Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable key discovery api per default via keys ressource in synapse role #1761

Open
yncyrydybyl opened this issue Apr 18, 2022 · 1 comment
Open
Labels
question This issue is a question related to installation

Comments

@yncyrydybyl
Copy link
Contributor

When trying to get a key from my server I discovered that the keys ressource is not per default enabled.
The method: https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-query-servername-keyid

#no auth needed
curl https://matrix.myserver.org/_matrix/key/v2/query/datanauten.de

The line default is set in mail.yml of the synapse role:

matrix_synapse_http_listener_resource_names: ["client"]

I think It should also cover the "keys" ressource. As described in
https://github.com/matrix-org/synapse/blob/7013e06e2f60e1401349fd054372808376facc87/docs/sample_config.yaml#L287

matrix_synapse_http_listener_resource_names: ["client","keys"]

The federation ressource is coving it already. But since it is a client method it should be also availible via client-server port.

@spantaleev
Copy link
Owner

You're linking to https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-query-servername-keyid (GET /_matrix/key/v2/query/{serverName}/{keyId}), which is part of the "Server-Server (Federation) API".

You're however trying to access this GET /_matrix/key/v2/query/{serverName}/{keyId} resource over the Client-Server API (e.g. https://matrix.DOMAIN/_matrix/key/v2/query/datanauten.de).

With the default (recommended) configuration, the playbook serves the federation API on port 8448, so you should be accessing this at https://matrix.DOMAIN:8448/_matrix/key/v2/query/datanauten.de instead. I've tested it on my setup and it works as expected.


But since it is a client method it should be also availible via client-server port.

I don't know what you're basing this on. The Client-Server API specs do not mention this /_matrix/key API at all, so I don't think it's a client method.

If some client is try to access the /_matrix/key API over the Client-Server API, it's likely that:

  • your /.well-known/matrix/server file is not configured correctly (it should tell clients that the federation API is on port 8448)
  • the Matrix client does not support /.well-known/matrix/server and defaults to using port 443 instead. If so, a bug should be reported to this Matrix client's repository, so that support can be added.
  • the Matrix client is buggy and is accessing a federation API method using the Client-API URL. For some servers (those that serve client and server on the same URL) it works this way, but it's more of a coincidence than due to proper behavior. If so, a bug should be reported to this Matrix client's repository, so that the correct behavior can be followed.

@luixxiul luixxiul added the question This issue is a question related to installation label Nov 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question This issue is a question related to installation
Projects
None yet
Development

No branches or pull requests

3 participants