MSC1692: Terms of service at registration #1692
Conversation
turt2live
added
proposal-ready-for-review
proposal
|
Also I just found #1231 which doesn't appear to have a conclusion to it. This proposal also alters how https://github.com/matrix-org/matrix-doc/issues/1252 works. |
|
This looks mostly sane I guess, though I don't really know much about registration/login. One thing that I'm unsure of is the behaviour when we need the user to agree to an updated ToS. Locking down the APIs and returning 403s has a number of issues:
I also think it'd make more sense to return a 401 with a specific error code. That way "dumb" clients just log out and the user can log in again and accept the updated ToS. Smarter clients can interpret the 401 and show a "accept ToS" screen. |
|
I agree with almost everything here, except the need for a new endpoint. I strongly disagree with It seems like it's going to take the same amount of effort whichever way this goes, so why not make this endpoint generic now to save some effort for future proposals. |
There's nothing stopping the homeserver from saying a policy is not required and then later requiring it. The proposal should be fairly supportive of whatever the homeserver admin wants to do by not being overly opinionated.
Logging the user out sounds really bad for dumb clients. If that dumb client has e2e support (which is not impossible) then that user could lose data. This is probably another great case where a soft logout would work, although it would probably need to be carefully executed. |
I'd like to see a strong use case for other cases where UI auth is helpful on the account data. As previously mentioned several times, I do not see the benefit in adding such a feature where it results in complicated client code. |
|
Sure. I think I have failed to explain where this could also be useful, so I will write up a through explanation this evening. (This can serve as a placeholder) |
This also introduces an ID for clients to internally reference the policies.
|
I've made some changes to this based on the feedback above:
I have not changed the proposal regarding introduction of a new endpoint. I've spent the better part of the week thinking about whether or not it is worth it, and I'm still not convinced that having UI auth on account data makes sense for primarily backwards compatibility reasons. Older clients would likely see the 401 as the user's token suddenly not being valid and log them out, which is a lot more dangerous than having another endpoint. Although older clients would not be accessing the terms metadata as they would not understand it, I don't think the proposal to add UI auth to account data would be worth it unless it was permitted on any event type - which could cause problems when someone inevitably blanket-enables it in their homeserver. Ideally in a major version change of the spec we could support UI auth on most endpoints, not just account data, therefore adding an option for more security-conscious environments. For example, a homeserver may rightfully want to prevent the user from uploading content until they acknowledge that they actually own the content. Another scenario would be the homeserver requiring a user to refresh their login details after some time - previously we had a token refresh API however I don't believe it was supportive of alternative login flows, such as TOTP, being required to authenticate a user. |
|
@turt2live is my understanding correct that Synapse already implements this (UGH)? And if so does the current MSC match the implementation? |
Yes and yes. If you've had the unfortunate opportunity to review the original MSC here, the bits which Synapse doesn't implement were already broken out to #3012 |
|
🔔 This is now entering its final comment period, as per the review above. 🔔 |
mscbot
added
final-comment-period
|
The final comment period, with a disposition to merge, as per the review above, is now complete. |
mscbot
added
finished-final-comment-period
and removed
disposition-merge
final-comment-period
turt2live
added
spec-pr-missing
* Terms of service API proposal * Alter structures to support multiple languages This also introduces an ID for clients to internally reference the policies. * Alter the login process to reflect login's lack of UI auth * Add a note about MSC2140 * Add a flag to the sync response to indicate the sync is withheld * Use the soft logout MSC * Fix headings * Move non-registration bits out * Reference MSC3012 * Adjust wording for new scope * Rewrite to newer modern standards; address feedback from last FCP * Update proposals/1692-terms-at-registration.md Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update references --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| To complete the stage, accepting *all* of the listed documents, the client submits an empty `auth` | ||
| dict. The client *should* present the user with a checkbox to accept each policy, including a link |
There was a problem hiding this comment.
an empty
authdict
This can't be right. I'm assuming it means an auth dict which looks like:
"auth": {
"type": "m.login.terms",
"session": "xxxxxx"
}(ie, nothing other than the type and session).
There was a problem hiding this comment.
err, yes. UIA is complicated, and I can believe this part of the MSC was written with confusion.
It'd be the same as dummy auth: https://spec.matrix.org/v1.10/client-server-api/#dummy-auth
|
Spec PR: matrix-org/matrix-spec#1812 |
richvdh
added
spec-pr-in-review
Spec for matrix-org/matrix-spec-proposals#1692 Co-authored-by: Hubert Chathi <hubertc@matrix.org>
|
Merged 🎉 |
turt2live
added
merged
Rendered
Implementation: matrix-org/synapse#4004
FCP tickyboxes
Notes from 2018:
This proposal is the first to try a new process where we avoid creating excess issues with locked discussions. Discussion about this proposal should happen on this PR, preferably inline where possible.
Riot/synapse is going ahead and trying out the registration portion of this proposal to fix a UX bug. Given UI auth has fallback support, this should not break any clients and can be easily modified in the future if this proposal were to change. Implementation is required as a proof of concept for the proposal anyways.