Skip to content

MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code #4108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hughns wants to merge 71 commits into
base: main
Choose a base branch
from
+904 −0
Open

MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code #4108

Changes from 1 commit
Commits
Show all changes
71 commits
Select commit Hold shift + click to select a range
6e42f10
Placeholder
hughns Feb 22, 2024
d90eda1
MSC4108
hughns Feb 22, 2024
f7bbba3
WIP of MSC4108
hughns Apr 3, 2024
177a2db
Auto numbers don't work on non-sequential items
hughns Apr 3, 2024
f54e194
High level description of rendezvous protocol and consistency in payl…
hughns Apr 4, 2024
f34bec3
Cheat spell checker
hughns Apr 4, 2024
2830e88
Description of rendezvous session API
hughns Apr 4, 2024
24e2242
Add description of QR format
hughns Apr 4, 2024
21ae2ca
Lint
hughns Apr 4, 2024
38eb661
Notes on threat model
hughns Apr 4, 2024
9cd724f
Fix broken link
hughns Apr 4, 2024
db759ea
Resolve some more TODOs
hughns Apr 4, 2024
5d6fb4a
Merge branch 'element-hq/oidc-qr-login' of https://github.com/matrix-…
hughns Apr 4, 2024
4e425af
Define POST response body explicitly
hughns Apr 5, 2024
a302c39
Add Cache-Control and Pragma HTTP response headers
hughns Apr 9, 2024
a81491c
Add error codes
hughns Apr 10, 2024
e1f7367
Formatting
hughns Apr 15, 2024
d8c62ed
Whitespace
hughns Apr 15, 2024
ad31acf
More formatting
hughns Apr 15, 2024
aa37af9
Tweaks to the QR code login crypto (#4129)
dkasak Apr 16, 2024
289a810
Add missing device id check step to sequence diagram
hughns Apr 16, 2024
25e8fcb
Remove references to rendezvous session ID
hughns Apr 18, 2024
e12945c
Fix POST endpoint and Location references
hughns Apr 18, 2024
4f9a4a4
Rendezvous sessions should have a fixed lifetime and allow enough tim…
hughns Apr 19, 2024
fbb30ec
Set max payload size to 4KB and fix content-type as text/plain (#4134)
hughns Apr 22, 2024
fe939be
Cross signing is mandatory
hughns Apr 22, 2024
76f175b
Use unstable prefix for errcode
hughns Apr 22, 2024
0ca3dea
The If-Match header on PUT requests contains the ETag
hughns Apr 23, 2024
02f18e1
Fix description of 304 GET response
hughns May 8, 2024
f49fd7f
Fix m.login.failure reason typo
hughns May 28, 2024
73da95a
Fix originator of m.login.declined
hughns May 30, 2024
87f8317
Use server name rather than base URL and clarify well-known discovery
hughns Jun 12, 2024
0b315f5
Update 4108-oidc-qr-login.md
hughns Sep 21, 2024
3545ca0
Update to match spec 1.15 and MSC4341
hughns Sep 3, 2025
bb5f080
Update links from spec 1.10 to 1.15
hughns Sep 3, 2025
2dc580e
Feedback from review
hughns Sep 3, 2025
34ade3c
Min and mix rendezvous timeouts
hughns Sep 3, 2025
0e1dd7c
Add table of contents
hughns Sep 15, 2025
98aedb5
Suggestions from @uhoreg
hughns Sep 19, 2025
3bbba40
Fix incorrect string
hughns Sep 19, 2025
d6a491b
All nonces start at 0
hughns Sep 19, 2025
6f05cf2
Make rendezvous API more like rests of Client-Server API
hughns Sep 19, 2025
2eba218
Make 429 errcode be M_LIMIT_EXCEEDED
hughns Sep 19, 2025
ad71936
Add note bout message prefix
hughns Sep 19, 2025
1ec7d9c
Remove further references to rendezvous server
hughns Sep 19, 2025
a92f128
Fix more references to OAuth and MSC4341
hughns Sep 19, 2025
ced4466
More consistency on SecureSend/SecureReceive
hughns Sep 19, 2025
4416161
Split out steps and reorder for clarity
hughns Sep 22, 2025
e032ea7
And example for `device_already_exists` outcome
hughns Sep 22, 2025
9dab408
Rendezvous authentication and optionality
hughns Sep 22, 2025
da56332
Add alternative about unauthenticated device creating "redirect channel"
hughns Sep 22, 2025
6612944
Fix description of discovery steps
hughns Sep 24, 2025
9ea6d7d
Move QR format part of proposal to where it sits in the flow
hughns Sep 24, 2025
66a9124
QR code clarifications
hughns Sep 24, 2025
fce6f15
Wording on new/existing device
hughns Sep 24, 2025
95be8fd
Remove another reference to reciprocate
hughns Sep 24, 2025
740da4b
Reinstate note about long poll for future
hughns Sep 24, 2025
7d768f7
Revert removal of public key from example QRs
hughns Sep 24, 2025
82e775f
Clarify 4KB
hughns Sep 24, 2025
3f1321b
Clarifications around public key in QR
hughns Sep 24, 2025
1d45957
GitHub doesn't like the link syntax I used
hughns Oct 14, 2025
af0a6bf
Update unstable prefixes including on QR code
hughns Oct 31, 2025
a4af2d6
Update QR code format under "type" 0x03
hughns Nov 3, 2025
83071d9
Use base URL in QR code and m.login.protocols message
hughns Nov 7, 2025
c5a9dc7
Update QR examples to match description
hughns Nov 14, 2025
41eaa2a
Split secure channel into MSC4388 + add intro diagram
hughns Dec 10, 2025
c0431eb
Update proposals/4108-oidc-qr-login.md
hughns Dec 12, 2025
5f6828d
Remove old QR codes as now part of MSC4388
hughns Mar 17, 2026
042e5ab
Add unable_to_open_verification_uri failure reason
hughns Mar 17, 2026
59cb21c
Add an example of where user_cancelled can be used
hughns Mar 17, 2026
ec24672
Complete the "potential issues" section
hughns Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Notes on threat model
  • Loading branch information
@hughns
hughns committed Apr 4, 2024
commit 38eb66151ee558d2615fbda429954455b80e5eee
12 changes: 11 additions & 1 deletion proposals/4108-oidc-qr-login.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1447,7 +1447,17 @@ will soon be verified.

## Security considerations
Comment thread
hughns marked this conversation as resolved.

See individual threat analysis sections above.
This proposed mechanism has been designed to protects users and their devices from the following threats:

- A malicious actor who is able to scan the QR code generated by the legitimate user.
- A malicious actor who can intercept and modify traffic on the application layer, even if protected by encryption like TLS.
- Both of the above at the same time.

Additionally, the OIDC Provider is able to define and enforce policies that can prevent a sign in on a new device.
Such policies depend on the OIDC Provider in use and could include, but are not limited to, time of day, day of the week,
source IP address and geolocation.

A threat analysis has been done within each of the key layers in the proposal above.

## Unstable prefix

Expand Down