dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-15 05:55:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Run sh misc/update.sh

Browse Source
This commit is contained in:
Eric Eastwood
2026-04-07 15:49:02 -05:00
parent d02b216d72
commit fe2ce41009
3 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/config.schema.json
+3 -3
View File
@@ -2898,19 +2898,19 @@
"type": "object",
"properties": {
"soft_limit": {
"description": "Upon login in interactive contexts (like OAuth 2.0 sessions), if the soft limit\n is reached, it will display a policy violation screen (web UI) to remove\n sessions before creating the new session.\n\n This is not enforced in non-interactive contexts (like the legacy compability\n login API) as there is no opportunity for us to show some UI for people remove\n some sessions. See [`hard_limit`] for enforcement on that side.\n\n [`hard_limit`]: Self::hard_limit",
"description": "Upon login in interactive contexts (like OAuth 2.0 sessions), if the\n soft limit is reached, it will display a policy violation screen\n (web UI) to remove sessions before creating the new session.\n\n This is not enforced in non-interactive contexts (like the legacy\n compability login API) as there is no opportunity for us to show\n some UI for people remove some sessions. See [`hard_limit`] for\n enforcement on that side.\n\n [`hard_limit`]: Self::hard_limit",
"type": "integer",
"format": "uint64",
"minimum": 1
},
"hard_limit": {
"description": "Upon login, when `hard_limit_eviction: false`, will refuse the new login (policy\n violation error), otherwise, see [`hard_limit_eviction`].\n\n The hard limit is enforced in all contexts (interactive/non-interactive).\n\n [`hard_limit_eviction`]: Self::hard_limit_eviction",
"description": "Upon login, when `hard_limit_eviction: false`, will refuse the new login\n (policy violation error), otherwise, see [`hard_limit_eviction`].\n\n The hard limit is enforced in all contexts\n (interactive/non-interactive).\n\n [`hard_limit_eviction`]: Self::hard_limit_eviction",
"type": "integer",
"format": "uint64",
"minimum": 1
},
"hard_limit_eviction": {
"description": "Whether we should automatically choose the least recently used devices to remove\n when the [`Self::hard_limit`] is reached; in order to allow the new login to continue.\n\n Disabled by default\n\n WARNING: Removing sessions is a potentially damaging operation. Any end-to-end\n encrypted history on the device will be lost and can only be recovered if you\n have another verified active device or have a recovery key setup.\n\n When using [`hard_limit_eviction`], the [`hard_limit`] must be\n at-least 2 to avoid catastropically losing encrypted history and digital\n identity in pathological cases. Keep in mind this is a bare minimum restriction\n and you can still run into trouble.\n\n This is most applicable in scenarios where your homeserver has many legacy\n bots/scripts that login over and over (which ideally should be using [personal\n access\n tokens](https://github.com/element-hq/matrix-authentication-service/issues/4492))\n and you want to avoid breaking their operation while maintaining some level of\n sanity with the number of devices that people can have.\n\n [`hard_limit`]: Self::hard_limit\n [`hard_limit_eviction`]: Self::hard_limit_eviction",
"description": "Whether we should automatically choose the least recently used devices\n to remove when the [`Self::hard_limit`] is reached; in order to\n allow the new login to continue.\n\n Disabled by default\n\n WARNING: Removing sessions is a potentially damaging operation. Any\n end-to-end encrypted history on the device will be lost and can only\n be recovered if you have another verified active device or have a\n recovery key setup.\n\n When using [`hard_limit_eviction`], the [`hard_limit`] must be\n at-least 2 to avoid catastropically losing encrypted history and digital\n identity in pathological cases. Keep in mind this is a bare minimum\n restriction and you can still run into trouble.\n\n This is most applicable in scenarios where your homeserver has many\n legacy bots/scripts that login over and over (which ideally should\n be using [personal access\n tokens](https://github.com/element-hq/matrix-authentication-service/issues/4492))\n and you want to avoid breaking their operation while maintaining some\n level of sanity with the number of devices that people can have.\n\n [`hard_limit`]: Self::hard_limit\n [`hard_limit_eviction`]: Self::hard_limit_eviction",
"type": "boolean",
"default": false
}
policies/schema/authorization_grant_input.json
+6
View File
@@ -11,6 +11,11 @@
],
"additionalProperties": true
},
"session_limit": {
"description": "Limits on the number of application sessions that each user can have",
"type": "object",
"additionalProperties": true
},
"session_counts": {
"description": "How many sessions the user has.\n Not populated if it's not a user logging in.",
"anyOf": [
@@ -37,6 +42,7 @@
}
},
"required": [
"session_limit",
"client",
"scope",
"grant_type",
policies/schema/compat_login_input.json
+6
View File
@@ -8,6 +8,11 @@
"type": "object",
"additionalProperties": true
},
"session_limit": {
"description": "Limits on the number of application sessions that each user can have",
"type": "object",
"additionalProperties": true
},
"session_counts": {
"description": "How many sessions the user has.",
"allOf": [
@@ -34,6 +39,7 @@
},
"required": [
"user",
"session_limit",
"session_counts",
"session_replaced",
"login",