Matrix: Logging-in with an access_token

[samip5]

❓ Question
I cannot seem to figure out what's the proper syntax for matrix notify urls.

I have the token already but I cannot figure out how do I get it to login using m.login.token and NOT m.login.password (as that is disabled)?

The URL I tried is simply: matrixs://smb:<token>@matrix.pikaviestin.fi and I want to send the notify to specific room but it won't let it work in syntax matrixs://<token>@matrix.pikaviestin.fi/<internal-room-id-with-!>

2023-06-26 07:18:46,068 - DEBUG - Matrix POST URL: https://matrix.pikaviestin.fi:/_matrix/client/r0/login (cert_verify=True)
2023-06-26 07:18:46,068 - DEBUG - Matrix Payload: {'type': 'm.login.password', 'user': 'smb', 'password': '<token>'}
2023-06-26 07:18:46,157 - WARNING - Failed to handshake with Matrix server: Bad Request - Unsupported Parameters., error=400.
2023-06-26 07:18:46,157 - DEBUG - Response Details:
b'{"errcode":"M_UNKNOWN","error":"Password login has been disabled."}'
2023-06-26 07:18:46,158 - DEBUG - Matrix POST URL: https://matrix.pikaviestin.fi:/_matrix/client/r0/register (cert_verify=True)
2023-06-26 07:18:46,158 - DEBUG - Matrix Payload: {'kind': 'user', 'auth': {'type': 'm.login.dummy'}, 'username': 'smb', 'password': '<token>'}
2023-06-26 07:18:46,255 - WARNING - Failed to handshake with Matrix server: Unauthorized - Invalid Token., error=403.
2023-06-26 07:18:46,255 - DEBUG - Response Details:
b'{"errcode":"M_FORBIDDEN","error":"Registration has been disabled"}'

[caronc]

There is a bug on my end. In the URL being posted, you can see that it's adding a colon at the end of the URL (as though a port number might follow but there isn't one).

I've fixed it in a local branch this weekend, but I've also see set up a matrix server on my side. I'm going to go through the whole plugin and revitalize it.

[samip5]

There is a bug on my end. In the URL being posted, you can see that it's adding a colon at the end of the URL (as though a port number might follow but there isn't one).

I don't think that's the issue per se. I checked the code and there appears to be no way to give it the access_token directly when logging in via password is disabled on server side (as it's using oauth).

[uqlel]

@caronc Will this be implemented? For me it's currently pretty useless because it logins every time and gets new access token so two messages sent without a long break make only one of the message arrive because server throttles the login:

2024-01-17 14:13:18,176 [WARNING] apprise: Matrix server requested we throttle back 250.511ms; retries left 1.
2024-01-17 14:13:18,338 [WARNING] apprise: Matrix server requested we throttle back 250.349ms; retries left 0.
2024-01-17 14:17:28,853 [WARNING] apprise: Failed to handshake with Matrix server: Unauthorized - Invalid Token., error=403.

Logging by access token would solve this because it would do all the requests with the same access token so it wouldn't be throttled

[jribal]

Hey @uqlel,

You can increase rc_login Matrix rc_login documentation

I set:

  account:
    per_second: 5
    burst_count: 40

I still throttle sometimes but 2.5ms max instead of 250ms and it works for my use case.
Until an access token solution gets implemented it could work if you find a good value.

I had this throttle error but could not understand it was a login throttle and not a message throttle.

[caronc]

@uqlel : I'm trying to find a webhook standard for Matrix right now. One thing with webhooks is that it doesn't appear to support attachments. It seems to be a third party addon such as this, but upon googling, there are other formats as well.

What (Matrix) service are you specifically using if you don't mind me asking? Also if my interpretation above is really wrong, please correct me too! 🙂

[samip5]

I'm trying to find a webhook standard for Matrix right now.

Please see https://spec.matrix.org/v1.9/client-server-api/#authentication-types for how one could auth via token directly, and matrix-org/matrix-spec#541

[caronc]

Adding support for the m.login.registration_token (link) still looks like i need to authenticate with that (instead of a user/pass) to get a session id to work with. This process needs to be repeated for each use of Apprise (so the extra hit on the server).

Apprise keeps the session as long as it's instance is running. But calling it from the CLI or API, after the service has done it's deed, memory is freed and the session information is lost. I think this is what you're experiencing.

The only true solution will be for persistent storage (ticket here). Basically what you're looking for is After Apprise acquires your session, it holds onto it and re-uses it on future instances (saving the extra http request). The trade off of this is Apprise starts managing a small database which can grow, needs management, etc). When I do get around to adding persistent storage, this would be yet another use case for it.

Perhaps i should increase the throttle time (to adapt a little better and prevent clever workarounds like @jribal found)?

[samip5]

Adding support for the m.login.registration_token (link) still looks like i need to authenticate with that (instead of a user/pass) to get a session id to work with. This process needs to be repeated for each use of Apprise (so the extra hit on the server).

Please add instead support for direct m.login.token (link).
The registration token will not work if the Matrix server doesn't have direct registrations enabled and instead is SSO-only, which many are. Eg. let us give it the token to use, which we can generate out-of-band.