Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Switch to Identity Service API v2 #9677

Open
Open
Switch to Identity Service API v2#9677
Labels
A-Spec-Complianceplaces where synapse does not conform to the specO-OccasionalAffects or can be seen by some users regularly or most users rarelyS-MajorMajor functionality / product severely impaired, no satisfactory workaround.T-TaskRefactoring, removal, replacement, enabling or disabling functionality, other engineering tasks.Z-Future-MaintenanceThings that can't yet be done, but will need cleaning up in a couple of months/releases
Milestone
Revisit: Next Quarter
@anoadragon453

Description

@anoadragon453
anoadragon453
opened on Mar 23, 2021

The v1 Identity Service API will be dropped from the spec soon. There are a number of places where we still use v1 APIs, where we should instead first try v2, then fall back to v1.

synapse/synapse/handlers/identity.py

Lines 124 to 137 in e550ab1

url = id_server + "/_matrix/identity/api/v1/3pid/getValidated3pid"
try:
data = await self.http_client.get_json(url, query_params)
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except HttpResponseException as e:
logger.info(
"%s returned %i for threepid validation for: %s",
id_server,
e.code,
creds,
)
return None

synapse/synapse/handlers/identity.py

Lines 273 to 279 in 0a00b7f

url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
url_bytes = "/_matrix/identity/api/v1/3pid/unbind".encode("ascii")
content = {
"mxid": mxid,
"threepid": {"medium": threepid["medium"], "address": threepid["address"]},
}

synapse/synapse/handlers/identity.py

Lines 446 to 456 in 0a00b7f

try:
data = await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/email/requestToken",
params,
)
return data
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")

synapse/synapse/handlers/identity.py

Lines 499 to 508 in 0a00b7f

try:
data = await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/msisdn/requestToken",
params,
)
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")

synapse/synapse/handlers/identity.py

Lines 586 to 595 in 0a00b7f

try:
return await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken",
body,
)
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except HttpResponseException as e:
logger.warning("Error contacting msisdn account_threepid_delegate: %s", e)
raise SynapseError(400, "Error contacting the identity server")

I believe we also store IS URLs (/_matrix/identity/api/v1/pubkey/[ephemeral/]isvalid) in third-party invite state events, which will eventually fail once IS's drop v1 APIs. Edit: Yes, we do:

{
  "type": "m.room.third_party_invite",
  "sender": "@andrewm:amorgan.xyz",
  "content": {
    "display_name": "h...@g...",
    "public_keys": [
      {
        "key_validity_url": "https://vector.im/_matrix/identity/api/v1/pubkey/isvalid",
        "public_key": "ta8IQ0u1sp44HVpxdFOdS/bfwDjcy4xLFFlfY5KOA"
      },
      {
        "key_validity_url": "https://vector.im/_matrix/identity/api/v1/pubkey/ephemeral/isvalid",
        "public_key": "unYLHHHx_-kYDh9RLh5RvfcTrDgWnNtLdgPC3yM"
      }
    ],
    "key_validity_url": "https://vector.im/_matrix/identity/v2/pubkey/isvalid",
    "public_key": "ta8IQ0u1sp44HVpxYi7dFOdS/bfwDjcy4xLFlfY5KOA"
  },
  "state_key": "HgjJXrYyxxxOtdmyiJHyYRTjMMAiFdDrbCPqyCMdgCSyGMvxsyztxNQHBXMcUOnLjUOdhCMzSzwYEowxPqIYGYcOnXzNMvAlyOKOmnWrnfglNfBAeVfmZLBvQRqDGg",
  "event_id": "$161658804355dhuce:amorgan.xyz",
  "origin_server_ts": 1616588043476,
  "unsigned": {
    "age": 6048
  },
  "room_id": "!xxx:amorgan.xyz"
}

Update 2022/06/24: It's also worth noting that we use the v1 /store-invite and pubkey/isvalid APIs when clients send a 3pid invite with no id_access_token, which we need to disable:

synapse/synapse/handlers/identity.py

Lines 893 to 911 in d549099

key_validity_url = "%s%s/_matrix/identity/api/v1/pubkey/isvalid" % (
id_server_scheme,
id_server,
)
url = base_url + "/api/v1/store-invite"
try:
data = await self.blacklisting_http_client.post_json_get_json(
url, invite_config
)
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except HttpResponseException as e:
logger.warning(
"Error trying to call /store-invite on %s%s: %s",
id_server_scheme,
id_server,
e,
)

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-Spec-Complianceplaces where synapse does not conform to the specO-OccasionalAffects or can be seen by some users regularly or most users rarelyS-MajorMajor functionality / product severely impaired, no satisfactory workaround.T-TaskRefactoring, removal, replacement, enabling or disabling functionality, other engineering tasks.Z-Future-MaintenanceThings that can't yet be done, but will need cleaning up in a couple of months/releases

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions