Client-server r0.6.0 and Identity Service r0.3.0 releases

2019-11-08 — General — Travis Ralston

Hey all,

For the last several months the team has been working on tightening up privacy in Matrix, and with the 1.4 release of Synapse and Riot quite a lot has been done in the area. One of the remaining pieces was to release all the specification changes to help other client/server implementations achieve the same goals, and now we've done that.

The Client-Server r0.6.0 and Identity Service r0.3.0 spec releases both cover the privacy improvements added through a number of MSCs in the last few months. Of particular note is that identity servers are now expected to support terms of service endpoints, which requires authentication that clients might need to worry about - check the spec changelogs for details.

The full changelog for the Client-Server r0.6.0 release is:

  • Breaking Changes

    • Add id_access_token as a required request parameter to a few endpoints which require an id_server parameter as part of MSC2140. (#2255)
  • New Endpoints

    • Add POST /account/3pid/unbind for removing a 3PID from an identity server. (#2282)
  • Backwards Compatible Changes

    • Add M_USER_DEACTIVATED error code. (#2234)
    • Remove bind_msisdn and bind_email from /register now that the identity server's bind endpoint requires authentication. (#2279)
    • Add m.identity_server account data for tracking the user's preferred identity server. (#2281)
    • Deprecate id_server and make it optional in several places. (#2310)
  • Spec Clarifications

    • Add missing format fields to m.room.message$m.notice schema. (#2125)
    • Remove "required" designation from the url field of certain m.room.message msgtypes. (#2129)
    • Fix various typos throughout the specification. (#2131, #2136, #2148, #2215)
    • Clarify the distinction between m.key.verification.start and its m.sas.v1 variant. (#2132)
    • Fix link to Olm signing specification. (#2133)
    • Clarify the conditions for the .m.rule.room_one_to_one push rule. (#2152)
    • Clarify the encryption algorithms supported by the device of the device keys example. (#2157)
    • Clarify that /rooms/:roomId/event/:eventId returns a Matrix error. (#2204)
    • Add a missing state_key check on .m.rule.tombstone. (#2223)
    • Fix the m.room_key_request action value, setting it from cancel_request to request_cancellation. (#2247)
    • Clarify that the submit_url field is without authentication. (#2341)
    • Clarify the expected phone number format. (#2342)
    • Clarify that clients should consider not requesting URL previews in encrypted rooms. (#2343)
    • Add missing information on how filters are meant to work with /context. (#2344)
    • Clarify what the keys are for rooms in /sync. (#2345)

The full changelog for the Identity Service r0.3.0 release is:

  • New Endpoints

    • Add /account, /account/register, and /account/logout to authenticate with the identity server. (#2255)
    • Add endpoints for accepting and handling terms of service. (#2258)
    • Add /hash_details and a new /lookup endpoint for performing hashed association lookups. (#2287)
  • Backwards Compatible Changes

    • Deprecate the v1 API in favour of an authenticated v2 API. (#2254)