diff options
| author | Patrick Cloke <patrickc@matrix.org> | 2023-05-24 10:44:57 -0400 |
|---|---|---|
| committer | Patrick Cloke <patrickc@matrix.org> | 2023-05-24 10:44:57 -0400 |
| commit | ac0fb703bdb67bba4c4128543526850a52609fa4 (patch) | |
| tree | 3f6c62f0c77fc2ad53999f95a7e48df5997563a6 | |
| parent | Move ui_auth docs under session management. (diff) | |
| download | synapse-ac0fb703bdb67bba4c4128543526850a52609fa4.tar.xz | |
Add documentation.
| -rw-r--r-- | docs/usage/configuration/config_documentation.md | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index d61492ba6a..abeed923b7 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -2582,8 +2582,8 @@ the user-interactive authentication process, by allowing for multiple (and potentially different) operations to use the same validation session. This is ignored for potentially "dangerous" operations (including -deactivating an account, modifying an account password, and -adding a 3PID). +deactivating an account, modifying an account password, adding a 3PID, +and minting additional login tokens). Use the `session_timeout` sub-option here to change the time allowed for credential validation. @@ -2593,6 +2593,27 @@ ui_auth: session_timeout: "15s" ``` --- +### `login_via_existing_session` + +Matrix supports the ability of an existing session to mint a login token for +another client. + +Synapse disables this by default as it has security ramifications. + +The duration of time the generated token is valid for can be configured with the +`token_timeout` sub-option. + +User-interactive authentication is required when this is enabled unless the +`require_ui_auth` sub-option is set to `False`. + +Example configuration: +```yaml +login_via_existing_session: + enabled: true + require_ui_auth: false + token_timeout: "5m" +``` +--- ## Metrics Config options related to metrics. |