richvdh
commented
2 months ago @Kladki could you look at the changelog to see which MSC proposed this change, to see if there is more detail there?
Open Kladki opened 2 months ago
richvdh
commented
2 months ago @Kladki could you look at the changelog to see which MSC proposed this change, to see if there is more detail there?
Kladki
commented
2 months ago MSC4026 introduced this change. Looking at the proposal itself and the surrounding discussion, I do not see what to do in this scenario mentioned anywhere.
richvdh
commented
2 months ago Mhmm. Seems like we need another MSC!
Kladki
commented
2 months ago There is also a similar issue with appservices, where in Conduit it also rejects the call to /versions if the user (either from the user_id query param or sender_localpart from the registration) does not exist, while Synapse again behaves as if no auth was provided. Should this also be part of the MSC, or should it be separate?
Link to problem area:
https://spec.matrix.org/v1.10/client-server-api/#get_matrixclientversions
Issue:
As of v1.10, the
/versionsendpoint has become the first to optionally accept authentication. However, it is not specified whether if authentication is provided and is invalid whether the server should return an error, or just perform like there was no authentication provided in the first place.