Skip to content

MSC4190: Device management for application services#4190

Merged
tulir merged 14 commits intomainfrom
quenting/as-device-management
Oct 13, 2025
Merged

MSC4190: Device management for application services#4190
tulir merged 14 commits intomainfrom
quenting/as-device-management

Conversation

@sandhose
Copy link
Copy Markdown
Member

@sandhose sandhose commented Sep 12, 2024
edited by tulir
Loading

@sandhose sandhose changed the title Device management for application services MSC4190: Device management for application services Sep 12, 2024
@sandhose sandhose marked this pull request as ready for review September 12, 2024 13:17
@turt2live turt2live added proposal A matrix spec change proposal application services kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Sep 12, 2024
turt2live
turt2live reviewed Sep 12, 2024
View reviewed changes
Comment thread proposals/4190-as-device-management.md
This was referenced Sep 13, 2024
Merged
Merged
This was referenced Sep 20, 2024
Closed
Open
@MTRNord MTRNord mentioned this pull request Sep 28, 2024
Open
@spantaleev spantaleev mentioned this pull request Oct 22, 2024
Closed
@tulir tulir added implementation-needs-checking The MSC has an implementation, but the SCT has not yet checked it. and removed needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Nov 13, 2024
anoadragon453
anoadragon453 reviewed Dec 2, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@anoadragon453 anoadragon453 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall lgtm, just a couple sticking points.

Comment thread proposals/4190-as-device-management.md Outdated
Comment thread proposals/4190-as-device-management.md Outdated
yingziwu added a commit to yingziwu/synapse that referenced this pull request Dec 20, 2024
@yingziwu
Merge tag 'v1.121.0' into develop
3ca171d 
This release contains the security fixes from [v1.120.2](https://github.com/element-hq/synapse/releases/tag/v1.120.2).

- Fix release process to not create duplicate releases. ([\#18025](element-hq/synapse#18025))

- Support for [MSC4190](matrix-org/matrix-spec-proposals#4190): device management for Application Services. ([\#17705](element-hq/synapse#17705))
- Update [MSC4186](matrix-org/matrix-spec-proposals#4186) Sliding Sync to include invite, ban, kick, targets when `$LAZY`-loading room members. ([\#17947](element-hq/synapse#17947))
- Use stable `M_USER_LOCKED` error code for locked accounts, as per [Matrix 1.12](https://spec.matrix.org/v1.12/client-server-api/#account-locking). ([\#17965](element-hq/synapse#17965))
- [MSC4076](matrix-org/matrix-spec-proposals#4076): Add `disable_badge_count` to pusher configuration. ([\#17975](element-hq/synapse#17975))

- Fix long-standing bug where read receipts could get overly delayed being sent over federation. ([\#17933](element-hq/synapse#17933))

- Add OIDC example configuration for Forgejo (fork of Gitea). ([\#17872](element-hq/synapse#17872))
- Link to element-docker-demo from contrib/docker*. ([\#17953](element-hq/synapse#17953))

- [MSC4108](matrix-org/matrix-spec-proposals#4108): Add a `Content-Type` header on the `PUT` response to work around a faulty behavior in some caching reverse proxies. ([\#17253](element-hq/synapse#17253))
- Fix incorrect comment in new schema delta. ([\#17936](element-hq/synapse#17936))
- Raise setuptools_rust version cap to 1.10.2. ([\#17944](element-hq/synapse#17944))
- Enable encrypted appservice related experimental features in the complement docker image. ([\#17945](element-hq/synapse#17945))
- Return whether the user is suspended when querying the user account in the Admin API. ([\#17952](element-hq/synapse#17952))
- Fix new scheduled tasks jumping the queue. ([\#17962](element-hq/synapse#17962))
- Bump pyo3 and dependencies to v0.23.2. ([\#17966](element-hq/synapse#17966))
- Update setuptools-rust and fix building abi3 wheels in latest version. ([\#17969](element-hq/synapse#17969))
- Consolidate SSO redirects through `/_matrix/client/v3/login/sso/redirect(/{idpId})`. ([\#17972](element-hq/synapse#17972))
- Fix Docker and Complement config to be able to use `public_baseurl`. ([\#17986](element-hq/synapse#17986))
- Fix building wheels for MacOS which was temporarily disabled in Synapse 1.120.2. ([\#17993](element-hq/synapse#17993))
- Fix release process to not create duplicate releases. ([\#17970](element-hq/synapse#17970), [\#17995](element-hq/synapse#17995))

