From 7fb0734b64370f967489719405c21f0dd4b08a69 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Tue, 6 Jun 2023 15:11:21 -0700 Subject: [PATCH 1/4] add proposal to optionally auth `/versions` --- proposals/XXXX-optional-authed-versions.md | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 proposals/XXXX-optional-authed-versions.md diff --git a/proposals/XXXX-optional-authed-versions.md b/proposals/XXXX-optional-authed-versions.md new file mode 100644 index 00000000000..173725847de --- /dev/null +++ b/proposals/XXXX-optional-authed-versions.md @@ -0,0 +1,35 @@ +## Introduction + +Synapse is implementing the ability to turn some unstable features on per-user. Once this is +implemented, certain experimental features will be available to be enabled per-user via the [Admin API](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html). +This is in addition to the current ability to toggle on/off those features system-wide in the configuration. + +However, this poses a problem when considering how to advertise that those features are enabled to clients. +Traditionally, to determine what unstable features were available from a server clients checked the [`/_matrix/client/versions`](https://spec.matrix.org/v1.7/client-server-api/#get_matrixclientversions) +endpoint, which in turn checked the Synapse configuration to determine what experimental features were enabled. With the +changes being implemented this is no longer possible, as some experimental features may be enabled per-user. As the +`/_matrix/client/versions` endpoint does not require authentication there is no way to know which experimental features +are enabled - there is no access token that we can extract user info from to determine which unstable features are +currently enabled (as they may only be enabled for some users) - and thus there is no way to correctly communicate to +clients which experimental features are enabled. + +## Proposal + +The proposal to remedy this is to make `/_matrix/client/versions` optionally accept authentication, and ask clients +to use the authenticated version when determining which experimental features are enabled. + +## Potential issues + +This does raise the question of what the non-authenticated version of `/_matrix/client/versions` should return with +regard to unstable features if the proposal is accepted. + +## Alternatives + +An alternative to the proposal would be to move advertising the unstable features to the [`/_matrix/client/v3/capabilities`](https://spec.matrix.org/v1.7/client-server-api/#get_matrixclientv3capabilities) +endpoint, which does require authentication. However, the spec is clear that `/_matrix/client/v3/capabilities` "should +not be used to advertise unstable or experimental features - this is better done by the `/versions` endpoint." Thus, +this seems like a less desirable option than the proposed solution. + +## Security considerations + +None that I am currently aware of. \ No newline at end of file From fbda588a67c306fa4132e660eaa121a939234aa1 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Tue, 6 Jun 2023 15:20:04 -0700 Subject: [PATCH 2/4] update file name with actual number --- ...tional-authed-versions.md => 4026-optional-authed-versions.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename proposals/{XXXX-optional-authed-versions.md => 4026-optional-authed-versions.md} (100%) diff --git a/proposals/XXXX-optional-authed-versions.md b/proposals/4026-optional-authed-versions.md similarity index 100% rename from proposals/XXXX-optional-authed-versions.md rename to proposals/4026-optional-authed-versions.md From 9e998a8ebe5cbcc3235d96999da27c030db14e8c Mon Sep 17 00:00:00 2001 From: Shay Date: Wed, 23 Aug 2023 14:01:50 -0700 Subject: [PATCH 3/4] Update proposals/4026-optional-authed-versions.md Co-authored-by: Hubert Chathi --- proposals/4026-optional-authed-versions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/4026-optional-authed-versions.md b/proposals/4026-optional-authed-versions.md index 173725847de..b3d8c232ca8 100644 --- a/proposals/4026-optional-authed-versions.md +++ b/proposals/4026-optional-authed-versions.md @@ -2,6 +2,8 @@ Synapse is implementing the ability to turn some unstable features on per-user. Once this is implemented, certain experimental features will be available to be enabled per-user via the [Admin API](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html). +The intention is to allow certain users to test the experimental feature without making it available to +all users before it is stable. This is in addition to the current ability to toggle on/off those features system-wide in the configuration. However, this poses a problem when considering how to advertise that those features are enabled to clients. From 83737841748c7e1352028744cef8a267024f5b6c Mon Sep 17 00:00:00 2001 From: Shay Date: Wed, 23 Aug 2023 14:02:48 -0700 Subject: [PATCH 4/4] Update proposals/4026-optional-authed-versions.md Co-authored-by: Hubert Chathi --- proposals/4026-optional-authed-versions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/4026-optional-authed-versions.md b/proposals/4026-optional-authed-versions.md index b3d8c232ca8..c9aba05e814 100644 --- a/proposals/4026-optional-authed-versions.md +++ b/proposals/4026-optional-authed-versions.md @@ -1,3 +1,5 @@ +# MSC4026: Allow /versions to optionally accept authentication + ## Introduction Synapse is implementing the ability to turn some unstable features on per-user. Once this is