Start implementation for media repo auth (MSC701) #103
Assignees
Comments
|
Something to consider is how we'll ensure that the visibility rules are checked. Applies to thumbnails too. |
turt2live
added a commit
that referenced
this issue
Jun 15, 2018
turt2live
added a commit
that referenced
this issue
Jun 15, 2018
This currently doesn't build due to some functions not getting the content token treatment. Upon reflection, it may be best to just work on this after rewriting the middle layer. Part of #103
turt2live
changed the title
turt2live
added a commit
that referenced
this issue
Jun 17, 2018
turt2live
added a commit
that referenced
this issue
Jun 17, 2018
This is part of #103. There's a couple concepts introduced in this setup. It was found that storing hashes in the database can't be done because then we'll have no string to use to decrypt the user's access token. This also doesn't work on federation at all and instead has a short circuit which may need to be expanded upon. The token isn't sent over federation at all, however it might need to be done in plain text. The problem with an encrypted access token for the user is that we won't know what the content token is for remote media, and therefore can't decrypt the user's access token. We equally don't want to send the user's access token over federation, so we may have to settle for throwing the content token around. More thought is needed.
|
This is effectively blocked on https://docs.google.com/document/d/1ERHpmthZyspnZtE3tQzxKTkcxar6JANeyNXgz2_djhA/edit?disco=AAAAB_jYtTw due to the concern of sending access tokens over federation. A remote server in the proposal currently has no way of verifying a request is valid for a given user, and a requesting server has no reasonable way to provide authorization information to the remote repository. |
13 tasks
|
For clarity, MMR has decided it will use MSC3916 instead. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
More information: https://github.com/matrix-org/matrix-doc/issues/701
Currently the
content_tokenformat is undecided, however we can still start implementing this as a proof of concept.?public=trueflag (default true)[a-zA-Z0-9]) and return them as part of uploads. Only applies forpublic=false.?content_token=param when downloading media for now. This will likely change in the future.With the exception of the requires auth config flag, don't do any of this without an explicit environment variable being set.Actually, these changes are backwards compatible (mostly), so we don't need a flag at all.The text was updated successfully, but these errors were encountered: