MatrixSynapse/v1.44/usage/administration/admin_api/registration_tokens.html

492 lines
29 KiB
HTML
Raw Normal View History

<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js light">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Registration Tokens - Synapse</title>
<!-- Custom HTML head -->
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="../../../favicon.svg">
<link rel="shortcut icon" href="../../../favicon.png">
<link rel="stylesheet" href="../../../css/variables.css">
<link rel="stylesheet" href="../../../css/general.css">
<link rel="stylesheet" href="../../../css/chrome.css">
<link rel="stylesheet" href="../../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="../../../highlight.css">
<link rel="stylesheet" href="../../../tomorrow-night.css">
<link rel="stylesheet" href="../../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<link rel="stylesheet" href="../../../docs/website_files/table-of-contents.css">
<link rel="stylesheet" href="../../../docs/website_files/remove-nav-buttons.css">
<link rel="stylesheet" href="../../../docs/website_files/indent-section-headers.css">
</head>
<body>
<!-- Provide site root to javascript -->
<script type="text/javascript">
var path_to_root = "../../../";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script type="text/javascript">
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script type="text/javascript">
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('light')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script type="text/javascript">
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><li class="part-title">Introduction</li><li class="chapter-item expanded "><a href="../../../welcome_and_overview.html">Welcome and Overview</a></li><li class="chapter-item expanded affix "><li class="part-title">Setup</li><li class="chapter-item expanded "><a href="../../../setup/installation.html">Installation</a></li><li class="chapter-item expanded "><a href="../../../postgres.html">Using Postgres</a></li><li class="chapter-item expanded "><a href="../../../reverse_proxy.html">Configuring a Reverse Proxy</a></li><li class="chapter-item expanded "><a href="../../../setup/forward_proxy.html">Configuring a Forward/Outbound Proxy</a></li><li class="chapter-item expanded "><a href="../../../turn-howto.html">Configuring a Turn Server</a></li><li class="chapter-item expanded "><a href="../../../delegate.html">Delegation</a></li><li class="chapter-item expanded affix "><li class="part-title">Upgrading</li><li class="chapter-item expanded "><a href="../../../upgrade.html">Upgrading between Synapse Versions</a></li><li class="chapter-item expanded "><a href="../../../MSC1711_certificates_FAQ.html">Upgrading from pre-Synapse 1.0</a></li><li class="chapter-item expanded affix "><li class="part-title">Usage</li><li class="chapter-item expanded "><a href="../../../federate.html">Federation</a></li><li class="chapter-item expanded "><a href="../../../usage/configuration/index.html">Configuration</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../../usage/configuration/homeserver_sample_config.html">Homeserver Sample Config File</a></li><li class="chapter-item expanded "><a href="../../../usage/configuration/logging_sample_config.html">Logging Sample Config File</a></li><li class="chapter-item expanded "><a href="../../../structured_logging.html">Structured Logging</a></li><li class="chapter-item expanded "><a href="../../../templates.html">Templates</a></li><li class="chapter-item expanded "><a href="../../../usage/configuration/user_authentication/index.html">User Authentication</a></li><li><ol class="section"><li class="chapter-item expanded "><div>Single-Sign On</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../../openid.html">OpenID Connect</a></li><li class="chapter-item expanded "><div>SAML</div></li><li class="chapter-item expanded "><div>CAS</div></li><li class="chapter-item expanded "><a href="../../../sso_mapping_providers.html">SSO Mapping Providers</a></li></ol></li><li class="chapter-item expanded "><a href="../../../password_auth_providers.html">Password Auth Providers</a></li><li class="chapter-item expanded "><a href="../../../jwt.html">JSON Web Tokens</a></li></ol></li><li class="chapter-item expanded "><a href="../../../CAPTCHA_SETUP.html">Registration Captcha</a></li><li