Download Matrix Client

[Gertrud Inabinet]

Discord has a bunch of great features that makes it really user friendly, are there any Matrix clients that gets close to such an experience? Link and image imbeds, message search, channels/rooms, etc.

download matrix client

DOWNLOAD https://morvilahi.blogspot.com/?tgog=2wZiRG

The client-server API allows clients tosend messages, control rooms and synchronise conversation history. It isdesigned to support both lightweight clients which store no state andlazy-load data from the server as required - as well as heavyweightclients which maintain a full local persistent copy of server state.

All POST and PUT endpoints, with the exception of POST /_matrix/media/v3/upload and PUT /_matrix/media/v3/upload/serverName/mediaId,require the client to supply a request body containing a (potentially empty)JSON object. Clients should supply a Content-Type header ofapplication/json for all requests with JSON bodies, but this is not required.

Errors are generally best expressed by their error code rather than theHTTP status code returned. When encountering the error code M_UNKNOWN,clients should prefer the HTTP status code as a more reliable referencefor what the issue was. For example, if the client receives an errorcode of M_NOT_FOUND but the request gave a 400 Bad Request statuscode, the client should treat the error as if the resource was notfound. However, if the client were to receive an error code ofM_UNKNOWN with a 400 Bad Request, the client should assume that therequest being made was invalid.

Where a retransmission has been identified, the homeserver should returnthe same HTTP response code and content as the original request.For example, PUT /_matrix/client/v3/rooms/roomId/send/eventType/txnIdwould return a 200 OK with the event_id of the original request inthe response body.

The scope of a transaction ID is for a single device,and a single HTTP endpoint. In other words: a single device could use the sametransaction ID for a request to PUT /_matrix/client/v3/rooms/roomId/send/eventType/txnIdand PUT /_matrix/client/v3/sendToDevice/eventType/txnId,and the two requests would be considered distinct because the two areconsidered separate endpoints. Similarly, if a client logs out and back inbetween two requests using the same transaction ID, the requests are distinctbecause the act of logging in and out creates a new device (unless an existingdevice_id is passed to POST /_matrix/client/v3/login). On the other hand, if aclient re-uses a transaction ID for the same endpoint afterrefreshing an access token, it will be assumed tobe a duplicate request and ignored. See alsoRelationship between access tokens and devices.

It is realistic to expect that some clients will be written to be runwithin a web browser or similar environment. In these cases, thehomeserver should respond to pre-flight requests and supply Cross-OriginResource Sharing (CORS) headers on all requests.

Servers MUST expect that clients will approach them with OPTIONSrequests, allowing clients to discover the CORS headers. All endpointsin this specification support the OPTIONS method, however the serverMUST NOT perform any logic defined for the endpoints when approachedwith an OPTIONS request.

PROMPTRetrieve the specific piece of information from the user in a way whichfits within the existing client user experience, if the client isinclined to do so. Failure can take place instead if no good userexperience for this is possible at this point.

IGNOREStop the current auto-discovery mechanism. If no more auto-discoverymechanisms are available, then the client may use other methods ofdetermining the required parameters, such as prompting the user, orusing default values.

FAIL_ERRORInform the user that auto-discovery did not return any usable URLs. Donot continue further with the current login process. At this point,valid data was obtained, but no server is available to serve the client.No further guess should be attempted and the user should make aconscientious decision what to do next.

Clients are encouraged to use the Authorization header where possibleto prevent the access token being leaked in access/HTTP logs. The querystring should only be used in cases where the Authorization header isinaccessible for the client.

By default, the Login and Registrationprocesses auto-generate a new device_id. A client is also free togenerate its own device_id or, provided the user remains the same,reuse a device: in either case the client should pass the device_id inthe request body. If the client sets the device_id, the server willinvalidate any access and refresh tokens previously assigned to that device.

