matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

Enable key discovery api per default via keys ressource in synapse role

Open yncyrydybyl opened this issue 3 years ago • 1 comments

When trying to get a key from my server I discovered that the keys ressource is not per default enabled. The method: https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-query-servername-keyid

#no auth needed
curl https://matrix.myserver.org/_matrix/key/v2/query/datanauten.de

The line default is set in mail.yml of the synapse role:

matrix_synapse_http_listener_resource_names: ["client"]

I think It should also cover the "keys" ressource. As described in https://github.com/matrix-org/synapse/blob/7013e06e2f60e1401349fd054372808376facc87/docs/sample_config.yaml#L287

matrix_synapse_http_listener_resource_names: ["client","keys"]

The federation ressource is coving it already. But since it is a client method it should be also availible via client-server port.

yncyrydybyl avatar Apr 18 '22 04:04 yncyrydybyl

You're linking to https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-query-servername-keyid (GET /_matrix/key/v2/query/{serverName}/{keyId}), which is part of the "Server-Server (Federation) API".

You're however trying to access this GET /_matrix/key/v2/query/{serverName}/{keyId} resource over the Client-Server API (e.g. https://matrix.DOMAIN/_matrix/key/v2/query/datanauten.de).

With the default (recommended) configuration, the playbook serves the federation API on port 8448, so you should be accessing this at https://matrix.DOMAIN:8448/_matrix/key/v2/query/datanauten.de instead. I've tested it on my setup and it works as expected.

But since it is a client method it should be also availible via client-server port.

I don't know what you're basing this on. The Client-Server API specs do not mention this /_matrix/key API at all, so I don't think it's a client method.

If some client is try to access the /_matrix/key API over the Client-Server API, it's likely that:

  • your /.well-known/matrix/server file is not configured correctly (it should tell clients that the federation API is on port 8448)
  • the Matrix client does not support /.well-known/matrix/server and defaults to using port 443 instead. If so, a bug should be reported to this Matrix client's repository, so that support can be added.
  • the Matrix client is buggy and is accessing a federation API method using the Client-API URL. For some servers (those that serve client and server on the same URL) it works this way, but it's more of a coincidence than due to proper behavior. If so, a bug should be reported to this Matrix client's repository, so that the correct behavior can be followed.

spantaleev avatar Apr 18 '22 07:04 spantaleev