Home Explore Help
Register Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Tree: 3a344f6588
Branches Tags
synapse
/
v1.80
/
modules
/
password_auth_provider_callbacks.html

password_auth_provider_callbacks.html 36 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439 
  1. <!DOCTYPE HTML>
    2. 

  2. <html lang="en" class="sidebar-visible no-js light">
    3. 

  3.     <head>
    4. 

  4.         <!-- Book generated using mdBook -->
    5. 

  5.         <meta charset="UTF-8">
    6. 

  6.         <title>Password auth provider callbacks - Synapse</title>
    7. 

  7.         <!-- Custom HTML head -->
    8. 

  8.         <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
    9. 

  9.         <meta name="description" content="">
    10. 

  10.         <meta name="viewport" content="width=device-width, initial-scale=1">
    11. 

  11.         <meta name="theme-color" content="#ffffff" />
    12. 

  12. 

  13.         <link rel="icon" href="../favicon.svg">
    14. 

  14.         <link rel="shortcut icon" href="../favicon.png">
    15. 

  15.         <link rel="stylesheet" href="../css/variables.css">
    16. 

  16.         <link rel="stylesheet" href="../css/general.css">
    17. 

  17.         <link rel="stylesheet" href="../css/chrome.css">
    18. 

  18.         <link rel="stylesheet" href="../css/print.css" media="print">
    19. 

  19.         <!-- Fonts -->
    20. 

  20.         <link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
    21. 

  21.         <link rel="stylesheet" href="../fonts/fonts.css">
    22. 

  22.         <!-- Highlight.js Stylesheets -->
    23. 

  23.         <link rel="stylesheet" href="../highlight.css">
    24. 

  24.         <link rel="stylesheet" href="../tomorrow-night.css">
    25. 

  25.         <link rel="stylesheet" href="../ayu-highlight.css">
    26. 

  26. 

  27.         <!-- Custom theme stylesheets -->
    28. 

  28.         <link rel="stylesheet" href="../docs/website_files/table-of-contents.css">
    29. 

  29.         <link rel="stylesheet" href="../docs/website_files/remove-nav-buttons.css">
    30. 

  30.         <link rel="stylesheet" href="../docs/website_files/indent-section-headers.css">
    31. 

  31.         <link rel="stylesheet" href="../docs/website_files/version-picker.css">
    32. 

  32.     </head>
    33. 

  33.     <body>
    34. 

  34.         <!-- Provide site root to javascript -->
    35. 

  35.         <script type="text/javascript">
    36. 

  36.             var path_to_root = "../";
    37. 

  37.             var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
    38. 

  38.         </script>
    39. 

  39. 

  40.         <!-- Work around some values being stored in localStorage wrapped in quotes -->
    41. 

  41.         <script type="text/javascript">
    42. 

  42.             try {
    43. 

  43.                 var theme = localStorage.getItem('mdbook-theme');
    44. 

  44.                 var sidebar = localStorage.getItem('mdbook-sidebar');
    45. 

  45.                 if (theme.startsWith('"') && theme.endsWith('"')) {
    46. 

  46.                     localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
    47. 

  47.                 }
    48. 

  48.                 if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
    49. 

  49.                     localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
    50. 

  50.                 }
    51. 

  51.             } catch (e) { }
    52. 

  52.         </script>
    53. 

  53. 

  54.         <!-- Set the theme before any content is loaded, prevents flash -->
    55. 

  55.         <script type="text/javascript">
    56. 

  56.             var theme;
    57. 

  57.             try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
    58. 

  58.             if (theme === null || theme === undefined) { theme = default_theme; }
    59. 

  59.             var html = document.querySelector('html');
    60. 

  60.             html.classList.remove('no-js')
    61. 

  61.             html.classList.remove('light')
    62. 

  62.             html.classList.add(theme);
    63. 

  63.             html.classList.add('js');
    64. 

  64.         </script>
    65. 

  65. 

  66.         <!-- Hide / unhide sidebar before it is displayed -->
    67. 

  67.         <script type="text/javascript">
    68. 

  68.             var html = document.querySelector('html');
    69. 

  69.             var sidebar = 'hidden';
    70. 

  70.             if (document.body.clientWidth >= 1080) {
    71. 

  71.                 try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
    72. 

  72.                 sidebar = sidebar || 'visible';
    73. 

  73.             }
    74. 

  74.             html.classList.remove('sidebar-visible');
    75. 

  75.             html.classList.add("sidebar-" + sidebar);
    76. 

  76.         </script>
    77. 

  77. 

  78.         <nav id="sidebar" class="sidebar" aria-label="Table of contents">
    79. 

  79.             <div class="sidebar-scrollbox">
    80. 

