MSC2284: Making the identity server optional during discovery

[turt2live]

Rendered

[jryans]

This seems reasonable to me from a client perspective... The IS should (soon) be optional for all authentication flows, so it's only needed lazily for lookups and binding.

[joepie91]

I feel like in the interest of infrastructure debuggability and general client UX, there should be a flag that indicates whether the identity server is intentionally disabled, so that intelligent clients can distinguish between this and an erroneous misconfiguration (or transient unavailability due to infrastructural issues).

[turt2live]

I'm not sure I agree. In terms of transient unavailability, users won't be able to log in in the first place because the homeserver information will also be missing. Spelling errors, structural problems, etc are easily debugged by a community member in a support channel - the problem should be obvious. For instance, if you end up with a user experience that doesn't involve the identity server you were expecting, you can probably guess that it has to do with your config. Hopefully people these days are still testing their configuration changes before going live.

The other point for defaulting to no identity server instead of wanting an explicit flag is to protect user privacy. Where possible, the spec should be heavily suggesting to clients that a default identity server not be used. When the spec says that lack of useful identity server information means that none is selected, the client can't reasonably default to an identity server which might be risky to the user. Not to mention a flag saying "I absolutely don't want to use an identity server" is more fiddly to implement, particularly when the interaction between users and homeservers is already insanely complicated during login.

[ara4n]

This feels very sane indeed to me - we've been bitten multiple times by inexplicable client failures just because the IS was unavailable, and given an IS isn't even compulsory, an invalid IS shouldn't block anything.

[turt2live]

This seems largely accepted by the spec core team and surrounding teams, so to try and push it forward/get more feedback:

@mscbot fcp merge

[mscbot]

Team member @turt2live has proposed to merge this. The next step is review by the rest of the tagged people:

• @KitsuneRal
• @anoadragon453
• @ara4n
• @dbkr
• @erikjohnston
• @richvdh
• @turt2live
• @uhoreg

No concerns currently listed.

Once at least 75% of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

[KitsuneRal]

I'm generally not a fan of adding prompts to UX but I agree that FAIL_ERROR is a bit too harsh and that client applications can do some further intelligence on whether/how they should interact with the user on the matter.

[mscbot]

🔔 This is now entering its final comment period, as per the review above. 🔔

[turt2live]

hello @mscbot, it is time.

[mscbot]

The final comment period, with a disposition to merge, as per the review above, is now complete.

[turt2live]

Historical implementation on this is here: matrix-org/matrix-js-sdk#1062

[turt2live]

Merged 🎉