class="chapter-item expanded "><a href="../../../application_services.html">Application Services</a></li><li class="chapter-item expanded "><a href="../../../server_notices.html">Server Notices</a></li><li class="chapter-item expanded "><a href="../../../consent_tracking.html">Consent Tracking</a></li><li class="chapter-item expanded "><a href="../../../development/url_previews.html">URL Previews</a></li><li class="chapter-item expanded "><a href="../../../user_directory.html">User Directory</a></li><li class="chapter-item expanded "><a href="../../../message_retention_policies.html">Message Retention Policies</a></li><li class="chapter-item expanded "><a href="../../../modules/index.html">Pluggable Modules</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../../modules/writing_a_module.html">Writing a module</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../../modules/spam_checker_callbacks.html">Spam checker callbacks</a></li><li class="chapter-item expanded "><a href="../../../modules/third_party_rules_callbacks.html">Third-party rules callbacks</a></li><li class="chapter-item expanded "><a href="../../../modules/presence_router_callbacks.html
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky bordered">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light (default)</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Synapse</h1>
<div class="right-buttons">
<a href="../../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/matrix-org/synapse" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/matrix-org/synapse/edit/develop/docs/usage/administration/admin_api/registration_tokens.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script type="text/javascript">
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<!-- Page table of contents -->
<div class="sidetoc">
<nav class="pagetoc"></nav>
</div>
<h1 id="registration-tokens"><a class="header" href="#registration-tokens">Registration Tokens</a></h1>
<p>This API allows you to manage tokens which can be used to authenticate
registration requests, as proposed in <a href="https://github.com/govynnus/matrix-doc/blob/token-registration/proposals/3231-token-authenticated-registration.md">MSC3231</a>.
To use it, you will need to enable the <code>registration_requires_token</code> config
option, and authenticate by providing an <code>access_token</code> for a server admin:
see <a href="../../usage/administration/admin_api">Admin API</a>.
Note that this API is still experimental; not all clients may support it yet.</p>
<h2 id="registration-token-objects"><a class="header" href="#registration-token-objects">Registration token objects</a></h2>
<p>Most endpoints make use of JSON objects that contain details about tokens.
These objects have the following fields:</p>
<ul>
<li><code>token</code>: The token which can be used to authenticate registration.</li>
<li><code>uses_allowed</code>: The number of times the token can be used to complete a
registration before it becomes invalid.</li>
<li><code>pending</code>: The number of pending uses the token has. When someone uses
the token to authenticate themselves, the pending counter is incremented
so that the token is not used more than the permitted number of times.
When the person completes registration the pending counter is decremented,
and the completed counter is incremented.</li>
<li><code>completed</code>: The number of times the token has been used to successfully
complete a registration.</li>
<li><code>expiry_time</code>: The latest time the token is valid. Given as the number of
milliseconds since 1970-01-01 00:00:00 UTC (the start of the Unix epoch).
To convert this into a human-readable form you can remove the milliseconds
and use the <code>date</code> command. For example, <code>date -d '@1625394937'</code>.</li>
</ul>
<h2 id="list-all-tokens"><a class="header" href="#list-all-tokens">List all tokens</a></h2>
<p>Lists all tokens and details about them. If the request is successful, the top
level JSON object will have a <code>registration_tokens</code> key which is an array of
registration token objects.</p>
<pre><code>GET /_synapse/admin/v1/registration_tokens
</code></pre>
<p>Optional query parameters:</p>
<ul>
<li><code>valid</code>: <code>true</code> or <code>false</code>. If <code>true</code>, only valid tokens are returned.
