This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'release-v1.17.0' of github.com:matrix-org/synapse into …
…anoa/amorgan.xyz * 'release-v1.17.0' of github.com:matrix-org/synapse: (117 commits) 1.17.0 update changelog fix migration, again fix changelog 1.16.1 Drop incorrectly-added table `local_rejections_stream`. (#7816) 1.17.0rc1 Fix some spelling mistakes / typos. (#7811) `update_membership` declaration: now always returns an event id. (#7809) Improve stacktraces from exceptions in background processes (#7808) Fix `can only concatenate list (not "tuple") to list` exception (#7810) Pass original request headers from workers to the main process. (#7797) Generate real events when we reject invites (#7804) Add `HomeServer.signing_key` property (#7805) Revert "Update the installation docs on apt-transport-https (#7801)" Do not use simplejson in Synapse. (#7800) Stop passing bytes when dumping JSON (#7799) Update the installation docs on apt-transport-https (#7801) shuffle changelog slightly 1.16.0 ...
- Loading branch information
Showing
250 changed files
with
4,737 additions
and
2,404 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,27 @@ | ||
matrix-synapse-py3 (1.17.0) stable; urgency=medium | ||
|
||
* New synapse release 1.17.0. | ||
|
||
-- Synapse Packaging team <[email protected]> Mon, 13 Jul 2020 10:20:31 +0100 | ||
|
||
matrix-synapse-py3 (1.16.1) stable; urgency=medium | ||
|
||
* New synapse release 1.16.1. | ||
|
||
-- Synapse Packaging team <[email protected]> Fri, 10 Jul 2020 12:09:24 +0100 | ||
|
||
matrix-synapse-py3 (1.17.0rc1) stable; urgency=medium | ||
|
||
* New synapse release 1.17.0rc1. | ||
|
||
-- Synapse Packaging team <[email protected]> Thu, 09 Jul 2020 16:53:12 +0100 | ||
|
||
matrix-synapse-py3 (1.16.0) stable; urgency=medium | ||
|
||
* New synapse release 1.16.0. | ||
|
||
-- Synapse Packaging team <[email protected]> Wed, 08 Jul 2020 11:03:48 +0100 | ||
|
||
matrix-synapse-py3 (1.15.2) stable; urgency=medium | ||
|
||
* New synapse release 1.15.2. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# JWT Login Type | ||
|
||
Synapse comes with a non-standard login type to support | ||
[JSON Web Tokens](https://en.wikipedia.org/wiki/JSON_Web_Token). In general the | ||
documentation for | ||
[the login endpoint](https://matrix.org/docs/spec/client_server/r0.6.1#login) | ||
is still valid (and the mechanism works similarly to the | ||
[token based login](https://matrix.org/docs/spec/client_server/r0.6.1#token-based)). | ||
|
||
To log in using a JSON Web Token, clients should submit a `/login` request as | ||
follows: | ||
|
||
```json | ||
{ | ||
"type": "org.matrix.login.jwt", | ||
"token": "<jwt>" | ||
} | ||
``` | ||
|
||
Note that the login type of `m.login.jwt` is supported, but is deprecated. This | ||
will be removed in a future version of Synapse. | ||
|
||
The `jwt` should encode the local part of the user ID as the standard `sub` | ||
claim. In the case that the token is not valid, the homeserver must respond with | ||
`401 Unauthorized` and an error code of `M_UNAUTHORIZED`. | ||
|
||
(Note that this differs from the token based logins which return a | ||
`403 Forbidden` and an error code of `M_FORBIDDEN` if an error occurs.) | ||
|
||
As with other login types, there are additional fields (e.g. `device_id` and | ||
`initial_device_display_name`) which can be included in the above request. | ||
|
||
## Preparing Synapse | ||
|
||
The JSON Web Token integration in Synapse uses the | ||
[`PyJWT`](https://pypi.org/project/pyjwt/) library, which must be installed | ||
as follows: | ||
|
||
* The relevant libraries are included in the Docker images and Debian packages | ||
provided by `matrix.org` so no further action is needed. | ||
|
||
* If you installed Synapse into a virtualenv, run `/path/to/env/bin/pip | ||
install synapse[pyjwt]` to install the necessary dependencies. | ||
|
||
* For other installation mechanisms, see the documentation provided by the | ||
maintainer. | ||
|
||
To enable the JSON web token integration, you should then add an `jwt_config` section | ||
to your configuration file (or uncomment the `enabled: true` line in the | ||
existing section). See [sample_config.yaml](./sample_config.yaml) for some | ||
sample settings. | ||
|
||
## How to test JWT as a developer | ||
|
||
Although JSON Web Tokens are typically generated from an external server, the | ||
examples below use [PyJWT](https://pyjwt.readthedocs.io/en/latest/) directly. | ||
|
||
1. Configure Synapse with JWT logins: | ||
|
||
```yaml | ||
jwt_config: | ||
enabled: true | ||
secret: "my-secret-token" | ||
algorithm: "HS256" | ||
``` | ||
2. Generate a JSON web token: | ||
```bash | ||
$ pyjwt --key=my-secret-token --alg=HS256 encode sub=test-user | ||
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.Ag71GT8v01UO3w80aqRPTeuVPBIBZkYhNTJJ-_-zQIc | ||
``` | ||
3. Query for the login types and ensure `org.matrix.login.jwt` is there: | ||
|
||
```bash | ||
curl http://localhost:8080/_matrix/client/r0/login | ||
``` | ||
4. Login used the generated JSON web token from above: | ||
|
||
```bash | ||
$ curl http://localhost:8082/_matrix/client/r0/login -X POST \ | ||
--data '{"type":"org.matrix.login.jwt","token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.Ag71GT8v01UO3w80aqRPTeuVPBIBZkYhNTJJ-_-zQIc"}' | ||
{ | ||
"access_token": "<access token>", | ||
"device_id": "ACBDEFGHI", | ||
"home_server": "localhost:8080", | ||
"user_id": "@test-user:localhost:8480" | ||
} | ||
``` | ||
|
||
You should now be able to use the returned access token to query the client API. |
Oops, something went wrong.