Switch to Identity Service API v2

anoadragon453 commented 3 years ago

The v1 Identity Service API will be dropped from the spec soon. There are a number of places where we still use v1 APIs, where we should instead first try v2, then fall back to v1.

https://github.com/matrix-org/synapse/blob/e550ab17adc8dd3c48daf7fedcd09418a73f524b/synapse/handlers/identity.py#L124-L137

https://github.com/matrix-org/synapse/blob/0a00b7ff14890987f09112a2ae696c61001e6cf1/synapse/handlers/identity.py#L273-L279

https://github.com/matrix-org/synapse/blob/0a00b7ff14890987f09112a2ae696c61001e6cf1/synapse/handlers/identity.py#L446-L456

https://github.com/matrix-org/synapse/blob/0a00b7ff14890987f09112a2ae696c61001e6cf1/synapse/handlers/identity.py#L499-L508

https://github.com/matrix-org/synapse/blob/0a00b7ff14890987f09112a2ae696c61001e6cf1/synapse/handlers/identity.py#L586-L595

I believe we also store IS URLs (/_matrix/identity/api/v1/pubkey/[ephemeral/]isvalid) in third-party invite state events, which will eventually fail once IS's drop v1 APIs. Edit: Yes, we do:

{
  "type": "m.room.third_party_invite",
  "sender": "@andrewm:amorgan.xyz",
  "content": {
    "display_name": "h...@g...",
    "public_keys": [
      {
        "key_validity_url": "https://vector.im/_matrix/identity/api/v1/pubkey/isvalid",
        "public_key": "ta8IQ0u1sp44HVpxdFOdS/bfwDjcy4xLFFlfY5KOA"
      },
      {
        "key_validity_url": "https://vector.im/_matrix/identity/api/v1/pubkey/ephemeral/isvalid",
        "public_key": "unYLHHHx_-kYDh9RLh5RvfcTrDgWnNtLdgPC3yM"
      }
    ],
    "key_validity_url": "https://vector.im/_matrix/identity/v2/pubkey/isvalid",
    "public_key": "ta8IQ0u1sp44HVpxYi7dFOdS/bfwDjcy4xLFlfY5KOA"
  },
  "state_key": "HgjJXrYyxxxOtdmyiJHyYRTjMMAiFdDrbCPqyCMdgCSyGMvxsyztxNQHBXMcUOnLjUOdhCMzSzwYEowxPqIYGYcOnXzNMvAlyOKOmnWrnfglNfBAeVfmZLBvQRqDGg",
  "event_id": "$161658804355dhuce:amorgan.xyz",
  "origin_server_ts": 1616588043476,
  "unsigned": {
    "age": 6048
  },
  "room_id": "!xxx:amorgan.xyz"
}

Update 2022/06/24: It's also worth noting that we use the v1 /store-invite and pubkey/isvalid APIs when clients send a 3pid invite with no id_access_token, which we need to disable:

https://github.com/matrix-org/synapse/blob/d54909956ef616d976b3d9969be994df5b65030a/synapse/handlers/identity.py#L893-L911

richvdh commented 3 years ago

a bunch of this code is for delegation of 3pid validation to the IS. If we remove that (as we should: #5881), this job gets easier.

richvdh commented 2 years ago

This is currently blocked by #5881.

richvdh commented 2 years ago

Breaking this down a bit, and excluding things removed in #13192:

[x] /_matrix/identity/api/v1/3pid/unbind: https://github.com/matrix-org/synapse/issues/13171
[ ] /_matrix/identity/api/v1/validate/msisdn/requestToken, /_matrix/identity/api/v1/validate/msisdn/submitToken, /_matrix/identity/api/v1/3pid/getValidated3pid: these are all used as part of the msisdn-verification flow which is currently delegated to identity servers; for that, see #5881 and https://github.com/vector-im/element-meta/issues/478
[x] /_matrix/identity/api/v1/3pid/bind: https://github.com/matrix-org/synapse/issues/13201
[x] /_matrix/identity/api/v1/lookup, /_matrix/identity/api/v1/store_invite, /_matrix/identity/api/v1/pubkey/isvalid: https://github.com/matrix-org/synapse/issues/13206

I think that's a complete list of the way Synapse uses the v1 API.

matrix-org / synapse

Switch to Identity Service API v2 #9677