MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code#4108
Open
MSC4108: Mechanism to allow OAuth 2.0 API sign in and E2EE set up via QR code#4108
Conversation
hughns
changed the title
turt2live
added
proposal
|
finally, it is no longer just an idea presented at FOSDEM 🥳 |
Member
hughns
force-pushed
the
element-hq/oidc-qr-login
branch
from
5cd815f to
177a2db
Compare
…org/matrix-spec-proposals into element-hq/oidc-qr-login
dkasak
reviewed
Apr 5, 2024
dkasak
reviewed
Apr 5, 2024
The byte immediately following the `MATRIX` prefix is repurposed as a type which gives a more sensible way to namespace in future. This also means that we can call the second byte the "intent" very clearly rather than having to call it "mode" to match the existing cross verification QR spec.
hughns
commented
Nov 5, 2025
Merged
1 task
Co-authored-by: networkException <github@nwex.de>
Member
|
This MSC is listed as "ready for FCP", but appears to have dependencies which are either WIP or not on the "ready for FCP" list themselves. When those dependencies make their way through the process to FCP, please re-raise this MSC in the SCT Office for reconsideration. |
poljar
added a commit
to matrix-org/matrix-rust-sdk
that referenced
this pull request
Jan 29, 2026
Our current implementation of this QR code data type corresponds to the data type defined in MSC4108. The data format has been updated a bit in MSC4833 and thus we'll need to support both formats for a while. This moves al the MSC4108-specific parts into a separate MSC-specific submodule. MSC4108: matrix-org/matrix-spec-proposals#4108
poljar
added a commit
to matrix-org/matrix-rust-sdk
that referenced
this pull request
Jan 29, 2026
…R login data type This patch adds a view into the MSC-specific and intent specific data fields of the QR login data type. MSC4108 and MSC4388 have subtle differences in the way the rendezvous URL and the server name are shared, this new getter allows us to access all of those fields in a consistent manner. MSC4108: matrix-org/matrix-spec-proposals#4108 MSC4388: matrix-org/matrix-spec-proposals#4388
poljar
added a commit
to matrix-org/matrix-rust-sdk
that referenced
this pull request
Jan 30, 2026
Our current implementation of this QR code data type corresponds to the data type defined in MSC4108. The data format has been updated a bit in MSC4833 and thus we'll need to support both formats for a while. This moves al the MSC4108-specific parts into a separate MSC-specific submodule. MSC4108: matrix-org/matrix-spec-proposals#4108
poljar
added a commit
to matrix-org/matrix-rust-sdk
that referenced
this pull request
Jan 30, 2026
…R login data type This patch adds a view into the MSC-specific and intent specific data fields of the QR login data type. MSC4108 and MSC4388 have subtle differences in the way the rendezvous URL and the server name are shared, this new getter allows us to access all of those fields in a consistent manner. MSC4108: matrix-org/matrix-spec-proposals#4108 MSC4388: matrix-org/matrix-spec-proposals#4388
Member
Author
|
The dependent MSC4388 has not been undrafted and is ready for review. The sample implementations are now linked and I have added videos demonstrating the full set of flows. All outstanding conversations have been resolved. |
turt2live
added
implementation-needs-checking
Member
|
The author believes this is ready for FCP. Next steps are for SCT members to review the MSC and implementation(s), add the checklist, then propose FCP if appropriate. |
github-project-automation
bot
moved this to Tracking for review
in Spec Core Team Workflow
turt2live
moved this from Tracking for review
to Proposed for FCP readiness
in Spec Core Team Workflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rendered
Dependencies:
Video demos:
New EX scans existing EW
Existing EX scans new EW
New EX scans existing EX
The authors are employed by Element to write this MSC.
Major revisions
The is an older version of this proposal (referred to as "2024") that has some significant differences from the current proposal.
To help avoid confusion on the status, the following is hopefully helpful:
GET /_matrix/client/v1/rendezvousunstable_features.org.matrix.msc4108istruein/versionsresponse from homeserverProof-of-MSC implementations
2025 version
openandauthenticatedmodes: MSC4388: Secure out-of-band channel for sign in with QR - 2025 version of rendezvous element-hq/synapse#19433Flows implemented
2024 version
Implementations for 2024 version:
To-dos
The high-level to-do list for the latest version:
protocol_accepted