If <code>false</code>, only tokens that have expired or have had all uses exhausted are
returned. If omitted, all tokens are returned regardless of validity.</li>
</ul>
<p>Example:</p>
<pre><code>GET /_synapse/admin/v1/registration_tokens
</code></pre>
<pre><code>200 OK
{
&quot;registration_tokens&quot;: [
{
&quot;token&quot;: &quot;abcd&quot;,
&quot;uses_allowed&quot;: 3,
&quot;pending&quot;: 0,
&quot;completed&quot;: 1,
&quot;expiry_time&quot;: null
},
{
&quot;token&quot;: &quot;pqrs&quot;,
&quot;uses_allowed&quot;: 2,
&quot;pending&quot;: 1,
&quot;completed&quot;: 1,
&quot;expiry_time&quot;: null
},
{
&quot;token&quot;: &quot;wxyz&quot;,
&quot;uses_allowed&quot;: null,
&quot;pending&quot;: 0,
&quot;completed&quot;: 9,
&quot;expiry_time&quot;: 1625394937000 // 2021-07-04 10:35:37 UTC
}
]
}
</code></pre>
<p>Example using the <code>valid</code> query parameter:</p>
<pre><code>GET /_synapse/admin/v1/registration_tokens?valid=false
</code></pre>
<pre><code>200 OK
{
&quot;registration_tokens&quot;: [
{
&quot;token&quot;: &quot;pqrs&quot;,
&quot;uses_allowed&quot;: 2,
&quot;pending&quot;: 1,
&quot;completed&quot;: 1,
&quot;expiry_time&quot;: null
},
{
&quot;token&quot;: &quot;wxyz&quot;,
&quot;uses_allowed&quot;: null,
&quot;pending&quot;: 0,
&quot;completed&quot;: 9,
&quot;expiry_time&quot;: 1625394937000 // 2021-07-04 10:35:37 UTC
}
]
}
</code></pre>
<h2 id="get-one-token"><a class="header" href="#get-one-token">Get one token</a></h2>
<p>Get details about a single token. If the request is successful, the response
body will be a registration token object.</p>
<pre><code>GET /_synapse/admin/v1/registration_tokens/&lt;token&gt;
</code></pre>
<p>Path parameters:</p>
<ul>
<li><code>token</code>: The registration token to return details of.</li>
</ul>
<p>Example:</p>
<pre><code>GET /_synapse/admin/v1/registration_tokens/abcd
</code></pre>
<pre><code>200 OK
{
&quot;token&quot;: &quot;abcd&quot;,
&quot;uses_allowed&quot;: 3,
&quot;pending&quot;: 0,
&quot;completed&quot;: 1,
&quot;expiry_time&quot;: null
}
</code></pre>
<h2 id="create-token"><a class="header" href="#create-token">Create token</a></h2>
<p>Create a new registration token. If the request is successful, the newly created
token will be returned as a registration token object in the response body.</p>
<pre><code>POST /_synapse/admin/v1/registration_tokens/new
</code></pre>
<p>The request body must be a JSON object and can contain the following fields:</p>
<ul>
<li><code>token</code>: The registration token. A string of no more than 64 characters that
consists only of characters matched by the regex <code>[A-Za-z0-9-_]</code>.
Default: randomly generated.</li>
<li><code>uses_allowed</code>: The integer number of times the token can be used to complete
a registration before it becomes invalid.
Default: <code>null</code> (unlimited uses).</li>
<li><code>expiry_time</code>: The latest time the token is valid. Given as the number of
milliseconds since 1970-01-01 00:00:00 UTC (the start of the Unix epoch).
You could use, for example, <code>date '+%s000' -d 'tomorrow'</code>.
