Skip to content

Use the new dedicated Synapse API #4801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 21, 2025
Merged

Use the new dedicated Synapse API #4801

merged 7 commits into from
Jul 21, 2025

Conversation

sandhose
Copy link
Member

@sandhose sandhose commented Jul 18, 2025
edited
Loading

This adds support for using the new dedicated 'MAS' API in Synapse for MAS->Synapse communication introduced in element-hq/synapse#18520

This removes the dependency on the Synapse admin API, making it more focused, and will let us remove the fact that the shared secret is effectively a site-wide admin token.

I've kept the old implementation around so that we can gradually roll this out. The plan is:

  • include the client and server part of this API in the next MAS (0.20.0) and Synapse (1.135.0) versions
  • but opt-in by default (with the synapse_modern homeserver type)
  • make it the default in the next version, requiring Synapse 1.135.0 or later (but keep the old one under the synapse_legacy homeserver type)
  • remove the legacy API in the version after that

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Jul 18, 2025
edited
Loading

Deploying matrix-authentication-service-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: ee9f843
Status: ✅  Deploy successful!
Preview URL: https://ca2ae2a3.matrix-authentication-service-docs.pages.dev
Branch Preview URL: https://quenting-new-synapse-api.matrix-authentication-service-docs.pages.dev

View logs

@sandhose sandhose force-pushed the quenting/new-synapse-api branch from 4bb422f to c649603 Compare July 18, 2025 14:39
@sandhose sandhose mentioned this pull request Jul 18, 2025
Merged
@sandhose sandhose requested a review from reivilibre July 21, 2025 08:55
reivilibre
reivilibre approved these changes Jul 21, 2025
View reviewed changes
Copy link
Contributor

@reivilibre reivilibre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems fair!

@sandhose sandhose enabled auto-merge July 21, 2025 11:16
@sandhose sandhose merged commit 5eb8e78 into main Jul 21, 2025
17 checks passed
@sandhose sandhose deleted the quenting/new-synapse-api branch July 21, 2025 11:23
sandhose added a commit to element-hq/synapse that referenced this pull request Jul 21, 2025
@sandhose @MadLittleMods
Dedicated MAS API (#18520)
8a4e2e8 
This introduces a dedicated API for MAS to consume. Companion PR on the
MAS side: element-hq/matrix-authentication-service#4801

This has a few advantages over the previous admin API:

- it works on workers (this will be documented once we stabilise MSC3861
as a whole)
 - it is more efficient because more focused
 - it propagates trace contexts from MAS
- it is only accessible to MAS (through the shared secret) and will let
us remove the weird hack that made this token 'admin' with a ghost
'@__oidc_admin:' user

The next MAS version should support it, but will be opt-in. The version
after that should use this new API by default

---------

Co-authored-by: Eric Eastwood <erice@element.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reivilibre reivilibre reivilibre approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sandhose @reivilibre