  80.                 <ol class="chapter"><li class="chapter-item expanded affix "><li class="part-title">Introduction</li><li class="chapter-item expanded "><a href="../welcome_and_overview.html">Welcome and Overview</a></li><li class="chapter-item expanded affix "><li class="part-title">Setup</li><li class="chapter-item expanded "><a href="../setup/installation.html">Installation</a></li><li class="chapter-item expanded "><a href="../postgres.html">Using Postgres</a></li><li class="chapter-item expanded "><a href="../reverse_proxy.html">Configuring a Reverse Proxy</a></li><li class="chapter-item expanded "><a href="../setup/forward_proxy.html">Configuring a Forward/Outbound Proxy</a></li><li class="chapter-item expanded "><a href="../turn-howto.html">Configuring a Turn Server</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../setup/turn/coturn.html">coturn TURN server</a></li><li class="chapter-item expanded "><a href="../setup/turn/eturnal.html">eturnal TURN server</a></li></ol></li><li class="chapter-item expanded "><a href="../delegate.html">Delegation</a></li><li class="chapter-item expanded affix "><li class="part-title">Upgrading</li><li class="chapter-item expanded "><a href="../upgrade.html">Upgrading between Synapse Versions</a></li><li class="chapter-item expanded affix "><li class="part-title">Usage</li><li class="chapter-item expanded "><a href="../federate.html">Federation</a></li><li class="chapter-item expanded "><a href="../usage/configuration/index.html">Configuration</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../usage/configuration/config_documentation.html">Configuration Manual</a></li><li class="chapter-item expanded "><a href="../usage/configuration/homeserver_sample_config.html">Homeserver Sample Config File</a></li><li class="chapter-item expanded "><a href="../usage/configuration/logging_sample_config.html">Logging Sample Config File</a></li><li class="chapter-item expanded "><a href="../structured_logging.html">Structured Logging</a></li><li class="chapter-item expanded "><a href="../templates.html">Templates</a></li><li class="chapter-item expanded "><a href="../usage/configuration/user_authentication/index.html">User Authentication</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../usage/configuration/user_authentication/single_sign_on/index.html">Single-Sign On</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../openid.html">OpenID Connect</a></li><li class="chapter-item expanded "><a href="../usage/configuration/user_authentication/single_sign_on/saml.html">SAML</a></li><li class="chapter-item expanded "><a href="../usage/configuration/user_authentication/single_sign_on/cas.html">CAS</a></li><li class="chapter-item expanded "><a href="../sso_mapping_providers.html">SSO Mapping Providers</a></li></ol></li><li class="chapter-item expanded "><a href="../password_auth_providers.html">Password Auth Providers</a></li><li class="chapter-item expanded "><a href="../jwt.html">JSON Web Tokens</a></li><li class="chapter-item expanded "><a href="../usage/configuration/user_authentication/refresh_tokens.html">Refresh Tokens</a></li></ol></li><li class="chapter-item expanded "><a href="../CAPTCHA_SETUP.html">Registration Captcha</a></li><li class="chapter-item expanded "><a href="../application_services.html">Application Services</a></li><li class="chapter-item expanded "><a href="../server_notices.html">Server Notices</a></li><li class="chapter-item expanded "><a href="../consent_tracking.html">Consent Tracking</a></li><li class="chapter-item expanded "><a href="../user_directory.html">User Directory</a></li><li class="chapter-item expanded "><a href="../message_retention_policies.html">Message Retention Policies</a></li><li class="chapter-item expanded "><a href="../modules/index.html">Pluggable Modules</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../modules/writing_a_module.html">Writing a module</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../modules/spam_checker_callbacks.html">Spam checker callbacks</a></li><li class="chapter-item expanded "><a href="../modules/third_party_rules_callbacks.html">Third-party rules callbacks</a></li><li class="chapter-item expanded "><a href="../modules/presence_router_callbacks.html">Presence router callbacks</a></li><li class="chapter-item expanded "><a href="../modules/account_validity_callbacks.html">Account validity callbacks</a></li><li class="chapter-item expanded "><a href="../modules/password_auth_provider_callbacks.html" class="active">Password auth provider callbacks</a></li><li class="chapter-item expanded "><a href="../modules/background_update_controller_callbacks.html">Background update controller callbacks</a></li><li class="chapter-item expanded "><a href="../modules/account_data_callbacks.html">Account data callbacks</a></li><li class="chapter-item expanded "><a href="../modules/porting_legacy_module.html">Porting a legacy module to the new interface</a></li></ol></li></ol></li><li class="chapter-item expanded "><a href="../workers.html">Workers</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../synctl_workers.html">Using synctl with Workers</a></li><li class="chapter-item expanded "><a href="../systemd-with-workers/index.html">Systemd</a></li></ol></li></ol></li><li class="chapter-item expanded "><a href="../usage/administration/index.html">Administration</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../usage/administration/admin_api/index.html">Admin API</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../admin_api/account_validity.html">Account Validity</a></li><li class="chapter-item expanded "><a href="../usage/administration/admin_api/background_updates.html">Background Updates</a></li><li class="chapter-item expanded "><a href="../admin_api/event_reports.html">Event Reports</a></li><li class="chapter-item expanded "><a href="../admin_api/media_admin_api.html">Media</a></li><li class="chapter-item expanded "><a href="../admin_api/purge_history_api.html">Purge History</a></li><li class="chapter-item expanded "><a href="../admin_api/register_api.html">Register Users</a></li><li class="chapter-item expanded "><a href="../usage/administration/admin_api/registration_tokens.html">Registration Tokens</a></li><li class="chapter-item expanded "><a href="../admin_api/room_membership.html">Manipulate Room Membership</a></li><li class="chapter-item expanded "><a href="../admin_api/rooms.html">Rooms</a></li><li class="chapter-item expanded "><a href="../admin_api/server_notices.html">Server Notices</a></li><li class="chapter-item expanded "><a href="../admin_api/statistics.html">Statistics</a></li><li class="chapter-item expanded "><a href="../admin_api/user_admin_api.html">Users</a></li><li class="chapter-item expanded "><a href="../admin_api/version_api.html">Server Version</a></li><li class="chapter-item expanded "><a href="../usage/administration/admin_api/federation.html">Federation</a></li></ol></li><li class="chapter-item expanded "><a href="../manhole.html">Manhole</a></li><li class="chapter-item expanded "><a href="../metrics-howto.html">Monitoring</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../usage/administration/monitoring/reporting_homeserver_usage_statistics.html">Reporting Homeserver Usage Statistics</a></li></ol></li><li class="chapter-item expanded "><a href="../usage/administration/monthly_active_users.html">Monthly Active Users</a></li><li class="chapter-item expanded "><a href="../usage/administration/understanding_synapse_through_grafana_graphs.html">Understanding Synapse Through Grafana Graphs</a></li><li class="chapter-item expanded "><a href="../usage/administration/useful_sql_for_admins.html">Useful SQL for Admins</a></li><li class="chapter-item expanded "><a href="../usage/administration/database_maintenance_tools.html">Database Maintenance Tools</a></li><li class="chapter-item expanded "><a href="../usage/administration/state_groups.html">State Groups</a></li><li class="chapter-item expanded "><a href="../usage/administration/request_log.html">Request log format</a></li><li class="chapter-item expanded "><a href="../usage/administration/admin_faq.html">Admin FAQ</a></li><li class="chapter-item expanded "><div>Scripts</div></li></ol></li><li class="chapter-item expanded "><li class="part-title">Development</li><li class="chapter-item expanded "><a href="../development/contributing_guide.html">Contributing Guide</a></li><li class="chapter-item expanded "><a href="../code_style.html">Code Style</a></li><li class="chapter-item expanded "><a href="../development/reviews.html">Reviewing Code</a></li><li class="chapter-item expanded "><a href="../development/releases.html">Release Cycle</a></li><li class="chapter-item expanded "><a href="../development/git.html">Git Usage</a></li><li class="chapter-item expanded "><div>Testing</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../development/demo.html">Demo scripts</a></li></ol></li><li class="chapter-item expanded "><a href="../opentracing.html">OpenTracing</a></li><li class="chapter-item expanded "><a href="../development/database_schema.html">Database Schemas</a></li><li class="chapter-item expanded "><a href="../development/experimental_features.html">Experimental features</a></li><li class="chapter-item expanded "><a href="../development/dependencies.html">Dependency management</a></li><li class="chapter-item expanded "><div>Synapse Architecture</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../development/synapse_architecture/cancellation.html">Cancellation</a></li><li class="chapter-item expanded "><a href="../log_contexts.html">Log Contexts</a></li><li class="chapter-item expanded "><a href="../replication.html">Replication</a></li><li class="chapter-item expanded "><a href="../tcp_replication.html">TCP Replication</a></li><li class="chapter-item expanded "><a href="../development/synapse_architecture/faster_joins.html">Faster remote joins</a></li></ol></li><li class="chapter-item expanded "><a href="../development/internal_documentation/index.html">Internal Documentation</a></li><li><ol class="section"><li class="chapter-item expanded "><div>Single Sign-On</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../development/saml.html">SAML</a></li><li class="chapter-item expanded "><a href="../development/cas.html">CAS</a></li></ol></li><li class="chapter-item expanded "><a href="../development/room-dag-concepts.html">Room DAG concepts</a></li><li class="chapter-item expanded "><div>State Resolution</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../auth_chain_difference_algorithm.html">The Auth Chain Difference Algorithm</a></li></ol></li><li class="chapter-item expanded "><a href="../media_repository.html">Media Repository</a></li><li class="chapter-item expanded "><a href="../room_and_user_statistics.html">Room and User Statistics</a></li></ol></li><li class="chapter-item expanded "><div>Scripts</div></li><li class="chapter-item expanded affix "><li class="part-title">Other</li><li class="chapter-item expanded "><a href="../deprecation_policy.html">Dependency Deprecation Policy</a></li><li class="chapter-item expanded "><a href="../other/running_synapse_on_single_board_computers.html">Running Synapse on a Single-Board Computer</a></li></ol>
    81. 

