Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC2284: Making the identity server optional during discovery #2284
MSC2284: Making the identity server optional during discovery #2284
Changes from 2 commits
738fa686baeb6cdcbdb94File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like in the interest of infrastructure debuggability and general client UX, there should be a flag that indicates whether the identity server is intentionally disabled, so that intelligent clients can distinguish between this and an erroneous misconfiguration (or transient unavailability due to infrastructural issues).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I agree. In terms of transient unavailability, users won't be able to log in in the first place because the homeserver information will also be missing. Spelling errors, structural problems, etc are easily debugged by a community member in a support channel - the problem should be obvious. For instance, if you end up with a user experience that doesn't involve the identity server you were expecting, you can probably guess that it has to do with your config. Hopefully people these days are still testing their configuration changes before going live.
The other point for defaulting to no identity server instead of wanting an explicit flag is to protect user privacy. Where possible, the spec should be heavily suggesting to clients that a default identity server not be used. When the spec says that lack of useful identity server information means that none is selected, the client can't reasonably default to an identity server which might be risky to the user. Not to mention a flag saying "I absolutely don't want to use an identity server" is more fiddly to implement, particularly when the interaction between users and homeservers is already insanely complicated during login.