matrix-spec-proposals
MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code
#4108

Open

MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code #4108

hughns wants to merge 71 commits into main from element-hq/oidc-qr-login

Placeholder

6e42f10b

MSC4108

d90eda15

hughns changed the title ~~Mechanism to allow OIDC sign in and E2EE set up via QR code~~ MSC4108: Mechanism to allow OIDC sign in and E2EE set up via QR code 2 years ago

turt2live added proposal

turt2live added client-server

turt2live added kind:core

turt2live added needs-implementation

WIP of MSC4108

f7bbba39

Auto numbers don't work on non-sequential items

177a2db9

hughns force pushed from 5cd815fb to 177a2db9 2 years ago

High level description of rendezvous protocol and consistency in payl…

f54e1945

Cheat spell checker

f34bec33

Description of rendezvous session API

2830e88b

Add description of QR format

24e2242f

Lint

21ae2cac

Notes on threat model

38eb6615

Fix broken link

9cd724f5

Resolve some more TODOs

db759eac

Merge branch 'element-hq/oidc-qr-login' of https://github.com/matrix-…

5d6fb4a2

Define POST response body explicitly

4e425afe

dkasak commented on 2024-04-05

Add Cache-Control and Pragma HTTP response headers

a302c39f

Add error codes

a81491ca

Formatting

e1f7367b

Whitespace

d8c62ed8

More formatting

ad31acf8

Tweaks to the QR code login crypto (#4129)

aa37af9b

Add missing device id check step to sequence diagram

289a810f

zecakeh commented on 2024-04-17

Remove references to rendezvous session ID

25e8fcb2

Fix POST endpoint and Location references

e12945c5

Rendezvous sessions should have a fixed lifetime and allow enough tim…

4f9a4a42

Set max payload size to 4KB and fix content-type as text/plain (#4134)

fbb30ec8

Cross signing is mandatory

fe939bed

Use unstable prefix for errcode

76f175b0

davidegirardi commented on 2024-04-23

The If-Match header on PUT requests contains the ETag

0ca3dea0

hughns marked this pull request as ready for review 2 years ago

zecakeh commented on 2024-05-07

Fix description of 304 GET response

02f18e1a

poljar commented on 2024-05-16

poljar commented on 2024-05-24

Fix m.login.failure reason typo

f49fd7f5

Fix originator of m.login.declined

73da95a9

Use server name rather than base URL and clarify well-known discovery

87f8317a

dkasak commented on 2024-09-20

Update 4108-oidc-qr-login.md

0b315f54

erikjohnston commented on 2025-02-13

tonkku107 commented on 2025-04-23

noelportillo commented on 2025-08-14

hughns changed the title ~~MSC4108: Mechanism to allow OIDC sign in and E2EE set up via QR code~~ MSC4108: Mechanism to allow OAuth sign in and E2EE set up via QR code 253 days ago

Update to match spec 1.15 and MSC4341

3545ca04

Update links from spec 1.10 to 1.15

bb5f080b

Feedback from review

2dc580e8

Min and mix rendezvous timeouts

34ade3c1

neilisfragile added matrix-2.0

turt2live added 00-weekly-pings

turt2live requested changes on 2025-09-09

erikjohnston commented on 2025-09-10

Add table of contents

0e1dd7c0

uhoreg commented on 2025-09-17

Suggestions from @uhoreg

98aedb55

Fix incorrect string

3bbba402

All nonces start at 0

d6a491b2

Make rendezvous API more like rests of Client-Server API

6f05cf2b

Make 429 errcode be M_LIMIT_EXCEEDED

2eba2182

dkasak commented on 2025-09-19

Add note bout message prefix

ad719369

Remove further references to rendezvous server

1ec7d9cc

hughns changed the title ~~MSC4108: Mechanism to allow OAuth sign in and E2EE set up via QR code~~ MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code 237 days ago

Fix more references to OAuth and MSC4341

a92f1286

More consistency on SecureSend/SecureReceive

ced44661

Split out steps and reorder for clarity

44161610

And example for `device_already_exists` outcome

e032ea78

Rendezvous authentication and optionality

9dab4087

Add alternative about unauthenticated device creating "redirect channel"

da563329

Fix description of discovery steps

6612944f

Move QR format part of proposal to where it sits in the flow

9ea6d7db

QR code clarifications

66a9124b

Wording on new/existing device

fce6f150

Remove another reference to reciprocate

95be8fd0

Reinstate note about long poll for future

740da4b5

dkasak commented on 2025-09-24

Revert removal of public key from example QRs

7d768f70

Clarify 4KB

82e775f4

Clarifications around public key in QR

3f1321b9

turt2live removed matrix-2.0

turt2live removed 00-weekly-pings

GitHub doesn't like the link syntax I used

1d45957f

Johennes commented on 2025-10-30

Update unstable prefixes including on QR code

af0a6bfd

Update QR code format under "type" 0x03

a4af2d6a

hughns commented on 2025-11-05

Use base URL in QR code and m.login.protocols message

83071d97

Update QR examples to match description

c5a9dc75

Split secure channel into MSC4388 + add intro diagram

41eaa2ac

networkException commented on 2025-12-12

Update proposals/4108-oidc-qr-login.md

c0431eb8

Remove old QR codes as now part of MSC4388

5f6828da

Add unable_to_open_verification_uri failure reason

042e5ab9

Add an example of where user_cancelled can be used

59cb21c9

Complete the "potential issues" section

ec246728

turt2live removed needs-implementation

turt2live added implementation-needs-checking

hughns requested a review from

turt2live 21 days ago

turt2live removed review request from

turt2live 17 days ago

Reviewers

turt2live

dkasak

erikjohnston

uhoreg

poljar

networkException

Johennes

noelportillo

davidegirardi

tonkku107

zecakeh

Assignees

No one assigned

Labels

proposal client-server kind:core implementation-needs-checking

Milestone

No milestone

matrix-spec-proposals MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code #4108 Open

MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code #4108

matrix-spec-proposals
MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code
#4108

Open