  81.             </div>
    82. 

  82.             <div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
    83. 

  83.         </nav>
    84. 

  84. 

  85.         <div id="page-wrapper" class="page-wrapper">
    86. 

  86. 

  87.             <div class="page">
    88. 

  88.                 <div id="menu-bar-hover-placeholder"></div>
    89. 

  89.                 <div id="menu-bar" class="menu-bar sticky bordered">
    90. 

  90.                     <div class="left-buttons">
    91. 

  91.                         <button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
    92. 

  92.                             <i class="fa fa-bars"></i>
    93. 

  93.                         </button>
    94. 

  94.                         <button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
    95. 

  95.                             <i class="fa fa-paint-brush"></i>
    96. 

  96.                         </button>
    97. 

  97.                         <ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
    98. 

  98.                             <li role="none"><button role="menuitem" class="theme" id="light">Light (default)</button></li>
    99. 

  99.                             <li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
    100. 

  100.                             <li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
    101. 

  101.                             <li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
    102. 

  102.                             <li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
    103. 

  103.                         </ul>
    104. 

  104.                         <button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
    105. 

  105.                             <i class="fa fa-search"></i>
    106. 

  106.                         </button>
    107. 

  107.                         <div class="version-picker">
    108. 

  108.                             <div class="dropdown">
    109. 

  109.                                 <div class="select">
    110. 

  110.                                     <span></span>
    111. 

  111.                                     <i class="fa fa-chevron-down"></i>
    112. 

  112.                                 </div>
    113. 

  113.                                 <input type="hidden" name="version">
    114. 

  114.                                 <ul class="dropdown-menu">
    115. 

  115.                                     <!-- Versions will be added dynamically in version-picker.js -->
    116. 

  116.                                 </ul>
    117. 

  117.                             </div>
    118. 

  118.                         </div>      
    119. 

  119.                     </div>
    120. 

  120. 

  121.                     <h1 class="menu-title">Synapse</h1>
    122. 

  122. 

  123.                     <div class="right-buttons">
    124. 

  124.                         <a href="../print.html" title="Print this book" aria-label="Print this book">
    125. 

  125.                             <i id="print-button" class="fa fa-print"></i>
    126. 

  126.                         </a>
    127. 

  127.                         <a href="https://github.com/matrix-org/synapse" title="Git repository" aria-label="Git repository">
    128. 

  128.                             <i id="git-repository-button" class="fa fa-github"></i>
    129. 

  129.                         </a>
    130. 

  130.                         <a href="https://github.com/matrix-org/synapse/edit/develop/docs/modules/password_auth_provider_callbacks.md" title="Suggest an edit" aria-label="Suggest an edit">
    131. 

  131.                             <i id="git-edit-button" class="fa fa-edit"></i>
    132. 

  132.                         </a>
    133. 

  133.                     </div>
    134. 

  134.                 </div>
    135. 

  135. 

  136.                 <div id="search-wrapper" class="hidden">
    137. 

  137.                     <form id="searchbar-outer" class="searchbar-outer">
    138. 

  138.                         <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
    139. 

  139.                     </form>
    140. 

  140.                     <div id="searchresults-outer" class="searchresults-outer hidden">
    141. 

  141.                         <div id="searchresults-header" class="searchresults-header"></div>
    142. 

  142.                         <ul id="searchresults">
    143. 

  143.                         </ul>
    144. 

  144.                     </div>
    145. 

  145.                 </div>
    146. 

  146.                 <!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
    147. 

  147.                 <script type="text/javascript">
    148. 

  148.                     document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
    149. 

  149.                     document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
    150. 

  150.                     Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
    151. 

  151.                         link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
    152. 

  152.                     });
    153. 

  153.                 </script>
    154. 

  154. 

  155.                 <div id="content" class="content">
    156. 

  156.                     <main>
    157. 

  157.                         <!-- Page table of contents -->
    158. 

  158.                         <div class="sidetoc">
    159. 

  159.                             <nav class="pagetoc"></nav>
    160. 

  160.                         </div>
    161. 

  161. 

  162.                         <h1 id="password-auth-provider-callbacks"><a class="header" href="#password-auth-provider-callbacks">Password auth provider callbacks</a></h1>
    163. 

  163. <p>Password auth providers offer a way for server administrators to integrate
    164. 

  164. their Synapse installation with an external authentication system. The callbacks can be
    165. 

  165. registered by using the Module API's <code>register_password_auth_provider_callbacks</code> method.</p>
    166. 

