| 11 Jun 2019 |
 Maximus | alright, so I'll stick with 403 + M_FORBIDDEN which is the standard way to say "yes you provided good credentials but no, you're not allowed" | 18:08:05 |
| Maximus | Hopefully synapse has been made to handle those things in a standardized way also | 18:08:32 |
 TravisR | sure, it'll pass it straight through to the user as per the spec. | 18:08:59 |
| Maximus | I mean until v0.99.5.2, users just got "unknown server error" | 18:09:06 |
| Maximus | and I haven't seen a commit that could solve that for v1.0.0 | 18:09:29 |
| Maximus | and latest Riot doens't allow to use another other method of unbind except for HS auth, so nothing changed it seems? | 18:10:31 |
| TravisR | correct, Riot uses HS auth because it is deemed safe enough for the time being. If mxisd doesn't want to trust the homeserver, that's it's choice. | 18:12:38 |
| Maximus | so nothing changed and mxisd is compliant, despite you claiming it is not | 18:13:45 |
| TravisR | My last information said it was not compliant. If it is compliant, great! If it isn't, that's your problem. | 18:14:16 |
 @olmari:hacklab.fi | If specs allow this choice and riot does not, then indeed riot would be to blame.. for this specific issue.. now how to make things not fail because of this would be cool to resolve (assuming that is issue in itself) | 18:16:47 |
| @olmari:hacklab.fi | As a bystander thoughts, in case anyone cares :) | 18:17:27 |
| Maximus | TravisR: still hoping to know which HTTP status code should be used if both methods are supported, but one is not authorized for that specific request | 18:23:27 |
| TravisR | 403, as you said. | 18:23:40 |
| TravisR | just like regular HTTP | 18:23:48 |
| Maximus | Any reason that's not in the spec then? | 18:24:22 |
| TravisR | not wanting to explain how HTTP status codes are inherited for every single endpoint ever | 18:25:10 |
| Maximus | so any HTTP status code is valid for any endpoint in the spec? | 18:25:37 |
| TravisR | within reason, obviously. | 18:25:52 |
| Maximus | So how can mxisd not be compliant? | 18:26:10 |
| Maximus | what am I supposed to change? | 18:26:19 |
| TravisR | I already said that my last source of information said it was non-compliant | 18:26:33 |
| Maximus | yes but non-compliant how | 18:26:42 |
| Maximus | what am I missing | 18:26:51 |
| TravisR | The returned error was incompatible with the spec at the time. | 18:27:10 |
| Maximus | How so? This is the first time the endpoint is in a spec release and you just confirmed any status code can be used | 18:27:44 |
| TravisR | I don't see how this line of questioning matters | 18:28:06 |
| Maximus | I would like to make mxisd compliant | 18:28:23 |
| Maximus | I'm not seeing how it's non-compliant | 18:28:29 |
| TravisR | If you're compliant now: congratulations. I won't be performing an audit to make that decision for you. | 18:28:32 |
| Maximus | Clearly some audit was done at some point, but you're not saying what that said except "non-compliant" | 18:30:13 |
