Deprecate MatrixClient.login and replace with loginRequest (#4632)

`MatrixClient.login` has some very unintuitive behaviour where it stashes the access token, but not the device id, refresh token, etc etc, which led people to imagine that they had a functional `MatrixClient` when they didn't. In practice, you have to create a *new* `MatrixClient` given the `LoginResponse`. As the first step for sorting this out, this deprecates the broken method and replaces it with one that has sensible behaviour.
2025-12-16 09:42:23 +03:00 · 2025-01-20 21:18:51 +00:00
parent b45d51a131
commit ce60162827
1 changed files with 38 additions and 14 deletions
--- a/src/client.ts
+++ b/src/client.ts
@@ -8246,27 +8246,33 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
    /**
     * @returns Promise which resolves to a LoginResponse object
     * @returns Rejects: with an error response.
+     *
+     * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+     *    returned credentials. Instead, call {@link loginRequest} and create a new `MatrixClient` instance using the
+     *    results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
     */
    public login(loginType: LoginRequest["type"], data: Omit<LoginRequest, "type">): Promise<LoginResponse> {
-        return this.http
-            .authedRequest<LoginResponse>(Method.Post, "/login", undefined, {
-                ...data,
-                type: loginType,
-            })
-            .then((response) => {
-                if (response.access_token && response.user_id) {
-                    this.http.opts.accessToken = response.access_token;
-                    this.credentials = {
-                        userId: response.user_id,
-                    };
-                }
-                return response;
-            });
+        return this.loginRequest({
+            ...data,
+            type: loginType,
+        }).then((response) => {
+            if (response.access_token && response.user_id) {
+                this.http.opts.accessToken = response.access_token;
+                this.credentials = {
+                    userId: response.user_id,
+                };
+            }
+            return response;
+        });
    }

    /**
     * @returns Promise which resolves to a LoginResponse object
     * @returns Rejects: with an error response.
+     *
+     * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+     *   returned credentials. Instead, call {@link loginRequest} with `data.type: "m.login.password"`, and create a new
+     *   `MatrixClient` instance using the results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
     */
    public loginWithPassword(user: string, password: string): Promise<LoginResponse> {
        return this.login("m.login.password", {
@@ -8311,6 +8317,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     * @param token - Login token previously received from homeserver
     * @returns Promise which resolves to a LoginResponse object
     * @returns Rejects: with an error response.
+     *
+     * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+     *   returned credentials. Instead, call {@link loginRequest} with `data.type: "m.login.token"`, and create a new
+     *   `MatrixClient` instance using the results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
     */
    public loginWithToken(token: string): Promise<LoginResponse> {
        return this.login("m.login.token", {
@@ -8318,6 +8328,20 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
        });
    }

+    /**
+     * Sends a `POST /login` request to the server.
+     *
+     * If successful, this will create a new device and access token for the user.
+     *
+     * @see {@link MatrixClient.loginFlows} which makes a `GET /login` request.
+     * @see https://spec.matrix.org/v1.13/client-server-api/#post_matrixclientv3login
+     *
+     * @param data - Credentials and other details for the login request.
+     */
+    public async loginRequest(data: LoginRequest): Promise<LoginResponse> {
+        return await this.http.authedRequest<LoginResponse>(Method.Post, "/login", undefined, data);
+    }
+
    /**
     * Logs out the current session.
     * Obviously, further calls that require authorisation should fail after this