  166. <h2 id="callbacks"><a class="header" href="#callbacks">Callbacks</a></h2>
    167. 

  167. <h3 id="auth_checkers"><a class="header" href="#auth_checkers"><code>auth_checkers</code></a></h3>
    168. 

  168. <p><em>First introduced in Synapse v1.46.0</em></p>
    169. 

  169. <pre><code class="language-python">auth_checkers: Dict[Tuple[str, Tuple[str, ...]], Callable]
    170. 

  170. </code></pre>
    171. 

  171. <p>A dict mapping from tuples of a login type identifier (such as <code>m.login.password</code>) and a
    172. 

  172. tuple of field names (such as <code>(&quot;password&quot;, &quot;secret_thing&quot;)</code>) to authentication checking
    173. 

  173. callbacks, which should be of the following form:</p>
    174. 

  174. <pre><code class="language-python">async def check_auth(
    175. 

  175.     user: str,
    176. 

  176.     login_type: str,
    177. 

  177.     login_dict: &quot;synapse.module_api.JsonDict&quot;,
    178. 

  178. ) -&gt; Optional[
    179. 

  179.     Tuple[
    180. 

  180.         str, 
    181. 

  181.         Optional[Callable[[&quot;synapse.module_api.LoginResponse&quot;], Awaitable[None]]]
    182. 

  182.     ]
    183. 

  183. ]
    184. 

  184. </code></pre>
    185. 

  185. <p>The login type and field names should be provided by the user in the
    186. 

  186. request to the <code>/login</code> API. <a href="https://matrix.org/docs/spec/client_server/latest#authentication-types">The Matrix specification</a>
    187. 

  187. defines some types, however user defined ones are also allowed.</p>
    188. 

  188. <p>The callback is passed the <code>user</code> field provided by the client (which might not be in
    189. 

  189. <code>@username:server</code> form), the login type, and a dictionary of login secrets passed by
    190. 

  190. the client.</p>
    191. 

  191. <p>If the authentication is successful, the module must return the user's Matrix ID (e.g. 
    192. 

  192. <code>@alice:example.com</code>) and optionally a callback to be called with the response to the
    193. 

  193. <code>/login</code> request. If the module doesn't wish to return a callback, it must return <code>None</code>
    194. 

  194. instead.</p>
    195. 

  195. <p>If the authentication is unsuccessful, the module must return <code>None</code>.</p>
    196. 

  196. <p>If multiple modules register an auth checker for the same login type but with different
    197. 

  197. fields, Synapse will refuse to start.</p>
    198. 

  198. <p>If multiple modules register an auth checker for the same login type with the same fields,
    199. 

  199. then the callbacks will be executed in order, until one returns a Matrix User ID (and
    200. 

  200. optionally a callback). In that case, the return value of that callback will be accepted
    201. 

  201. and subsequent callbacks will not be fired. If every callback returns <code>None</code>, then the
    202. 

  202. authentication fails.</p>
    203. 

  203. <h3 id="check_3pid_auth"><a class="header" href="#check_3pid_auth"><code>check_3pid_auth</code></a></h3>
    204. 

  204. <p><em>First introduced in Synapse v1.46.0</em></p>
    205. 

  205. <pre><code class="language-python">async def check_3pid_auth(
    206. 

  206.     medium: str, 
    207. 

  207.     address: str,
    208. 

  208.     password: str,
    209. 

  209. ) -&gt; Optional[
    210. 

  210.     Tuple[
    211. 

  211.         str, 
    212. 

  212.         Optional[Callable[[&quot;synapse.module_api.LoginResponse&quot;], Awaitable[None]]]
    213. 

  213.     ]
    214. 

  214. ]
    215. 

  215. </code></pre>
    216. 

  216. <p>Called when a user attempts to register or log in with a third party identifier,
    217. 

  217. such as email. It is passed the medium (eg. <code>email</code>), an address (eg. <code>jdoe@example.com</code>)
    218. 

  218. and the user's password.</p>
    219. 

  219. <p>If the authentication is successful, the module must return the user's Matrix ID (e.g. 
    220. 

  220. <code>@alice:example.com</code>) and optionally a callback to be called with the response to the <code>/login</code> request.
    221. 

  221. If the module doesn't wish to return a callback, it must return None instead.</p>
    222. 

  222. <p>If the authentication is unsuccessful, the module must return <code>None</code>.</p>
    223. 

  223. <p>If multiple modules implement this callback, they will be considered in order. If a
    224. 

  224. callback returns <code>None</code>, Synapse falls through to the next one. The value of the first
    225. 

  225. callback that does not return <code>None</code> will be used. If this happens, Synapse will not call
    226. 

  226. any of the subsequent implementations of this callback. If every callback returns <code>None</code>,
    227. 

  227. the authentication is denied.</p>
    228. 

