matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity

Document the admin API (#3038)

Browse Source 
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
This commit is contained in:
Quentin Gliech
2024-08-07 17:41:46 +02:00
committed by GitHub
parent b4eb93558d
commit eb4072f3c3
7 changed files with 302 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/topics/authorization.md
View File

@@ -86,11 +86,11 @@ the API can be requested by a session which has the [`urn:mas:graphql:*`] and th
MAS supports a few different authorization grants for OAuth 2.0 sessions.
Whilst this section won't go into the technical details of how those grants work, it's important to understand what they are and what they are used for.
| Grant type | Entity | User interaction | Matrix C-S API | Synapse admin API |  MAS GraphQL API |
| --------------------------------------------------- | ------ | ---------------- | -------------- | ----------------- | ---------------- |
| [Authorization code](#authorization-code-grant) | User | Same device | Yes | Yes | Yes |
| [Device authorization](#device-authorization-grant) | User | Other device | Yes | Yes | Yes |
| [Client credentials](#client-credentials-grant) | Client | None | No | No[^admin] | No |
| Grant type | Entity | User interaction | Matrix C-S API | Synapse Admin API | MAS Admin API | MAS Internal GraphQL API |
| --------------------------------------------------- | ------ | ---------------- | -------------- | ----------------- | ------------- | ------------------------ |
| [Authorization code](#authorization-code-grant) | User | Same device | Yes | Yes | Yes | Yes |
| [Device authorization](#device-authorization-grant) | User | Other device | Yes | Yes | Yes | Yes |
| [Client credentials](#client-credentials-grant) | Client | None | No | No[^admin] | Yes | Yes |
[^admin]: The Synapse admin API doesn't strictly require a user, but Synapse doesn't support client-only sessions yet. In the future, it will be possible to leverage the client credentials grant to access the Synapse admin API.