FluffyChat generates invalid client_secret parameters
The Client-Server API specifies a client_secret
parameter must fit within the bounds of the regex [0-9a-zA-Z.=_-]
.
Fluffy chat currently generates client_secret
s in the form of SECRET:1234567890
: https://gitlab.com/ChristianPauly/fluffychat/blob/master/qml/scripts/AddPhoneDialogActions.js#L7
:
is an invalid character here.
We plan to begin enforcing this regex in Synapse, but want to make sure this won't adversely affect FluffyChat users. To do so, we'll allow :
characters as part of client_secret
for now (enforcing the approved regex otherwise), and later down the line disallow them again, consulting you before doing so.
Note that this regex only applied when someone is adding a third-party ID to their account. 3PIDs that have already been added are unaffected.