  228. <h3 id="on_logged_out"><a class="header" href="#on_logged_out"><code>on_logged_out</code></a></h3>
    229. 

  229. <p><em>First introduced in Synapse v1.46.0</em></p>
    230. 

  230. <pre><code class="language-python">async def on_logged_out(
    231. 

  231.     user_id: str,
    232. 

  232.     device_id: Optional[str],
    233. 

  233.     access_token: str
    234. 

  234. ) -&gt; None
    235. 

  235. </code></pre>
    236. 

  236. <p>Called during a logout request for a user. It is passed the qualified user ID, the ID of the
    237. 

  237. deactivated device (if any: access tokens are occasionally created without an associated
    238. 

  238. device ID), and the (now deactivated) access token.</p>
    239. 

  239. <p>If multiple modules implement this callback, Synapse runs them all in order.</p>
    240. 

  240. <h3 id="get_username_for_registration"><a class="header" href="#get_username_for_registration"><code>get_username_for_registration</code></a></h3>
    241. 

  241. <p><em>First introduced in Synapse v1.52.0</em></p>
    242. 

  242. <pre><code class="language-python">async def get_username_for_registration(
    243. 

  243.     uia_results: Dict[str, Any],
    244. 

  244.     params: Dict[str, Any],
    245. 

  245. ) -&gt; Optional[str]
    246. 

  246. </code></pre>
    247. 

  247. <p>Called when registering a new user. The module can return a username to set for the user
    248. 

  248. being registered by returning it as a string, or <code>None</code> if it doesn't wish to force a
    249. 

  249. username for this user. If a username is returned, it will be used as the local part of a
    250. 

  250. user's full Matrix ID (e.g. it's <code>alice</code> in <code>@alice:example.com</code>).</p>
    251. 

  251. <p>This callback is called once <a href="https://spec.matrix.org/latest/client-server-api/#user-interactive-authentication-api">User-Interactive Authentication</a>
    252. 

  252. has been completed by the user. It is not called when registering a user via SSO. It is
    253. 

  253. passed two dictionaries, which include the information that the user has provided during
    254. 

  254. the registration process.</p>
    255. 

  255. <p>The first dictionary contains the results of the <a href="https://spec.matrix.org/latest/client-server-api/#user-interactive-authentication-api">User-Interactive Authentication</a>
    256. 

  256. flow followed by the user. Its keys are the identifiers of every step involved in the flow,
    257. 

  257. associated with either a boolean value indicating whether the step was correctly completed,
    258. 

  258. or additional information (e.g. email address, phone number...). A list of most existing
    259. 

  259. identifiers can be found in the <a href="https://spec.matrix.org/v1.1/client-server-api/#authentication-types">Matrix specification</a>.
    260. 

  260. Here's an example featuring all currently supported keys:</p>
    261. 

  261. <pre><code class="language-python">{
    262. 

  262.     &quot;m.login.dummy&quot;: True,  # Dummy authentication
    263. 

  263.     &quot;m.login.terms&quot;: True,  # User has accepted the terms of service for the homeserver
    264. 

  264.     &quot;m.login.recaptcha&quot;: True,  # User has completed the recaptcha challenge
    265. 

  265.     &quot;m.login.email.identity&quot;: {  # User has provided and verified an email address
    266. 

  266.         &quot;medium&quot;: &quot;email&quot;,
    267. 

  267.         &quot;address&quot;: &quot;alice@example.com&quot;,
    268. 

  268.         &quot;validated_at&quot;: 1642701357084,
    269. 

  269.     },
    270. 

  270.     &quot;m.login.msisdn&quot;: {  # User has provided and verified a phone number
    271. 

  271.         &quot;medium&quot;: &quot;msisdn&quot;,
    272. 

  272.         &quot;address&quot;: &quot;33123456789&quot;,
    273. 

  273.         &quot;validated_at&quot;: 1642701357084,
    274. 

  274.     },
    275. 

  275.     &quot;m.login.registration_token&quot;: &quot;sometoken&quot;,  # User has registered through a registration token
    276. 

  276. }
    277. 

  277. </code></pre>
    278. 

  278. <p>The second dictionary contains the parameters provided by the user's client in the request
    279. 

  279. to <code>/_matrix/client/v3/register</code>. See the <a href="https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3register">Matrix specification</a>
    280. 

  280. for a complete list of these parameters.</p>
    281. 

  281. <p>If the module cannot, or does not wish to, generate a username for this user, it must
    282. 

  282. return <code>None</code>.</p>
    283. 

  283. <p>If multiple modules implement this callback, they will be considered in order. If a
    284. 

  284. callback returns <code>None</code>, Synapse falls through to the next one. The value of the first
    285. 

  285. callback that does not return <code>None</code> will be used. If this happens, Synapse will not call
    286. 

