Skip to content

MSC4388: Secure out-of-band channel for sign in with QR#4388

Open
hughns wants to merge 47 commits into
mainfrom
element-hq/oidc-qr-secure-channel
Open

MSC4388: Secure out-of-band channel for sign in with QR#4388
hughns wants to merge 47 commits into
mainfrom
element-hq/oidc-qr-secure-channel

Conversation

@hughns

@hughns hughns commented Dec 10, 2025

Copy link
Copy Markdown
Member

@hughns hughns changed the title Secure out-of-band channel for sign in with QR MSC4388: Secure out-of-band channel for sign in with QR Dec 10, 2025
@turt2live turt2live added proposal A matrix spec change proposal. Process state. A-Client Server Client-Server API kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Dec 10, 2025

@hughns hughns left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@poljar I've reviewed the HPKE changes alongside the RFCs and have some questions/things needing clarification.

Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
@mscbot mscbot added proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the FCP. Process state. disposition-merge Process state. labels May 19, 2026
Comment thread proposals/4388-secure-qr-channel.md
@turt2live turt2live moved this from Proposed for FCP readiness to Ready for FCP ticks in Spec Core Team Workflow May 19, 2026
@turt2live turt2live added the 00-weekly-pings Tracking for weekly pings in the SCT office. 00 to make it first in the labels list. label May 19, 2026
Co-authored-by: Erik Johnston <erik@matrix.org>
@turt2live turt2live removed the implementation-needs-checking The MSC has an implementation, but the SCT has not yet checked it. Process state. label May 25, 2026

@richvdh richvdh left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 looks very sound. A few comments.

Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
#### `sequence_token` values

The `sequence_token` values should be unique to the rendezvous session and the last modified time so that two clients can
The `sequence_token` values should be unique to the last modified time so that two clients can

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not really sure what "unique to the last modified time" means, either. It opens the question of "at what time resolution?". I think we just want to say that it must change each time the channel is written to.

We might want to be explicit that it must change even in the case of a no-op write (i.e. when writing the current value back.)

Do we have a suggested implementation? A simple counter?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried to address this in 726e115 by clarifying the expected behaviour (in the main section of the spec) and then having a recommended implementation (in the implementation notes section).

I will update the Synapse implementation to match.

Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md
Comment thread proposals/4388-secure-qr-channel.md Outdated
Comment thread proposals/4388-secure-qr-channel.md Outdated
@richvdh

richvdh commented Jun 30, 2026

Copy link
Copy Markdown
Member

Some minor comments about clarification but nothing that needs to stop FCP.

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 7, 2026
Tested on NetBSD 10 amd64 with 2026Q2 environment.

# Synapse 1.156.0 (2026-07-07)

## Features

- Expose [MSC4354 Sticky Events](matrix-org/matrix-spec-proposals#4354) over [MSC4186 (Simplified) Sliding Sync](matrix-org/matrix-spec-proposals#4186). ([\#19591](element-hq/synapse#19591))
- Stabilize support for sending ephemeral events to application services, as per [MSC2409](matrix-org/matrix-spec-proposals#2409). Contributed by @jason-famedly @ Famedly. ([\#19758](element-hq/synapse#19758))
- Include `allowed_room_ids` in the `/summary` client-server API response for rooms with restricted join rules, as required by Matrix 1.15.
  Contributed by @FrenchGithubUser @famedly. ([\#19762](element-hq/synapse#19762))
- [MSC4140: Cancellable delayed events](matrix-org/matrix-spec-proposals#4140): Allow authentication on delayed event management endpoints (such as `/restart`) to bypass ratelimits for unauthenticated requests based on the client IP address. ([\#19794](element-hq/synapse#19794))
- Add new metric `synapse_non_deactivated_user_count` which tracks the number of non-deactivated users in the database, split by `app_service`. ([\#19848](element-hq/synapse#19848))
- The `GET /_matrix/client/unstable/org.matrix.msc1763/retention/configuration` endpoint is now provided when retention
  is enabled and `experimental_features.msc1763_enabled` is enabled, based on
  [MSC1763](matrix-org/matrix-spec-proposals#1763). ([\#19853](element-hq/synapse#19853))
- Add experimental support for [MSC4491: Invite reasons in room creation](matrix-org/matrix-spec-proposals#4491). ([\#19874](element-hq/synapse#19874))


# Synapse 1.155.0 (2026-06-16)


# Synapse 1.154.0 (2026-06-04)

## Features

- Add support for [MSC4452: Preview URL capabilities API](matrix-org/matrix-spec-proposals#4452) which exposes a `io.element.msc4452.preview_url` capability.
  If `experimental_features.msc4452_enabled` is `true`, the `/_matrix/(client/v1/media|media/v3)/preview_url` endpoint
  now responds with a 403 status code when the capability is disabled. ([\#19715](element-hq/synapse#19715))


