-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove the v1 API #338
Comments
Some notable places this is still used:
|
mxisd is more likely to be ma1sd: https://github.com/ma1uta/ma1sd |
Would be good to set a public deprecation timeline for this |
@turt2live suggests that there is other work that might need to be done before we can remove the v1 APIs, but he'd need to go and spend some time figuring out what that is. (I hope that is a fair representation) |
Notice that email invites are still using V1 api in order to sign the invitation. This API is defined as helper for client that cannot do crypto, but still element clients are using it. I guess that before removing this API we should:
|
I decided to try and pull some figures on where the v1 API is being used. Over the 7 days to 24 June:
|
3PID (email) invites include a link like Which passes a The API description being
when in reality clients can't really do the signing themselves without parsing the signurl in brittle ways given the URL params don't match any known documentation means that clients are forced to blindly just call a given URL in undocumented ways. |
For links, the endpoint in question used to be specced at https://matrix.org/docs/spec/identity_service/r0.3.0.html#deprecated-post-matrix-identity-api-v1-sign-ed25519; note that a @t3chguy (and @BillCarsonFr, since I think you said the same thing): I'm failing to grok how this "signurl" is used in the 3pid flow. How is the URL generated? How is it used? I can't find it mentioned at https://spec.matrix.org/v1.5/client-server-api/#server-behaviour-7. |
It is being used as POST but with no body and all params being query params, so still doesn't match that spec The link comes from the email templates https://github.com/search?q=repo%3Amatrix-org%2Fsydent+sign-ed25519&type=code |
Right. Yes.
Is that the link you meant? It doesn't seem to give anything useful here. |
that link definitely doesn't show me those results, but thanks |
Ah, might be because I'm on the Github Search Beta which makes the search quite usable |
@richvdh worth noting that there's two flows an email invite can take, and only one of those flows is documented in the spec. The other is completely missing (I couldn't find an issue at first glance, but know this to be true) |
Opened matrix-org/matrix-spec#1359 to track this, then. Re the
|
Yes, and no. Element Web code has to append a |
Ugh. But also, surely that would work just as well if the root of signurl was |
Quite right - especially the |
Note that there is a config option to disable V1 bindings: #267 - although currently this is only applied to the sydent/sydent/http/httpserver.py Lines 129 to 130 in c9980a9
|
Blocked by matrix-org/synapse#9677
The deprecated v1 identity service API is a source of security issues and poor UX. We should set a date to remove it, and follow through with that.
The text was updated successfully, but these errors were encountered: