search

element-hq / riot-android

A glossy Matrix collaboration client for Android
Apache License 2.0
1.4k stars 394 forks source link

Add User-Interactive Auth to /account/3pid/add #3333

Closed jryans closed 5 years ago

jryans commented 5 years ago

Add User-Interactive Authentication to the /account/3pid/add endpoint as per MSC2290.

See also https://github.com/matrix-org/synapse/pull/6119 Cloned from https://github.com/vector-im/riot-web/issues/11003

BillCarsonFr commented 5 years ago

When auth is required (and it should always be), the flow looks like: First POST /account/3pid/add

{
    "sid":"DDBPiNqdYcwpXTmC",
    "client_secret":"Eqj0NhnulGDLIJwYIDTP1MTSesYaTpi2"
}

401

{
    "session": "AKMdFRcWreRwtDxlKiNZRVCV",
    "params": {},
    "flows": [{
        "stages": ["m.login.password"]
    }]
}

Last POST /account/3pid/add

{
    "auth": {
        "identifier": {
            "type": "m.id.user",
            "user": "@testmanu:example.com"
        },
        "password": "111111",
        "session": "AKMdFRcWreRwtDxlKiNZRVCV",
        "type": "m.login.password",
        "user": "@testmanu:example.com"
    },
    "client_secret": "Eqj0NhnulGDLIJwYIDTP1MTSesYaTpi2",
    "sid": "DDBPiNqdYcwpXTmC"
}

200