-
-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify when state_key
needs to be ""
in authorization rules
#1998
Comments
Related: #365 |
In practice, Synapse understands this to be a part of auth rule 2.2, which states:
The actual requirements for My conclusion is that the intention was to consider an event with a state tuple like ( |
Firstly, aren't authorization rules 2.* referring to events that appear in the current event's Secondly, my understanding is that the C2S API documentation is not to be trusted for authorization rules. For an example we all know and love, the C2S API has specific requirements on the value of |
Your reading is correct, 2.2 is solely about auth events of events, not the events themselves. However, my interpretation of the intended effects is that events with state tuples such as (
I completely agree that the current state of this spec in this area is subpar and it was not my intent to argue that the issue should be closed without changes to the spec. The spec should clarify the intended behaviour in a better place, likely in the room version. I'm just trying to see whether this is a glaring omission or something more akin to a clarification, and I think it's the latter. |
The spec's intention is indeed that non-empty state keys on auth event types are treated as any other random state event: no meaning to the operation of the room. Only state events with empty string state keys are true auth events. This definitely sounds like clarification territory, as the current auth rules (and state res) spec appears to assume the reader knows this. |
Link to problem area:
https://spec.matrix.org/v1.12/rooms/v11/#authorization-rules
Issue
It's not explicit that state events without other requirements on the
state_key
field must be""
.For example, there's nothing like
for handling
m.room.create
events.The text was updated successfully, but these errors were encountered: