-api/#post_matrixidentityv2validatemsisdnsubmittoken)
endpoints do not specify any specific error codes, instead relying on the common error codes defined in the identity
service API.

However, these common error codes don't have any codes to signal many errors that can occur in these APIs: most
obviously, that the token the user entered was incorrect.

This MSC can be considered similar to [MSC4178](https://github.com/matrix-org/matrix-spec-proposals/pull/4178) although
that MSC is for `requestToken` on the C-S API only.

The [`POST
/_matrix/client/v3/account/3pid/email/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3account3pidemailrequesttoken)
endpoint in the C/S API also specifies a `submit_url` response parameter, defining its parameters to be the same as the
Identity API's `submitToken` endpoints. Everything this MSC specifies applies to this endpoint in the same way.

## Proposal

Add the following specific error code as a code that can be returned by the two endpoints given above:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not least because there are now at least three different endpoints given above, I think you should restate which endpoints are changing here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

* `M_TOKEN_INCORRECT`: Indicates that the token that the user entered to validate the session is incorrect.
richvdh marked this conversation as resolved.
Show resolved Hide resolved

HTTP status code 400 should be used for this error.

Additionally specify that the following common error codes can be returned:
* `M_INVALID_PARAM`: One of the supplied parameters in not valid.
* `M_SESSION_EXPIRED`: The validation session is question has expired.

HTTP status code 400 should also be used for both of these errors.

Also change the C/S API's definition of [`POST
/_matrix/client/v3/account/3pid/email/requestToken`](https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3account3pidemailrequesttoken)
to specify that the endpoint is the same as the I/S API version in all ways, including response / error codes, rather than just parameters.
richvdh marked this conversation as resolved.
Show resolved Hide resolved

## Potential issues

None foreseen.

## Alternatives

None considered.

## Security considerations

None foreseen.

## Unstable prefix

No unstable prefix is deemed necessary. Sydent already sends the common error codes and also sends
`M_NO_VALID_SESSION` if the code is incorrect. Once an identity server (or homeserver) switches to
use the new error code, clients (including homeservers proxying the IS API) may not recognise the
error condition correctly until updated to support the new code. We say that this is acceptable in
favour of avoiding the complexity of negotiating error codes with API versions. Since the identity
server is generally used via the homeserver now, most users of this API will not currently receive
a sensible error code in this situation anyway.

## Dependencies

None