* Bump bytes from 1.8.0 to 1.9.0. ([\#17982](element-hq/synapse#17982))
* Bump pysaml2 from 7.3.1 to 7.5.0. ([\#17978](element-hq/synapse#17978))
* Bump serde_json from 1.0.132 to 1.0.133. ([\#17939](element-hq/synapse#17939))
* Bump tomli from 2.0.2 to 2.1.0. ([\#17959](element-hq/synapse#17959))
* Bump tomli from 2.1.0 to 2.2.1. ([\#17979](element-hq/synapse#17979))
* Bump tornado from 6.4.1 to 6.4.2. ([\#17955](element-hq/synapse#17955))
@TheOneWithTheBraid TheOneWithTheBraid mentioned this pull request Feb 10, 2025
Open
14 tasks
@tulir tulir removed the implementation-needs-checking The MSC has an implementation, but the SCT has not yet checked it. label Mar 13, 2025
@samip5 samip5 mentioned this pull request Mar 24, 2025
Closed
@tulir
Copy link
Copy Markdown
Member

tulir commented Apr 2, 2025
edited
Loading

MSCs proposed for Final Comment Period (FCP) should meet the requirements outlined in the checklist prior to being accepted into the spec. This checklist is a bit long, but aims to reduce the number of follow-on MSCs after a feature lands.

SCT members: please check off things you check for, and raise a concern against FCP if the checklist is incomplete. If an item doesn't apply, prefer to check it rather than remove it. Unchecking items is encouraged where applicable.

Checklist:

  • Are appropriate implementation(s)
    specified in the MSC’s PR description?
  • Are all MSCs that this MSC depends on already accepted?
  • For each new endpoint that is introduced:
    • Have authentication requirements been specified?
    • Have rate-limiting requirements been specified?
    • Have guest access requirements been specified?
    • Are error responses specified?
      • Does each error case have a specified errcode (e.g. M_FORBIDDEN) and HTTP status code?
        • If a new errcode is introduced, is it clear that it is new?
  • Will the MSC require a new room version, and if so, has that been made clear?
    • Is the reason for a new room version clearly stated? For example,
      modifying the set of redacted fields changes how event IDs are calculated,
      thus requiring a new room version.
  • Are backwards-compatibility concerns appropriately addressed?
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this?
    • Will the endpoint return unbounded data? If so, has pagination been considered?
    • If the endpoint utilises pagination, is it consistent with
      the appendices?
  • An introduction exists and clearly outlines the problem being solved.
    Ideally, the first paragraph should be understandable by a non-technical audience.
  • All outstanding threads are resolved
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative
  • While the exact sections do not need to be present,
    the details implied by the proposal template are covered. Namely:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section
    • Unstable prefixes consider the awkward accepted-but-not-merged state
    • Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
  • Changes have applicable Sign Off from all authors/editors/contributors
  • There is a dedicated "Security Considerations" section which detail
    any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.".
    See RFC3552 for things to think about,
    but in particular pay attention to the OWASP Top Ten.

@tulir
Copy link
Copy Markdown
Member

tulir commented Apr 2, 2025

This is implemented in Synapse and most mautrix bridges. It'd be nice if it was in the same spec release as the rest of next-gen auth

@mscbot fcp merge

@mscbot
Copy link
Copy Markdown
Collaborator

mscbot commented Apr 2, 2025
edited by richvdh
Loading

Team member @mscbot has proposed to merge this. The next step is review by the rest of the tagged people:

Concerns:

  • checklist not complete
  • Breaking change on register endpoint
  • This actually depends on MSC3202 device masquerading to be useful
  • checklist not complete again
  • lack of clarity over backwards compatibility

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

@mscbot mscbot added proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. disposition-merge labels Apr 2, 2025
@tulir
Copy link
Copy Markdown
Member

tulir commented Apr 2, 2025

@mscbot concern checklist not complete

@mscbot mscbot added the unresolved-concerns This proposal has at least one outstanding concern label Apr 2, 2025
@mscbot
Copy link
Copy Markdown
Collaborator

mscbot commented Oct 8, 2025

🔔 This is now entering its final comment period, as per the review above. 🔔

@mscbot mscbot added final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. and removed proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. labels Oct 8, 2025
@turt2live turt2live moved this from Ready for FCP ticks to In FCP in Spec Core Team Workflow Oct 8, 2025
@mscbot
Copy link
Copy Markdown
Collaborator

mscbot commented Oct 13, 2025

The final comment period, with a disposition to merge, as per the review above, is now complete.