Access tokens can expire after a certain amount of time. Any HTTP calls thatuse an expired access token will return with an error code M_UNKNOWN_TOKEN,preferably with soft_logout: true. When a client receives this error and ithas a refresh token, it should attempt to refresh the access token by calling/refresh. Clients can also refresh theiraccess token at any time, even if it has not yet expired. If the token refreshsucceeds, the client should use the new token for future requests, and canre-try previously-failed requests with the new token. When an access token isrefreshed, a new refresh token may be returned; if a new refresh token isgiven, the old refresh token will be invalidated, and the new refresh tokenshould be used when the access token needs to be refreshed.

The old refresh token remains valid until the new access token or refresh tokenis used, at which point the old refresh token is revoked. This ensures that ifa client fails to receive or persist the new tokens, it will be able to repeatthe refresh operation.

If the token refresh fails and the error response included a soft_logout: true property, then the client can treat it as a soft logoutand attempt to obtain a new access token by re-logging in. If the errorresponse does not include a soft_logout: true property, the client shouldconsider the user as being logged out.

A client that receives such a response can try torefresh its access token, if it has a refreshtoken available. If it does not have a refresh token available, or refreshingfails with soft_logout: true, the client can acquire a new access token byspecifying the device ID it is already using to the login API.

Some API endpoints require authentication that interacts with the user.The homeserver may provide many different ways of authenticating, suchas user/password auth, login via a single-sign-on server (SSO), etc.This specification does not define how homeservers should authorisetheir users but instead defines the standard interface whichimplementations should follow so that ANY client can log in to ANYhomeserver.

In the REST API described in this specification, authentication works bythe client and server exchanging JSON dictionaries. The server indicateswhat authentication data it requires via the body of an HTTP 401response, and the client submits that authentication data via the authrequest parameter.

params: This section contains any information that the client willneed to know in order to use a given type of authentication. For eachauthentication type presented, that type may be present as a key in thisdictionary. For example, the public part of an OAuth client ID could begiven here.

The client then chooses a flow and attempts to complete the first stage.It does this by resubmitting the same request with the addition of anauth key in the object that it submits. This dictionary contains atype key whose value is the name of the authentication type that theclient is attempting to complete. It must also contain a session keywith the value of the session key given by the homeserver, if one wasgiven. It also contains other keys dependent on the auth type beingattempted. For example, if the client is attempting to complete authtype example.type.foo, it might submit something like this:

If the homeserver deems the authentication attempt to be successful butstill requires more stages to be completed, it returns HTTP status 401along with the same object as when no authentication was attempted, withthe addition of the completed key which is an array of auth types theclient has completed successfully:

If the homeserver decides that an attempt on a stage was unsuccessful,but the client may make a second attempt, it returns the same HTTPstatus 401 response as above, with the addition of the standarderrcode and error fields describing the error. For example:

If the client has completed all stages of a flow, the homeserverperforms the API call and returns the result as normal. Completed stagescannot be retried by clients, therefore servers must return either a 401response with the completed stages, or the result of the API call if allstages were completed when a client retries a stage.

The purpose of dummy authentication is to allow servers to not require any form ofUser-Interactive Authentication to perform a request. It can also beused to differentiate flows where otherwise one flow would be a subsetof another flow. e.g. if a server offers flows m.login.recaptcha andm.login.recaptcha, m.login.email.identity and the client completes therecaptcha stage first, the auth would succeed with the former flow, evenif the client was intending to then complete the email auth stage. Aserver can instead send flows m.login.recaptcha, m.login.dummy andm.login.recaptcha, m.login.email.identity to fix the ambiguity.

Clients cannot be expected to be able to know how to process everysingle login type. If a client does not know how to handle a given logintype, it can direct the user to a web browser with the URL of a fallbackpage which will allow the user to complete that login step out-of-bandin their web browser. The URL it should open is:

This allows the client to either arrange for the global functiononAuthDone to be defined in an embedded browser, or to use the HTML5cross-documentmessaging API, toreceive a notification that the authentication stage has been completed.

If the homeserver advertises m.login.sso as a viable flow, and theclient supports it, the client should redirect the user to the/redirect endpoint for client login via SSO. After authenticationis complete, the client will need to submit a /login request matchingm.login.token.

35fe9a5643