Skip to content

Support personal access tokens for introspection #5171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 20, 2025
Merged

Support personal access tokens for introspection #5171

merged 5 commits into from
Oct 20, 2025

Conversation

reivilibre
Copy link
Contributor

Follows: #5106
Part of: #4492

This PR makes it so that you can present a personal access token (mpt_ prefix) at introspection and have it accepted.

This means personal access tokens can be presented to Synapse and used on the client-server API.

@cloudflare-workers-and-pages
Copy link

Deploying matrix-authentication-service-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 66f8814
Status: ✅  Deploy successful!
Preview URL: https://97fc8df0.matrix-authentication-service-docs.pages.dev
Branch Preview URL: https://rei-pat-2.matrix-authentication-service-docs.pages.dev

View logs

@reivilibre reivilibre marked this pull request as ready for review October 20, 2025 16:58
sandhose
sandhose approved these changes Oct 20, 2025
View reviewed changes
crates/handlers/src/activity_tracker/mod.rs
&self,
clock: &dyn Clock,
session: &Session,
session: &PersonalSession,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙈

crates/handlers/src/oauth2/introspection.rs
Comment on lines +690 to +695
PersonalSessionOwner::OAuth2Client(owner_client_id) => {
let owner_client = repo
.oauth2_client()
.lookup(owner_client_id)
.await?
.ok_or(RouteError::CantLoadOAuth2Client(owner_client_id))?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean in theory we have a FK preventing this but sure, doesn't hurt :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed, though we do this already for some things, it felt easier to go with the flow somewhat

@reivilibre reivilibre merged commit 0d27c34 into main Oct 20, 2025
20 checks passed
@reivilibre reivilibre deleted the rei/pat_2 branch October 20, 2025 17:25
reivilibre added a commit that referenced this pull request Oct 22, 2025
@reivilibre
Support introspection of personal access tokens (#5171)
d82f71d 
You can now present a personal access token (mpt_ prefix) at introspection and have it accepted.

This means personal access tokens can be presented to Synapse and used on the client-server API.
@sandhose sandhose added the A-Dependencies Pull requests that update a dependency file label Oct 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandhose sandhose sandhose approved these changes

Assignees

No one assigned

Labels

A-Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@reivilibre @sandhose