Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Switch to Identity Service API v2 #9677

Open
anoadragon453 opened this issue Mar 23, 2021 · 3 comments
Open

Switch to Identity Service API v2 #9677

anoadragon453 opened this issue Mar 23, 2021 · 3 comments
Labels
A-Spec-Compliance places where synapse does not conform to the spec O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Major functionality / product severely impaired, no satisfactory workaround. T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. Z-Future-Maintenance Things that can't yet be done, but will need cleaning up in a couple of months/releases
Milestone
Revisit: Next Qua...

Comments

@anoadragon453
Copy link
Member

anoadragon453 commented Mar 23, 2021
edited by richvdh
Loading

The v1 Identity Service API will be dropped from the spec soon. There are a number of places where we still use v1 APIs, where we should instead first try v2, then fall back to v1.

synapse/synapse/handlers/identity.py

Lines 124 to 137 in e550ab1

url = id_server + "/_matrix/identity/api/v1/3pid/getValidated3pid"
try:
data = await self.http_client.get_json(url, query_params)
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except HttpResponseException as e:
logger.info(
"%s returned %i for threepid validation for: %s",
id_server,
e.code,
creds,
)
return None

synapse/synapse/handlers/identity.py

Lines 273 to 279 in 0a00b7f

url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
url_bytes = "/_matrix/identity/api/v1/3pid/unbind".encode("ascii")
content = {
"mxid": mxid,
"threepid": {"medium": threepid["medium"], "address": threepid["address"]},
}

synapse/synapse/handlers/identity.py

Lines 446 to 456 in 0a00b7f

try:
data = await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/email/requestToken",
params,
)
return data
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")

synapse/synapse/handlers/identity.py

Lines 499 to 508 in 0a00b7f

try:
data = await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/msisdn/requestToken",
params,
)
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")

synapse/synapse/handlers/identity.py

Lines 586 to 595 in 0a00b7f

try:
return await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken",
body,
)
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except HttpResponseException as e:
logger.warning("Error contacting msisdn account_threepid_delegate: %s", e)
raise SynapseError(400, "Error contacting the identity server")

I believe we also store IS URLs (/_matrix/identity/api/v1/pubkey/[ephemeral/]isvalid) in third-party invite state events, which will eventually fail once IS's drop v1 APIs. Edit: Yes, we do:

{
  "type": "m.room.third_party_invite",
  "sender": "@andrewm:amorgan.xyz",
  "content": {
    "display_name": "h...@g...",
    "public_keys": [
      {
        "key_validity_url": "https://vector.im/_matrix/identity/api/v1/pubkey/isvalid",
        "public_key": "ta8IQ0u1sp44HVpxdFOdS/bfwDjcy4xLFFlfY5KOA"
      },
      {
        "key_validity_url": "https://vector.im/_matrix/identity/api/v1/pubkey/ephemeral/isvalid",
        "public_key": "unYLHHHx_-kYDh9RLh5RvfcTrDgWnNtLdgPC3yM"
      }
    ],
    "key_validity_url": "https://vector.im/_matrix/identity/v2/pubkey/isvalid",
    "public_key": "ta8IQ0u1sp44HVpxYi7dFOdS/bfwDjcy4xLFlfY5KOA"
  },
  "state_key": "HgjJXrYyxxxOtdmyiJHyYRTjMMAiFdDrbCPqyCMdgCSyGMvxsyztxNQHBXMcUOnLjUOdhCMzSzwYEowxPqIYGYcOnXzNMvAlyOKOmnWrnfglNfBAeVfmZLBvQRqDGg",
  "event_id": "$161658804355dhuce:amorgan.xyz",
  "origin_server_ts": 1616588043476,
  "unsigned": {
    "age": 6048
  },
  "room_id": "!xxx:amorgan.xyz"
}

Update 2022/06/24: It's also worth noting that we use the v1 /store-invite and pubkey/isvalid APIs when clients send a 3pid invite with no id_access_token, which we need to disable:

synapse/synapse/handlers/identity.py

Lines 893 to 911 in d549099

key_validity_url = "%s%s/_matrix/identity/api/v1/pubkey/isvalid" % (
id_server_scheme,
id_server,
)
url = base_url + "/api/v1/store-invite"
try:
data = await self.blacklisting_http_client.post_json_get_json(
url, invite_config
)
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except HttpResponseException as e:
logger.warning(
"Error trying to call /store-invite on %s%s: %s",
id_server_scheme,
id_server,
e,
)

@anoadragon453 anoadragon453 added z-maintenance T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. labels Mar 23, 2021
@anoadragon453 anoadragon453 mentioned this issue Mar 24, 2021
Merged
@richvdh richvdh mentioned this issue Apr 7, 2021
Open
@richvdh
Copy link
Member

richvdh commented Apr 7, 2021

a bunch of this code is for delegation of 3pid validation to the IS. If we remove that (as we should: #5881), this job gets easier.

@richvdh richvdh added the Z-Future-Maintenance Things that can't yet be done, but will need cleaning up in a couple of months/releases label Apr 7, 2021
@callahad callahad added the P2 label Apr 14, 2021
@richvdh richvdh mentioned this issue Jul 15, 2021
Open
@callahad callahad added this to the Revisit: Monthly milestone Sep 15, 2021
@callahad callahad self-assigned this Jan 6, 2022
@richvdh
Copy link
Member

richvdh commented Mar 23, 2022

This is currently blocked by #5881.

@richvdh richvdh added the A-Spec-Compliance places where synapse does not conform to the spec label Jun 24, 2022
This was referenced Jul 4, 2022
Closed
Closed
@richvdh
Copy link
Member

richvdh commented Jul 6, 2022
edited by clokep
Loading

Breaking this down a bit, and excluding things removed in #13192:

I think that's a complete list of the way Synapse uses the v1 API.

@DMRobertson DMRobertson added S-Major Major functionality / product severely impaired, no satisfactory workaround. O-Occasional Affects or can be seen by some users regularly or most users rarely and removed z-maintenance labels Aug 25, 2022
@matrixbot matrixbot mentioned this issue Dec 21, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-Spec-Compliance places where synapse does not conform to the spec O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Major functionality / product severely impaired, no satisfactory workaround. T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. Z-Future-Maintenance Things that can't yet be done, but will need cleaning up in a couple of months/releases
Projects
None yet
Milestone
Revisit: Next Quarter
Development

No branches or pull requests
5 participants
@callahad @anoadragon453 @richvdh @erikjohnston @DMRobertson