Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC2918: Refresh tokens #2918

Merged
merged 22 commits into from
Sep 28, 2021
Merged

MSC2918: Refresh tokens #2918

merged 22 commits into from
Sep 28, 2021

Conversation

sandhose
Copy link
Member

@sandhose sandhose commented Dec 18, 2020
edited by anoadragon453
Loading

@sandhose sandhose changed the title MSC2918: Refresh tokens MSC2918: [WIP] Refresh tokens Dec 18, 2020
clokep
clokep reviewed Dec 18, 2020
View reviewed changes
proposals/2918-refreshtokens.md Outdated Show resolved Hide resolved
proposals/2918-refreshtokens.md Show resolved Hide resolved
proposals/2918-refreshtokens.md Outdated Show resolved Hide resolved
@turt2live turt2live added kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal proposal-in-review labels Jan 14, 2021
@turt2live turt2live changed the title MSC2918: [WIP] Refresh tokens [WIP] MSC2918: Refresh tokens Jan 14, 2021
@turt2live turt2live marked this pull request as draft January 14, 2021 16:53
This was referenced Feb 19, 2021
Draft
Merged
@sandhose
Copy link
Member Author

Just pushed two changes:

  • the registration API should also issue a refresh token (unless login is inhibited)
  • token expiration is now in milliseconds instead of seconds

sandhose
sandhose commented Jun 3, 2021
View reviewed changes
Copy link
Member Author

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few recent changes:

  • d433e3b specify what error code should be used related to this)
  • b320001 suggest what to do with refresh token revocation on use (this is what is implemented in Synapse)
  • 87566c3 clarify that it also applies to ASes

proposals/2918-refreshtokens.md Show resolved Hide resolved
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
@sandhose sandhose marked this pull request as ready for review June 17, 2021 10:51
sandhose
sandhose commented Jun 17, 2021
View reviewed changes
Copy link
Member Author

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty confortable with the current state of the MSC. The implementation in Synapse is pretty much done and working (matrix-org/synapse#9450) and in a working state in Hydrogen (element-hq/hydrogen-web#235).

proposals/2918-refreshtokens.md Show resolved Hide resolved
@sandhose sandhose changed the title [WIP] MSC2918: Refresh tokens MSC2918: Refresh tokens Jun 17, 2021
@richvdh richvdh removed the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 24, 2021
@richvdh richvdh self-requested a review June 24, 2021 13:23
@turt2live turt2live self-assigned this Jan 1, 2022
@bradjones1 bradjones1 mentioned this pull request Jan 28, 2022
Closed
This was referenced Feb 15, 2022
Closed
Merged
Merged
turt2live added a commit to matrix-org/matrix-react-sdk that referenced this pull request Feb 15, 2022
@turt2live
Support refresh tokens (#7802)
8395934 
MSC: matrix-org/matrix-spec-proposals#2918
Fixes element-hq/element-web#18698
Fixes element-hq/element-web#20648
**Requires matrix-org/matrix-js-sdk#2178

**Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date).

----

This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens.

If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again.

This additionally contains a change to fix soft logout not working, per the issue links above.

Of interest may be the IPC approach which was ultimately declined in favour of this change instead: #7803
@uhoreg
Copy link
Member

uhoreg commented May 4, 2022

FTR, I'm working on the spec PR for this

@turt2live turt2live assigned uhoreg and unassigned turt2live May 4, 2022
@uhoreg uhoreg mentioned this pull request May 10, 2022
Merged
@turt2live turt2live mentioned this pull request May 16, 2022
Closed
15 tasks
@turt2live
Copy link
Member

Spec PR: matrix-org/matrix-spec#1056

@turt2live turt2live added spec-pr-in-review A proposal which has been PR'd against the spec and is in review and removed spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec labels May 24, 2022
@hughns hughns mentioned this pull request May 25, 2022
Open
@uhoreg uhoreg added merged A proposal whose PR has merged into the spec! and removed spec-pr-in-review A proposal which has been PR'd against the spec and is in review labels Jun 2, 2022
@uhoreg
Copy link
Member

uhoreg commented Jun 2, 2022

merged! 🎉

@zecakeh zecakeh mentioned this pull request Jun 3, 2022
Closed
66 tasks
@zecakeh zecakeh mentioned this pull request Jun 11, 2022
Merged
@anoadragon453
Copy link
Member

I've added Element Web and iOS implementations of this MSC to the PR description.

@turt2live
Copy link
Member

@anoadragon453 ftr, the web implementation was reverted: matrix-org/matrix-react-sdk#7821

@anoadragon453
Copy link
Member

Oh, thanks for letting me know!

@richvdh richvdh mentioned this pull request Feb 17, 2023
Merged
@hughns hughns mentioned this pull request Feb 23, 2023
Closed
@S7evinK S7evinK mentioned this pull request Sep 29, 2023
Open
16 tasks
@matrixbot matrixbot mentioned this pull request Nov 1, 2024
Open
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deepbluev7 deepbluev7 deepbluev7 left review comments

@KitsuneRal KitsuneRal KitsuneRal left review comments

@erikjohnston erikjohnston erikjohnston left review comments

@joepie91 joepie91 joepie91 requested changes

@anoadragon453 anoadragon453 anoadragon453 left review comments

@turt2live turt2live turt2live approved these changes

@uhoreg uhoreg uhoreg left review comments

@dbkr dbkr dbkr left review comments

@clokep clokep clokep left review comments

@richvdh richvdh richvdh approved these changes

Assignees

@uhoreg uhoreg

Labels
kind:feature MSC for not-core and not-maintenance stuff merged A proposal whose PR has merged into the spec! proposal A matrix spec change proposal
Projects
Spec Core Team Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.