@mscbot mscbot added finished-final-comment-period and removed disposition-merge final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. labels Oct 13, 2025
@tulir tulir merged commit ebb7d20 into main Oct 13, 2025
1 check passed
@tulir tulir added spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec and removed finished-final-comment-period labels Oct 13, 2025
@tulir tulir moved this from In FCP to Requires spec writing in Spec Core Team Workflow Oct 13, 2025
@yeahthegoys yeahthegoys mentioned this pull request Nov 26, 2025
Open
@turt2live turt2live mentioned this pull request Dec 10, 2025
Closed
15 tasks
@cloudrac3r
Copy link
Copy Markdown

cloudrac3r commented Dec 12, 2025

I didn't like your breaking changes on this one

@zecakeh
Copy link
Copy Markdown
Contributor

zecakeh commented Dec 16, 2025

Spec PR: matrix-org/matrix-spec#2267

@tulir tulir added spec-pr-in-review A proposal which has been PR'd against the spec and is in review and removed spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec labels Dec 16, 2025
@turt2live turt2live moved this from Requires spec writing to Requires spec PR review in Spec Core Team Workflow Dec 16, 2025
@richvdh richvdh added merged A proposal whose PR has merged into the spec! and removed spec-pr-in-review A proposal which has been PR'd against the spec and is in review labels Dec 17, 2025
@richvdh richvdh moved this from Requires spec PR review to Merged in Spec Core Team Workflow Dec 17, 2025
@turt2live
Copy link
Copy Markdown
Member

turt2live commented Dec 17, 2025

Merged 🎉

This was referenced Dec 18, 2025
Merged
Closed
sandhose added a commit to element-hq/matrix-bot-sdk that referenced this pull request Jan 23, 2026
@sandhose
Use MSC4190 to provision devices for E2EE (#48)
b34e71a 
See matrix-org/matrix-spec-proposals#4190

Requires element-hq/synapse#17705

And to put in the registration file `io.element.msc4190: true` for it to
work with Synapse and MAS
This was referenced Jan 29, 2026
Open
Open
riastradh pushed a commit to riastradh/pkgsrc-test20250901 that referenced this pull request Feb 8, 2026
chat/matrix-synapse: Update to 1.139.0
a42a0dc 
# Synapse 1.139.0 (2025-09-30)

## Features

- Add experimental support for [MSC4308: Thread Subscriptions extension to Sliding Sync](matrix-org/matrix-spec-proposals#4308) when [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) and [MSC4186: Simplified Sliding Sync](matrix-org/matrix-spec-proposals#4186) are enabled. ([\#18695](element-hq/synapse#18695))
- Update push rules for experimental [MSC4306: Thread Subscriptions](matrix-org/matrix-spec-proposals#4306) to follow a newer draft. ([\#18846](element-hq/synapse#18846))
- Add `get_media_upload_limits_for_user` and `on_media_upload_limit_exceeded` module API callbacks to the media repository. ([\#18848](element-hq/synapse#18848))
- Support [MSC4169](matrix-org/matrix-spec-proposals#4169) for backwards-compatible redaction sending using the `/send` endpoint. Contributed by @SpiritCroc @ Beeper. ([\#18898](element-hq/synapse#18898))
- Add an in-memory cache to `_get_e2e_cross_signing_signatures_for_devices` to reduce DB load. ([\#18899](element-hq/synapse#18899))
- Update [MSC4190](matrix-org/matrix-spec-proposals#4190) support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. ([\#18946](element-hq/synapse#18946))

## Deprecations and Removals

- Remove obsolete and experimental `/sync/e2ee` endpoint. ([\#18583](element-hq/synapse#18583))

# Synapse 1.138.0 (2025-09-09)

## Features

- Support for the stable endpoint and scopes of [MSC3861](matrix-org/matrix-spec-proposals#3861) & co. ([\#18549](element-hq/synapse#18549))
@BVollmerhaus BVollmerhaus mentioned this pull request Feb 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dbkr dbkr dbkr left review comments

@AndrewFerr AndrewFerr AndrewFerr left review comments

@tulir tulir tulir left review comments

@turt2live turt2live turt2live approved these changes

@anoadragon453 anoadragon453 anoadragon453 approved these changes

@richvdh richvdh richvdh approved these changes

+3 more reviewers

@onestacked onestacked onestacked left review comments

@x86pup x86pup x86pup left review comments

@noelportillo noelportillo noelportillo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

application services kind:core MSC which is critical to the protocol's success merged A proposal whose PR has merged into the spec! proposal A matrix spec change proposal

Projects

Spec Core Team Workflow
Status: Merged/Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.