  286. any of the subsequent implementations of this callback. If every callback returns <code>None</code>,
    287. 

  287. the username provided by the user is used, if any (otherwise one is automatically
    288. 

  288. generated).</p>
    289. 

  289. <h3 id="get_displayname_for_registration"><a class="header" href="#get_displayname_for_registration"><code>get_displayname_for_registration</code></a></h3>
    290. 

  290. <p><em>First introduced in Synapse v1.54.0</em></p>
    291. 

  291. <pre><code class="language-python">async def get_displayname_for_registration(
    292. 

  292.     uia_results: Dict[str, Any],
    293. 

  293.     params: Dict[str, Any],
    294. 

  294. ) -&gt; Optional[str]
    295. 

  295. </code></pre>
    296. 

  296. <p>Called when registering a new user. The module can return a display name to set for the
    297. 

  297. user being registered by returning it as a string, or <code>None</code> if it doesn't wish to force a
    298. 

  298. display name for this user.</p>
    299. 

  299. <p>This callback is called once <a href="https://spec.matrix.org/latest/client-server-api/#user-interactive-authentication-api">User-Interactive Authentication</a>
    300. 

  300. has been completed by the user. It is not called when registering a user via SSO. It is
    301. 

  301. passed two dictionaries, which include the information that the user has provided during
    302. 

  302. the registration process. These dictionaries are identical to the ones passed to
    303. 

  303. <a href="#get_username_for_registration"><code>get_username_for_registration</code></a>, so refer to the
    304. 

  304. documentation of this callback for more information about them.</p>
    305. 

  305. <p>If multiple modules implement this callback, they will be considered in order. If a
    306. 

  306. callback returns <code>None</code>, Synapse falls through to the next one. The value of the first
    307. 

  307. callback that does not return <code>None</code> will be used. If this happens, Synapse will not call
    308. 

  308. any of the subsequent implementations of this callback. If every callback returns <code>None</code>,
    309. 

  309. the username will be used (e.g. <code>alice</code> if the user being registered is <code>@alice:example.com</code>).</p>
    310. 

  310. <h2 id="is_3pid_allowed"><a class="header" href="#is_3pid_allowed"><code>is_3pid_allowed</code></a></h2>
    311. 

  311. <p><em>First introduced in Synapse v1.53.0</em></p>
    312. 

  312. <pre><code class="language-python">async def is_3pid_allowed(self, medium: str, address: str, registration: bool) -&gt; bool
    313. 

  313. </code></pre>
    314. 

  314. <p>Called when attempting to bind a third-party identifier (i.e. an email address or a phone
    315. 

  315. number). The module is given the medium of the third-party identifier (which is <code>email</code> if
    316. 

  316. the identifier is an email address, or <code>msisdn</code> if the identifier is a phone number) and
    317. 

  317. its address, as well as a boolean indicating whether the attempt to bind is happening as
    318. 

  318. part of registering a new user. The module must return a boolean indicating whether the
    319. 

  319. identifier can be allowed to be bound to an account on the local homeserver.</p>
    320. 

  320. <p>If multiple modules implement this callback, they will be considered in order. If a
    321. 

  321. callback returns <code>True</code>, Synapse falls through to the next one. The value of the first
    322. 

  322. callback that does not return <code>True</code> will be used. If this happens, Synapse will not call
    323. 

  323. any of the subsequent implementations of this callback.</p>
    324. 

  324. <h2 id="example"><a class="header" href="#example">Example</a></h2>
    325. 

  325. <p>The example module below implements authentication checkers for two different login types: </p>
    326. 

  326. <ul>
    327. 

  327. <li><code>my.login.type</code> 
    328. 

  328. <ul>
    329. 

  329. <li>Expects a <code>my_field</code> field to be sent to <code>/login</code></li>
    330. 

  330. <li>Is checked by the method: <code>self.check_my_login</code></li>
    331. 

  331. </ul>
    332. 

  332. </li>
    333. 

  333. <li><code>m.login.password</code> (defined in <a href="https://matrix.org/docs/spec/client_server/latest#password-based">the spec</a>)
    334. 

  334. <ul>
    335. 

  335. <li>Expects a <code>password</code> field to be sent to <code>/login</code></li>
    336. 

  336. <li>Is checked by the method: <code>self.check_pass</code></li>
    337. 

  337. </ul>
    338. 

  338. </li>
    339. 

  339. </ul>
    340. 

  340. <pre><code class="language-python">from typing import Awaitable, Callable, Optional, Tuple
    341. 

  341. 

  342. import synapse
    343. 

  343. from synapse import module_api
    344. 

  344. 

  345. 

  346. class MyAuthProvider:
    347. 

  347.     def __init__(self, config: dict, api: module_api):
    348. 

  348. 

  349.         self.api = api
    350. 

  350. 

  351.         self.credentials = {
    352. 