Default: <code>null</code> (token does not expire).</li>
<li><code>length</code>: The length of the token randomly generated if <code>token</code> is not
specified. Must be between 1 and 64 inclusive. Default: <code>16</code>.</li>
</ul>
<p>If a field is omitted the default is used.</p>
<p>Example using defaults:</p>
<pre><code>POST /_synapse/admin/v1/registration_tokens/new
{}
</code></pre>
<pre><code>200 OK
{
&quot;token&quot;: &quot;0M-9jbkf2t_Tgiw1&quot;,
&quot;uses_allowed&quot;: null,
&quot;pending&quot;: 0,
&quot;completed&quot;: 0,
&quot;expiry_time&quot;: null
}
</code></pre>
<p>Example specifying some fields:</p>
<pre><code>POST /_synapse/admin/v1/registration_tokens/new
{
&quot;token&quot;: &quot;defg&quot;,
&quot;uses_allowed&quot;: 1
}
</code></pre>
<pre><code>200 OK
{
&quot;token&quot;: &quot;defg&quot;,
&quot;uses_allowed&quot;: 1,
&quot;pending&quot;: 0,
&quot;completed&quot;: 0,
&quot;expiry_time&quot;: null
}
</code></pre>
<h2 id="update-token"><a class="header" href="#update-token">Update token</a></h2>
<p>Update the number of allowed uses or expiry time of a token. If the request is
successful, the updated token will be returned as a registration token object
in the response body.</p>
<pre><code>PUT /_synapse/admin/v1/registration_tokens/&lt;token&gt;
</code></pre>
<p>Path parameters:</p>
<ul>
<li><code>token</code>: The registration token to update.</li>
</ul>
<p>The request body must be a JSON object and can contain the following fields:</p>
<ul>
<li><code>uses_allowed</code>: The integer number of times the token can be used to complete
a registration before it becomes invalid. By setting <code>uses_allowed</code> to <code>0</code>
the token can be easily made invalid without deleting it.
If <code>null</code> the token will have an unlimited number of uses.</li>
<li><code>expiry_time</code>: The latest time the token is valid. Given as the number of
milliseconds since 1970-01-01 00:00:00 UTC (the start of the Unix epoch).
If <code>null</code> the token will not expire.</li>
</ul>
<p>If a field is omitted its value is not modified.</p>
<p>Example:</p>
<pre><code>PUT /_synapse/admin/v1/registration_tokens/defg
{
&quot;expiry_time&quot;: 4781243146000 // 2121-07-06 11:05:46 UTC
}
</code></pre>
<pre><code>200 OK
{
&quot;token&quot;: &quot;defg&quot;,
&quot;uses_allowed&quot;: 1,
&quot;pending&quot;: 0,
&quot;completed&quot;: 0,
&quot;expiry_time&quot;: 4781243146000
}
</code></pre>
<h2 id="delete-token"><a class="header" href="#delete-token">Delete token</a></h2>
<p>Delete a registration token. If the request is successful, the response body
will be an empty JSON object.</p>
<pre><code>DELETE /_synapse/admin/v1/registration_tokens/&lt;token&gt;
</code></pre>
<p>Path parameters:</p>
<ul>
<li><code>token</code>: The registration token to delete.</li>
</ul>
<p>Example:</p>
<pre><code>DELETE /_synapse/admin/v1/registration_tokens/wxyz
</code></pre>
<pre><code>200 OK
{}
</code></pre>
<h2 id="errors"><a class="header" href="#errors">Errors</a></h2>
<p>If a request fails a &quot;standard error response&quot; will be returned as defined in
the <a href="https://matrix.org/docs/spec/client_server/r0.6.1#api-standards">Matrix Client-Server API specification</a>.</p>
<p>For example, if the token specified in a path parameter does not exist a
<code>404 Not Found</code> error will be returned.</p>
<pre><code>GET /_synapse/admin/v1/registration_tokens/1234
</code></pre>
<pre><code>404 Not Found
{
&quot;errcode&quot;: &quot;M_NOT_FOUND&quot;,
&quot;error&quot;: &quot;No such registration token: 1234&quot;
}
</code></pre>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../../admin_api/register_api.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../../admin_api/room_membership.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../../admin_api/register_api.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../../admin_api/room_membership.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script type="text/javascript">
window.playground_copyable = true;
</script>
<script src="../../../elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../mark.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../searcher.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../clipboard.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../highlight.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../book.js" type="text/javascript" charset="utf-8"></script>
<!-- Custom JS scripts -->
<script type="text/javascript" src="../../../docs/website_files/table-of-contents.js"></script>
</body>
</html>