Application service API authentication requires access_token to be in the query parameters
#679
Labels
Comments
|
Which direction of traffic is your concern in? Homeserver -> Appservice or Appservice -> Homeserver? |
|
I think this is Homeserver > Appservice? This is the section I'm talking about. |
|
Right, so matrix-org/matrix-spec-proposals#1424 was about the other direction. It is true that the only way homeservers can prove their identity to an appservice is through the query parameters, and this would require an MSC to change. |
turt2live
added
improvement
richvdh
changed the title
access_token to be in the query parameters
|
This seems like it would be solved by matrix-org/matrix-spec-proposals#2832. |
|
Closing in favour of MSC, given it's on the edge of FCP. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's an existing issue about this at matrix-org/matrix-spec-proposals#1424, but it got closed by matrix-org/matrix-spec-proposals#1534 which updates the wording about the usage of the client-server API for appservices, but not the wording about authentication in the appservice API itself. This seems like an oversight.
The text was updated successfully, but these errors were encountered: