diff options
| author | Erik Johnston <erik@matrix.org> | 2018-07-23 13:21:15 +0100 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2018-07-23 13:21:15 +0100 |
| commit | 0b0b24cb82d3337bef5d3dd4b960990934d8d5c5 (patch) | |
| tree | 3cbf0143b30ef340a91a99f5d491ee2eb7aa5e8c /docs | |
| parent | Update docs/workers.rst (diff) | |
| parent | Merge pull request #3520 from matrix-org/matthew/sync_deleted_devices (diff) | |
| download | synapse-0b0b24cb82d3337bef5d3dd4b960990934d8d5c5.tar.xz | |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/client_apis_move
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/admin_api/register_api.rst | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/docs/admin_api/register_api.rst b/docs/admin_api/register_api.rst new file mode 100644 index 0000000000..209cd140fd --- /dev/null +++ b/docs/admin_api/register_api.rst @@ -0,0 +1,63 @@ +Shared-Secret Registration +========================== + +This API allows for the creation of users in an administrative and +non-interactive way. This is generally used for bootstrapping a Synapse +instance with administrator accounts. + +To authenticate yourself to the server, you will need both the shared secret +(``registration_shared_secret`` in the homeserver configuration), and a +one-time nonce. If the registration shared secret is not configured, this API +is not enabled. + +To fetch the nonce, you need to request one from the API:: + + > GET /_matrix/client/r0/admin/register + + < {"nonce": "thisisanonce"} + +Once you have the nonce, you can make a ``POST`` to the same URL with a JSON +body containing the nonce, username, password, whether they are an admin +(optional, False by default), and a HMAC digest of the content. + +As an example:: + + > POST /_matrix/client/r0/admin/register + > { + "nonce": "thisisanonce", + "username": "pepper_roni", + "password": "pizza", + "admin": true, + "mac": "mac_digest_here" + } + + < { + "access_token": "token_here", + "user_id": "@pepper_roni@test", + "home_server": "test", + "device_id": "device_id_here" + } + +The MAC is the hex digest output of the HMAC-SHA1 algorithm, with the key being +the shared secret and the content being the nonce, user, password, and either +the string "admin" or "notadmin", each separated by NULs. For an example of +generation in Python:: + + import hmac, hashlib + + def generate_mac(nonce, user, password, admin=False): + + mac = hmac.new( + key=shared_secret, + digestmod=hashlib.sha1, + ) + + mac.update(nonce.encode('utf8')) + mac.update(b"\x00") + mac.update(user.encode('utf8')) + mac.update(b"\x00") + mac.update(password.encode('utf8')) + mac.update(b"\x00") + mac.update(b"admin" if admin else b"notadmin") + + return mac.hexdigest() |