Server-server authentication doesn't specify what happens when auth fails #1570

turt2live · 2023-06-14T03:31:58Z

Link to problem area: https://spec.matrix.org/v1.7/server-server-api/#authentication

Issue
I believe it's a 401 M_FORBIDDEN error, but we need to specify that.

richvdh · 2023-06-14T06:41:19Z

Synapse raises a 401 M_UNAUTHORIZED in the event of an invalid signature (https://github.com/matrix-org/synapse/blob/v1.84.1/synapse/crypto/keyring.py#L345-L355) and in other situations such as a missing Authorization: X-Matrix header.

(It seems to me it should be a 401 for a missing header, and a 403 for an incorrect signature)

turt2live added spec-bug Something which is in the spec, but is wrong A-S2S Server-to-Server API (federation) labels Jun 14, 2023

turt2live mentioned this issue Jun 14, 2023

MSC4029: [WIP] Fixing X-Matrix request authentication matrix-org/matrix-spec-proposals#4029

Draft

richvdh added spec-omission implemented but not currently specified and removed spec-bug Something which is in the spec, but is wrong labels Jun 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Server-server authentication doesn't specify what happens when auth fails #1570

Server-server authentication doesn't specify what happens when auth fails #1570

turt2live commented Jun 14, 2023

richvdh commented Jun 14, 2023

Server-server authentication doesn't specify what happens when auth fails #1570

Server-server authentication doesn't specify what happens when auth fails #1570

Comments

turt2live commented Jun 14, 2023

richvdh commented Jun 14, 2023