POST /_matrix/identity/v2/validate/msisdn/submitToken returns HTTP-500 if token is not valid

[bmarty]

With the following body:

{"error": "Internal Server Error", "errcode": "M_UNKNOWN"}

This error can happen often, because user can enter the received code by SMS (= the token) manually.

A more appropriate error may be created (for instance M_INVALID_TOKEN), for a better API contract.

For the moment, Riot-Web display a dialog with the error content, which is not very user friendly.

Spec: https://matrix.org/docs/spec/identity_service/latest#post-matrix-identity-v2-validate-msisdn-submittoken

[anoadragon453]

M_UNKNOWN_TOKEN exists. Does that work for your purposes @bmarty?

This change could technically affect existing clients, so an MSC would be necessary according to this document. However, this could prove as the implementation for this proposal.

Waiting to hear back from you.

[bmarty]

@anoadragon453 M_UNKNOWN_TOKEN refers to the access token, which is not the same thing here, and is not documented here https://matrix.org/docs/spec/identity_service/latest#api-standards

I would add a new error M_INVALID_TOKEN for this specific use case, so yes, an MSC is probably required.

Also note that the same problem also exists in Synapse, when validating MSISDN token also received by SMS. So the new error should also be added in https://matrix.org/docs/spec/client_server/r0.6.1#api-standards