# Synapse 1.153.0 (2026-05-19)

## Features

- Make ACLs apply to EDUs per [MSC4163](matrix-org/matrix-spec-proposals#4163). ([\#18475](element-hq/synapse#18475))
- Stabilize [MSC3266: Room summary API](matrix-org/matrix-spec-proposals#3266), removing the experimental config flag `msc3266_enabled`. Contributed by @dasha-uwu. ([\#19720](element-hq/synapse#19720))
- Partial [MSC4311](matrix-org/matrix-spec-proposals#4311) implementation: `m.room.create` is now a required part of stripped `invite_state`/`knock_state` . Contributed by @FrenchGithubUser @famedly. ([\#19722](element-hq/synapse#19722))
- Expose `tombstoned` and `replacement_room` in room details on admin API endpoint `GET /_synapse/admin/v1/rooms/<room_id>`. Contributed by Noah Markert. ([\#19737](element-hq/synapse#19737))


# Synapse 1.152.1 (2026-05-07)


# Synapse 1.152.0 (2026-04-28)

## Features

- Add a ["Listing quarantined media changes" Admin API](https://element-hq.github.io/synapse/latest/admin_api/media_admin_api.html#listing-quarantined-media-changes) for retrieving a paginated record of when media became (un)quarantined. ([\#19558](element-hq/synapse#19558), [\#19677](element-hq/synapse#19677), [\#19694](element-hq/synapse#19694))
- Advertise [MSC4445](matrix-org/matrix-spec-proposals#4445) sync timeline order in `unstable_features`. ([\#19642](element-hq/synapse#19642))
- Report the Rust compiler version used in the Prometheus metrics. Contributed by Noah Markert. ([\#19643](element-hq/synapse#19643))
- Passthrough 'article' and 'profile' OpenGraph metadata on URL preview requests. ([\#19659](element-hq/synapse#19659))
- Add a way to re-sign local events with a new signing key. ([\#19668](element-hq/synapse#19668))
- Support [MSC4450: Identity Provider selection for User-Interactive Authentication with Legacy Single Sign-On](matrix-org/matrix-spec-proposals#4450). ([\#19693](element-hq/synapse#19693))
- Add experimental support for [MSC4242](matrix-org/matrix-spec-proposals#4242): State DAGs. Excludes federation support. ([\#19424](element-hq/synapse#19424))
- Adds [Admin API](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/index.html) endpoints to
  list, fetch and delete user reports. ([\#19657](element-hq/synapse#19657))
- Reduce database disk space usage by pruning old rows from `device_lists_changes_in_room`. ([\#19473](element-hq/synapse#19473), [\#19709](element-hq/synapse#19709))


# Synapse 1.151.0 (2026-04-07)

## Features

- Add stable support for [MSC4284](matrix-org/matrix-spec-proposals#4284) Policy Servers. ([\#19503](element-hq/synapse#19503))
- Update and stabilize support for [MSC2666](matrix-org/matrix-spec-proposals#2666): Get rooms in common with another user. Contributed by @tulir @ Beeper. ([\#19511](element-hq/synapse#19511))
- Updated experimental support for [MSC4388: Secure out-of-band channel for sign in with QR](matrix-org/matrix-spec-proposals#4388). ([\#19573](element-hq/synapse#19573))
- Stabilize `room_version` and `encryption` fields in the space/room `/hierarchy` API (part of [MSC3266](matrix-org/matrix-spec-proposals#3266)). ([\#19576](element-hq/synapse#19576))
- Introduce a [configuration option](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#matrix_authentication_service) to allow using HTTP/2 over plaintext when Synapse connects to Matrix Authentication Service. ([\#19586](element-hq/synapse#19586))

## Deprecations and Removals

- Remove support for [MSC3852: Expose user agent information on Device](matrix-org/matrix-spec-proposals#3852) as the MSC was closed. ([\#19430](element-hq/synapse#19430))


# Synapse 1.150.0 (2026-03-24)

## Features

- Add experimental support for the [MSC4370](matrix-org/matrix-spec-proposals#4370) Federation API `GET /extremities` endpoint. ([\#19314](element-hq/synapse#19314))
- [MSC4140: Cancellable delayed events](matrix-org/matrix-spec-proposals#4140): When persisting a delayed event to the timeline, include its `delay_id` in the event's `unsigned` section in `/sync` responses to the event sender. ([\#19479](element-hq/synapse#19479))
- Expose [MSC4354 Sticky Events](matrix-org/matrix-spec-proposals#4354) over the legacy (v3) /sync API. ([\#19487](element-hq/synapse#19487))
- When Matrix Authentication Service (MAS) integration is enabled, allow MAS to set the user locked status in Synapse. ([\#19554](element-hq/synapse#19554))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

00-weekly-pings Tracking for weekly pings in the SCT office. 00 to make it first in the labels list. A-Client Server Client-Server API disposition-merge Process state. kind:core MSC which is critical to the protocol's success proposal A matrix spec change proposal. Process state. proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the FCP. Process state.

Projects

Status: Ready for FCP ticks

Development

Successfully merging this pull request may close these issues.

10 participants