  352.             &quot;bob&quot;: &quot;building&quot;,
    353. 

  353.             &quot;@scoop:matrix.org&quot;: &quot;digging&quot;,
    354. 

  354.         }
    355. 

  355. 

  356.         api.register_password_auth_provider_callbacks(
    357. 

  357.             auth_checkers={
    358. 

  358.                 (&quot;my.login_type&quot;, (&quot;my_field&quot;,)): self.check_my_login,
    359. 

  359.                 (&quot;m.login.password&quot;, (&quot;password&quot;,)): self.check_pass,
    360. 

  360.             },
    361. 

  361.         )
    362. 

  362. 

  363.     async def check_my_login(
    364. 

  364.         self,
    365. 

  365.         username: str,
    366. 

  366.         login_type: str,
    367. 

  367.         login_dict: &quot;synapse.module_api.JsonDict&quot;,
    368. 

  368.     ) -&gt; Optional[
    369. 

  369.         Tuple[
    370. 

  370.             str,
    371. 

  371.             Optional[Callable[[&quot;synapse.module_api.LoginResponse&quot;], Awaitable[None]]],
    372. 

  372.         ]
    373. 

  373.     ]:
    374. 

  374.         if login_type != &quot;my.login_type&quot;:
    375. 

  375.             return None
    376. 

  376. 

  377.         if self.credentials.get(username) == login_dict.get(&quot;my_field&quot;):
    378. 

  378.             return (self.api.get_qualified_user_id(username), None)
    379. 

  379. 

  380.     async def check_pass(
    381. 

  381.         self,
    382. 

  382.         username: str,
    383. 

  383.         login_type: str,
    384. 

  384.         login_dict: &quot;synapse.module_api.JsonDict&quot;,
    385. 

  385.     ) -&gt; Optional[
    386. 

  386.         Tuple[
    387. 

  387.             str,
    388. 

  388.             Optional[Callable[[&quot;synapse.module_api.LoginResponse&quot;], Awaitable[None]]],
    389. 

  389.         ]
    390. 

  390.     ]:
    391. 

  391.         if login_type != &quot;m.login.password&quot;:
    392. 

  392.             return None
    393. 

  393. 

  394.         if self.credentials.get(username) == login_dict.get(&quot;password&quot;):
    395. 

  395.             return (self.api.get_qualified_user_id(username), None)
    396. 

  396. </code></pre>
    397. 

  397. 

  398.                     </main>
    399. 

  399. 

  400.                     <nav class="nav-wrapper" aria-label="Page navigation">
    401. 

  401.                         <!-- Mobile navigation buttons -->
    402. 

  402.                             <a rel="prev" href="../modules/account_validity_callbacks.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
    403. 

  403.                                 <i class="fa fa-angle-left"></i>
    404. 

  404.                             </a>
    405. 

  405.                             <a rel="next" href="../modules/background_update_controller_callbacks.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
    406. 

  406.                                 <i class="fa fa-angle-right"></i>
    407. 

  407.                             </a>
    408. 

  408.                         <div style="clear: both"></div>
    409. 

  409.                     </nav>
    410. 

  410.                 </div>
    411. 

  411.             </div>
    412. 

  412. 

  413.             <nav class="nav-wide-wrapper" aria-label="Page navigation">
    414. 

  414.                     <a rel="prev" href="../modules/account_validity_callbacks.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
    415. 

  415.                         <i class="fa fa-angle-left"></i>
    416. 

  416.                     </a>
    417. 

  417.                     <a rel="next" href="../modules/background_update_controller_callbacks.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
    418. 

  418.                         <i class="fa fa-angle-right"></i>
    419. 

  419.                     </a>
    420. 

  420.             </nav>
    421. 

  421. 

  422.         </div>
    423. 

  423. 

  424.         <script type="text/javascript">
    425. 

  425.             window.playground_copyable = true;
    426. 

  426.         </script>
    427. 

  427.         <script src="../elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
    428. 

  428.         <script src="../mark.min.js" type="text/javascript" charset="utf-8"></script>
    429. 

  429.         <script src="../searcher.js" type="text/javascript" charset="utf-8"></script>
    430. 

  430.         <script src="../clipboard.min.js" type="text/javascript" charset="utf-8"></script>
    431. 

  431.         <script src="../highlight.js" type="text/javascript" charset="utf-8"></script>
    432. 

  432.         <script src="../book.js" type="text/javascript" charset="utf-8"></script>
    433. 

  433. 

  434.         <!-- Custom JS scripts -->
    435. 

  435.         <script type="text/javascript" src="../docs/website_files/table-of-contents.js"></script>
    436. 

  436.         <script type="text/javascript" src="../docs/website_files/version-picker.js"></script>
    437. 

  437.         <script type="text/javascript" src="../docs/website_files/version.js"></script>
    438. 

  438.     </body>
    439. 

  439. </html>
    440.